How predictable is your password? Check here.

Microsoft Research and Carnagie Mellon Univ. teamed up to develop a web site that will test the complexity of your common passwords. If they are able to predict your password based on the first couple of characters you had best change it!

Check out Telepath.

 

Posted in Security | Tagged , , | Leave a comment

How to quickly spot phishing

Not sure if an email is from your bank or credit card?
Check the From email. If it’s from Gmail or Yahoo or Hotmail, etc., DELETE it.

Catching Phish

 

Posted in Internet, Security | Leave a comment

CyberWAR – coming to a network near you!

Hi Everyone!

If you haven’t followed the news in detail you may have missed what the mainstream media is largely ignoring, which is the dynamic and dramatic change underway on the internet.

As much as we can tell from the recent high level government leaks, the US and Israel have declared (in actions) war on Iran and other unfriendly states via the internet.

NOTE: In this post, news sources are hyperlinked (underlined) so you can see more detail if you like.  Just click on underlined words to get the detail.

Sample of pop up when pointing to an email link

Sample of pop up when pointing to an email link

The Stuxnet worm and Flame malware (type of viruses) have been released on Iran (and others?) to disrupt their nuclear ambitions, and apparently it was done quite successfully.

While on the surface, this sounds like warfare the way it should be fought (no boots on the ground), we have to realize that war (even Cyber War) is a two way street.  When you hit, sooner or later you get hit back.  China has been caught with their hand in the cookie jar of the US recently too.

What does all this “science fictionesque” drama mean to you?

I’m glad you asked!!

SharkEye Tech is dedicated to keeping your networks secure and will continue to make changes and/or recommendations for maintaining your network security.  In spite of all the precautions, determined, professional hackers get into large, critical networks from time to time (just ask Zappos, Sony, Visa USA, Microsoft and multitudes of AT&T, Gmail and Yahoo mail users and even the Defense Department).

While defensive technology is pretty solid, computers work with an element of trust that is assigned when you put in your ID and Password.  If you have administrative rights to your computer, you are MORE at risk because the trust given to your ID is given to other software running after you log in.

The message here is that, all the security in the world means little if the human element fails…which means that YOU and your end users play a huge part in network security! 

What to do/avoid:

  1. Throw away unsolicited (unrequested or unexpected) email unless form a known source.  Don’t read it and DO NOT open attachments or links in it.
  2. Focus your web browsing.  Don’t just click on links and meander around the internet following every links (“ooooh, it’s a shiny object” browsing).
  3. Make sure your antivirus and anti-spyware are running and updated.
  4. If you work from home, this applies to your home computer too.
  5. Separate work computer from kids computer.  If possible, don’t let kids use, or use unsupervised, your computer that accesses work.
  6. Keep your SmartPhones, Tablets and Laptops on a short leash.  Your devices have more information than you may know related to your network and can be a passkey to getting into your network and your data.
  7. Keep a low profile on the internet with work resources.  Don’t engage in internet debates and arguments regarding passion-inflaming issues with your work related email and minimize personal uses.
  8. Report any loss immediately. For example, a wallet with passwords on a note, a laptop, phone, etc., is a major risk that we need to be aware of so we can change security to invalidate compromised login info.

We don’t mean to be alarmist, but this is the reality of the internet.  A wealth of information and access, but an open area where everyone is welcome to play, … good or bad.

If you have any questions, feel free to respond to this post, or contact us if you have any concerns about your network.

Mike

Posted in Security | Tagged , , , , , | Leave a comment

Don’t update while traveling!!

From the FBI’s E-Scams and Warnings web page:

Recently, there have been instances of travelers’ laptops being infected with malicious software while using hotel Internet connections. In these instances, the traveler was attempting to set up the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop. The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available.

Bottom Line: Don’t update any programs while on the road. Do it when you get home.

Posted in Security | Tagged | Leave a comment

Not all WiFi connections are safe!

In this short news video Lifelock explains how easy it is to have your private information stolen just by logging into a seemingly safe wifi hotspot.

Lesson:  Unless you KNOW who provides the wi-fi AND you know it’s encrypted, don’t type in sensitive information (like bank passwords or email passwords).

Posted in Internet, Security | 1 Comment

What’s the difference between virus, malware, spyware, etc.?

The very helpful blogger Raymond.CC gives us these easy to understand explanations.

Virus

A computer virus spreads on its own by smuggling its code into application software. The name is in analogy to its biological archetype. Not only does a computer virus spread many times and make the host software unusable, but also runs malicious routines.

Trojan horse/Trojan

A Trojan horse is a type of malware disguised as useful software. The aim is that the user executes the Trojan, which gives it full control of your PC and the possibility to use it for its own purposes. Most of times, more malware will be installed in your system, such as backdoors or key loggers.

Worm

Worms are malicious software that aim at spreading as fast as possible once your PC has been infected. Unlike viruses, it is not other programs that are used to spread the worms, but storage devices such as USB sticks, communication media such as e-mail or vulnerabilities in your OS. Their propagation slows down performance of PCs and networks, or direct malicious routines will be implemented.

Key loggers

Key loggers log any keyboard input without you even noticing, which enables pirates to get their hands on passwords or other important data such as online banking details.

Bot

A backdoor is usually a piece of software implemented by the authors themselves that enables access to your PC or any kind of protected function of a computer program. Backdoors are often installed once Trojans have been executed, so whoever attacks your PC will gain direct access to your PC. The infected PC,
also called “bot”, will become part of a bot net.

Spyware

Spyware is software that spies on you, i.e. collects different user data from your PC without you even noticing.

Adware

Adware is derived from “advertisement”. Beside the actual function of the software, the user will see advertisements. Adware itself is not dangerous, but tons of displayed adverts are considered a nuisance and thus are detected by good anti-malware solutions.

Rootkit

A rootkit mostly consists of several parts that will grant unauthorized access to your PC. Plus, processes and program parts will be hidden. They can be installed, for instance, through an exploit or a Trojan.

Rogues / Scareware

Also know as “Rogue Anti-Spyware” or “Rogue Anti-Virus”, rogues pretend to be security software. Often, fake warnings are used to make you purchase the security software, which the pirates profit from.

Posted in Security | Tagged , , , | 1 Comment

20 Most Expensive Google AdWords

WordStream did some research to identify the most expensive AdWords used in Google searches. AdWords are the ads you see when you perform a search in Google. The ads are paid for on a per click basis (each time you click, Google gets paid).

1. Insurance (example keyword: “auto insurance price quotes”)
2. Loans (example keyword: “consolidate graduate student loans”)
3. Mortgage (example keyword: “refinanced second mortgages”)
4. Attorney (example keyword: “personal injury attorney”)
5. Credit (example keyword: “home equity line of credit”)
6. Lawyer
7. Donate
8. Degree
9. Hosting
10. Claim
11. Conference Call
12. Trading
13. Software
14. Recovery
15. Transfer
16. Gas/Electricity
17. Classes
18. Rehab
19. Treatment
20. Cord Blood

That last one is a little troubling.

Posted in Internet | Leave a comment

How to handle a bad online review

From our friends at SPI Data Tech, Inc.

How  (and when) to respond to a bad online review

Not every bad review posted online merits a response – don’t feed the trolls!* – but
in certain cases, it’s a good idea to publicly engage with unsatisfied clients
and customers, particularly if you’re at fault and/or if the person issuing the
complaint has a big audience. Here’s a quick primer on online damage
control:

1) Listen. Make sure you fully understand the person’s grievance. Could
there be a misunderstanding? If we had a nickel for every simple
misunderstanding . . . .

2) Apologize (if necessary). This can be very hard, but it shows strength,
grace and integrity. A public “we’re sorry” will actually burnish your
reputation.

3) Affirm. Restate your company’s pledge to provide excellent products and
services. If it makes sense, offer a gift or coupon.

4) Move on. Whatever happens, don’t get caught in a public back-and-forth
with an implacable grump! Some people will never be happy, and you risk looking
thin-skinned by engaging.

5) Reflect (privately). How can you preempt similar complaints? How did
the aggrieved party respond to your outreach?

With new social media channels opening up every day, online reputation management is
an evolving discipline that can seem overwhelming to time-strapped small- and
mid-size businesses (SMBs). Fortunately, most of the basic principles of offline
PR apply to the web – and those principles are informed by old-fashioned common
sense and business savvy. Let your good instincts guide you.

For more information and suggestions, click here: http://www.fathomseo.com/blog/index.php/googles-tips-for-online-reputation-monitoring-management/

*Definition:
“Trolls” are terminally unhappy people who troll the Internet in an effort to
spread their discontent. They also live under bridges. Steer clear!

Posted in Internet | Tagged , | Leave a comment

Smart Phone Security

Protect your cell phone!

Cell phones are now stuffed with private information and are darn easy to lose. If they fall into the hands of a young punk, well, it could get expensive.

However, there is good news. Cell phone makers are doing a better job of providing tools to secure the data on the phones. YOU have to make sure you use those tools! Here are some suggestions from SPI Data Tech, Inc.

1) Easy. Set up a password lock: For Android: Go to Menu > Settings > Location & Security
For Blackberry: Go to Options > Security Options > General Settings
For iPhone: Go to Settings > General > Passcode Lock

2) Essential.
Set up remote data-wipe capability – if you lose your phone,
these allow you to remotely erase data.

For iPhone: Go to Find My Phone
For Android, BlackBerry and Windows Phone: Go to Lookout Mobile Security

3) Best practice. We know, we know. Staying current with OS updates can
seem like a fulltime job. But it’s worth it. These updates often include
important security patches.

4) Smart. Read the fine print before installing third-party apps. What kind of information will these services collect or share? Do an overall “sniff test” before downloading anything, and make sure it comes from a reputable source (i.e., an official app marketplace).

5) Gold-star material. Install a malware detector and firewall (for
Android, Windows 7, or Blackberry).

For a look at some security apps, take a look at this article: http://www.inc.com/magazine/20110401/new-smartphone-security-apps.html

Posted in Security | Tagged | Leave a comment

20 Most Common Passwords

In 2009 a password break-in lead to the release of over 32 million
passwords. The Impreva Application Defense Center ran an analysis on the
passwords to identify the most commonly used. If YOU are using any of these
passwords feel free to assume that a hacker will eventually breach your
email/computer/phone/router/medical records/credit card/bank account and
whatever else has a password. Oh, and change your password!

  1. 123456
  2. 12345
  3. 123456789
  4. password
  5. iloveyou
  6. princess
  7. rockyou
  8. 1234567
  9. 12345678
  10. abc123
  11. Nicole
  12. Daniel
  13. babygirl
  14. monkey
  15. Jessica
  16. lovely
  17. Michael
  18. Ashley
  19. 654321
  20. qwerty
Posted in Security | Tagged | Leave a comment