For example, we are advised time and time again not to use peer-to-peer technologies like BitTorrent, and yet we continue to do so. Even when we’re not using this file-sharing protocol illegally (i.e., downloading the latest movies), there’s still cause for alarm. If you’re not worried about the consequences of peer-to-peer file-sharing, you should be. And here’s why.

Do you use Skype? This may seem like it has nothing to do with P2P, but stick with me.

Skype is a powerful tool that businesses can and should use to communicate both internally and externally. But it does require that users divulge a modicum of information. When a user signs up for Skype, they must provide an e-mail address and create a Skype ID. They can also provide personal information, such as birth name, location, gender, age, and website. This information is recorded in the Skype directory.  Naturally, you shouldn’t be giving any of this sort of information out, but you still have to create that Skype ID. It turns out that this simple piece of information can be observed by anyone, and that poses a terrifying possibility: who is watching you?

A research team with members from Germany, France, and the United States created a scheme that was able to find a targeted person’s Skype ID and inconspicuously call that person to find their IP address. This scheme was used periodically to observe the mobility of that Skype user, tracking where they operated from.

Furthermore, they found that Skype does not attempt to hinder this sort of scheme with any sort of countermeasures. In fact, even though the researchers informed Skype of major privacy vulnerabilities back in May (the same month that the company was acquired by Microsoft), these vulnerabilities have not been addressed.

The researchers then used their scheme to link Skype and BitTorrent to show how it is possible to determine the file-sharing usage of identified users.  Here’s a sample of what they found:

This is only with a handful of users, but the researchers drew from a set of 100,000. Plus, the researchers limited their scheme to link only Skype and BitTorrent. There are any number of other communication services and P2P networks that bad guys can target to get to your personal information.

This isn’t an indictment of Skype. You should just know that even with modest financial resources, it can be pretty easy to gain access to your personal information. Simply put, the researchers hypothesize that any Internet user can find out who you are, where you are, and what you are downloading and uploading on peer-to-peer networks, all simply by finding your Skype ID. Now that’s scary!
You can read the whole study at http://cis.poly.edu/~ross/papers/skypeIMC2011.pdf.

BitTorrent, and other P2P networks like Vuze and The Pirate Bay, suck up bandwidth, waste employee time, provide viruses with an easy entry point into your network, and often straddle the line of legality. Granted, P2P makes it easy to share information with others, but the risks involved clearly outweigh the rewards. Luckily, there is an alternative: Microsoft SharePoint. Stay tuned for more on SharePoint later this year…

So how do you control P2P on your network? You can monitor your network’s bandwidth usage to spot applications like these, and even block them at the firewall. You should also create and circulate a company Internet policy, if you haven’t already. Responza has a pretty simple policy when it comes to BitTorrent: don’t!

For a sample policy or to learn more about how you can keep your personal information secure, call (206) 762-5100 or send an e-mail to solutions@responza.com.

But before we dive into actual malware on Macs, let’s cover some basic security measures first. The default settings on a Mac are not at all optimal for security. You should definitely change these.

Open “System Preferences”

Select the “Accounts” icon under “System”; in Lion, this will be “Users & Groups”

Click on “Login Options,” located in the white space on the left side of the window.

Change “Automatic login:” to Off, change “Display login window as:” to Name and password, and uncheck the box for “Show password hints.” Don’t forget to click the lock icon at the bottom left of the window.

Now go back to “System Preferences” and select the “Security” icon under “Personal”; this will be “Security & Privacy” on Lion

Under the “General” tab of the “Security” window

Turn the “Require password” on and select immediately from the drop-down. Under “For all accounts on this computer:” check the box for “Disable automatic login.” (Mine is grayed out because I have FileVault enabled, which disables any user from automatically logging in, but more on FileVault in a moment.) If this is a shared Mac and you would like to prevent other users (who are not admins) from undoing any of this, check the box for “Require an administrator password to unlock each System Preferences pane.”

Now before you go and turn your FileVault (or FileVault 2 on Lion) on, know this. It can cause a Mac to become unresponsive, it can prevent users from logging into their accounts, and it can even permanently damage or destroy user data. So before you switch this setting on, know that if mobile workers use this machine or if the data on the machine is so sensitive that it needs to be protected at any or all costs, then you probably shouldn’t mess around with this setting.

The Firewall tab is a bit more easily understood. Just like a physical firewall, the Mac’s internal firewall helps prevent undesired traffic from entering or existing the system. If enabled, it can cause some issues, such as file-sharing or iChat errors or not being able to find other machines on the network, so if the machine is already within your workplace network then I would advise against turning this setting on. However, if you are a mobile user who must frequently use remote networks, then this firewall software is great at reducing your level of risk. Still, it is worth looking into getting good anti-virus on your machine to be doubly sure, but let’s return to the basic settings and we’ll get back to Mac A-V momentarily.

Go back to “System Preferences” and select the “Desktop & Screen Saver” icon under “Personal”

The particular screen saver you select is not important, but you do need to set the slider beneath “Start screen saver:” to an appropriate amount of time. I set mine at around 20 minutes so that I don’t get interrupted when I’m doing e-learning, but so that my machine still gets locked down in a reasonably short amount of time.

Now let’s get into the title subject of this post: malware on Macs.

It’s not for me to say whether Macs are truly prone to malware. That’s a tough case to make with Apple purists—you can take it up with our security experts at (206) 762-5100—but everyone should be able to accept that a Mac can act as a carrier of malware. So how can you stop your machine from passing on viruses?

Macs come with XProtect, a piece of rudimentary anti-virus software, built in. XProtect is limited; it can’t do more than stop the most basic of intruders. Luckily, Sophos has developed a free anti-virus for Mac home users. However, the home edition can’t handle the onslaught that businesses face every day. Responza partners with Sophos to provide best-in-breed security to our business customers, and we feel that it is an important safeguard for our customers to consider.

But back to the recent trend of Mac-directed malware. A series of trojans have been making the rounds since earlier this fall.

Flashback.A, the first in the series, was discovered in late September. The aim of its creators is to connect the infected machine to a remote server and transmit stolen data, such as the infected machine’s unique MAC address. Flashback.B, discovered earlier this month, keeps the trojan from installing on virtualized Mac OS X environments. Flashback.C, the latest version in the series, looks like an update to Adobe Flash and requires users to enter their admin password to install. Once installed, the trojan disables the automatic updater component of XProtect. Ultimately, this creates a path for the trojan’s creators to maximize their financial gain.

Now that you know what you’re up against, you’ll need to start prepping your defense.

Want to learn more about Sophos or give it a test run? Let us know at solutions@responza.com

Unfortunately, as the technology has evolved, so have the threats that face it.  Every day, security problems grow with more sophisticated external and internal threats that have more channels into your network.  Traditional firewalls are no longer capable of keeping up, so how can you stay strong?

Ever heard of a Next Generation Firewall?

You’re thinking, “I already have a firewall, why should I buy a new one?”  But ask yourself a few questions: What applications are running on your network?  What exactly is consuming your bandwith?  Where is your network traffic coming from?  What Web 2.0 apps are being accessed and what ports are they coming through?

Chances are, you don’t know.  And that’s perfectly reasonable, because a typical network solution can’t provide these answers.  You’ll also be surprised by how much bandwith you’re unwittingly dedicating to Facebook and Netflix.

Approximately 25% of all office Internet traffic is non-business related.  Chances are your company network is exposed to malware such as Trojans that can deliver botnet agents or worse.  And, not to make the situation seem worse, many of these attacks succeed without user knowledge or involvement.

“But what about the anti-virus software on my computer?” you might be wondering.  An excellent, excellent question.  It’s certainly no unnecessary.  If a virus has a chance to attack before your computer’s anti-virus can take effect, your whole system is compromised.

Firewalls on the other hand are less susceptible to viruses.  Running anti-virus from your firewall provices a layered security approach whereby traffic is scanned at the edge of the network rather than at various points on the inside.  Having this gateway anti-malware layer will significantly  reduce your operational risk.

And unlike mupltiple point solutions, such as stateful firewalls, intrusion prevention, URL filtering, and remote access appliances – all of which require seperate support contracts and distinct subscriptions – Next Generation Firewalls featured Unified Threat Management.  That way, you get comprehensive security, intrusion prevention, and content filtering from a single device.

These new firewalls provide an unprecedented level of security.  Next Generation Firewalls identify, categorize, and control network traffic using Deep Packet Inspection, which goes through every byte in every packet as it enters and exits your network to identify the applications that are in use and who is using them.  This includes Web traffic, e-mail, compressed file transfers, IM, P2P… everything that has anything to do with your network gets the full enterprise-class protection it deserves.

This may sound like it would drastically reduce your network speed, but the Next Generation Firewall actually has near-zero latency.  Not only will your network be better protected, it will be faster as well.

Next Generation Firewalls are equipped with something called Application Intelligence and Control which gives you the visibility you need to prevent threats.  Instead of a flurry of numbers running across your screen, you get a clean picture of what applications are being used in real-time.  Now you can enforce your policies, guaranteeing bandwith prioritization and ensuring maximum network security and productivity.

Next Generation Firewalls also access a continuously expanding cloud-based threat signature database, which means that even if your device hasn’t ever encountered a particular instance of malware, it is smart enough to detect and reject it.

That’s why Responza is partnering with SonicWALL to provide you with a totally managed Next Generation Firewall, complete with Unified Threat Management, Deep Packet Inspection, and Application Intelligence and Control.

Questions?  Want to protect yourself better?  Give me a call at (206) 762-5100 or shoot an e-mail to solutions@responza.com.

To learn more Responza’s stance on network security, visit www.responza.com/firewall.html.

Someone claiming to represent Microsoft or one of its brands contacts the victim and tells them that their computer has a problem, an infection, or a virus that Microsoft’s scanners were able to detect. The scammer then directs the victim to a website that allows the scammer to remotely control the computer. Finally, the scammer shows the victim these “problems,” and convinces the victim to pay for “services” rendered.

People: please don’t get fooled by these types of calls. Scammers are simply tricking people into believing that a problem exists when it really doesn’t. Sure, there might be something wrong with your computer, but wouldn’t you rather have someone you trust check it out?

And the sad thing is that even if something is actually wrong with your computer, Microsoft would never contact you first. You – or your trusted IT managed services provider – would need to create a support ticket with Microsoft. I’ll say this again: they will never contact you first.

So while it seems like you’re always shelling out for the latest from Microsoft, this is one case where even they say it’s safer to just hang up.

Here are three brief examples of data breaches at small businesses:
1) The owner of Chicago Newsstand, Inc. had no idea that cyber-thieves had planted a program on his internet-connected cash registers that sent customer credit card numbers on an outside server. And the owners of the server weren’t aware of any wrongdoing either. When MasterCard notified the Chicago Newsstand, Inc. of suspected fraudulent charges, his long ordeal of investigations and costly changes began.
2) Green Ford Sales, Inc. fell victim to hackers who stole the business’s online banking log-in details and used them to transfer funds to nine new “employees” on the dealership’s payroll.
3) Closer to home, Burger Me of Bellingham, WA was put out of business when its computerized cash register was hacked and criminals made off with untold numbers of fraudulent charges on customer credit cards.

Unfortunately, even those who think they are taking all the precautions are not safe. Small- and medium- size companies simply underestimate how vulnerable they are. In fact, a recent survey indicated that 64% of small- to medium- size retailers in the U.S. believe their businesses aren’t at risk – even though only 49% of those surveyed had actually done any security assessment.

But not your company right? A joint forensic analysis done by the U.S. Secret Service and Verizon Communications indicates otherwise. Last year they responded to a combined 761 data breaches, up from 2009’s total of 141. Of 761, 63% were at companies with 100 employees or fewer. Visa estimates that about 95% of the credit card data breaches it discovers are with owners of small business. Yikes!

Don’t be naive, but don’t lose hope either. Here is a four point checklist that can help you as a small business reduce your chances of becoming yet another data breach victim:
1) Regularly assess your systems and security strategies
2) Keep all elements of your system up to date
3) Make sure that you have knowledgeable resources – internal or external – to investigate suspicious circumstances
4) Never think that it can’t happen to you.

The resource for this blog post was the July 21, 2011 article by Geoffrey A. Fowler and Ben Worthen in the Wall Street Journal entitled, “Hackers Shift Attacks to Smaller Firms.” Please refer to the full article for more details.

Responza is a knowledgeable resource for assessing system needs, developing and implementing security strategies and managing the health of IT systems for small businesses. Contact Craig at 206-762-5100×216 or craigb@responza.com. Learn more about Responza at www.responza.com.

Responza believes that cloud architectures are of value and make financial sense for some organizations. The ROI on the technology infrastructure investment can be better in certain circumstances. However, recent events have proven that total reliance on the cloud is premature and rushing in without in-depth research and precautionary measures can be risky.

This past week (coincidentally ending in Friday the 13th) has produced some interesting news as far as the cloud goes. The cloud – touted as the solution to everyone’s problems – is obviously NOT ready for prime time.

We’ve gleaned information from several sites and summarized thoughts about what these events mean for potential cloud strategies that may be brewing out there. Original sources are provided for reference.

The culmination of Microsoft’s Business Productivity Online Services outage, Google’s Blogger failure and Amazon’s hacking incident in the span of mere days, should issue an ominous warning about the reality of the security and availability of the cloud.

Experiences of unexpected downtime and lost emails – while frustrating enough – may not have been as frustrating as the lack of communication, explanation and response from such service providers as Microsoft, Google and Amazon who absolutely hold the technology cards for their customers.

Step back and consider what this means.

If you are in the cloud, you are not in control. Someone else’s outage or system compromise can mean that your systems are brought down and your ability to do business is brought to a screeching halt.

The cloud pitch SOUNDS really good:
- You only have to pay for what you use.
- Infrastructure worries and costs disappear.
- If your computer crashes, all your important stuff is “safe” in the cloud. Just reach out a grab it.

But then you see the disclaimers:
We won’t be responsible for outages.
We won’t be responsible for the security of your information.

And that’s when you realize that your data and applications may not be as secure and as available in the cloud as we are led to believe.

Consider these statements:

- The cloud’s reliability has taken a hit and we should pay attention. If all CAN be lost, even when it’s out in the cloud, nothing has really been saved by moving there instead of maintaining IT on-premises.

- Suffering through outages – helpless and clinging to someone else’s ability and availability to fix the issues – will not help you reach your sales or operations goals.

- Paying a monthly rate – instead oif investing in infrastructure that you own and control – only to see that “investment” vaporize with an outage just doesn’t seem reasonable.

- There is no way to protect you from the risk of a hacker compromising a major system in the cloud. And that compromise could take your business down – and put your data at risk – amidst the intrusion.

- Touting the cloud as a safety net for a computer crash doesn’t ring so true when the reality sets in that cloud sites can crash and lose everything for you (and lots of other businesses).

The recent events SHOULD cool some of the hype about the cloud and slow down the rush to get there. It won’t stop businesses from moving to the cloud (if it makes good business sense for them) and it probably won’t cause everyone to keep their email on premise. But it may just cool everyone’s sense of urgency for the cloud – and that may not be such a bad thing.

IF the cloud makes good business sense, the following four suggestions should make sense, as well:

1. Research every detail of your service provider’s specs, policies and contract terms. Include checking with others who are or have used the same service for their experience and advice.

2. Mirror your business critical data and applications, regardless of what your service provider guarantees, in other words, put a copy of everything you put in the cloud in a secure back up system that ISN’T in the cloud.

3. Maintain strict security and data protection policies regardless of what even the most “trusted” service providers tout.

4. Don’t go it alone. Get the assistance and advice of IT experts who are unbiased and experienced in cloud matters.

Responza’s IT Pros are always ready to answer questions and provide assistance as businesses consider the risk/reward scenarios that the cloud presents for their individual situations. With knowledge, expertise and hands-on experience, Responza’s IT Pros can provide honest, objective IT assessments for business-focused solutions – including cloud strategies.

Sources:
ChannelInsider Blog for Friday May 13th

Seattle’s TechFlash for Friday, May 13th

ZDNet for Friday, May 13th

Technology systems and infrastcutures are vital to businesses and organizations of all types and sizes. Changes should not be made that impact the integrity, security or safety of systems without research into benefits, risks, precautions and safeguards – and should not be considered without the guidance of those who are experts in the field and on the topic.

Please review the post by Ed Bott replayed for you below.

Google’s Blogger outage makes the case against a cloud-only strategy

By Ed Bott | May 13, 2011, 6:14am PDT

Original Post on ZDNet

Summary
The same week that Google made its strongest pitch ever for putting your entire business online, one of its flagship services has failed spectacularly. There’s a lesson here.

Earlier this week, Google rolled out a maintenance release for its Blogger service. Something went terribly wrong, and its Blogger customers have been locked out of their accounts for more than a day. Google’s engineers have been frantically working to restore service ever since, although they haven’t shared any details about the problem.

A Blogger Service Disruption update contains four updates from the last 24 hours, starting with this one:
We have rolled back the maintenance release from last night and as a result, posts and comments from all users made after 7:37 am PDT on May 11, 2011 have been removed. Again, we apologize that this happened and our engineers are working hard to return Blogger to normal and restore your posts and comments.

That’s nearly 48 hours of downtime, and counting. Overnight updates promise “We’re making progress” and “We expect everything to be back to normal soon.”

My question is, “What if this had happened to another Google service?” Say, Google Docs? What if every document you wrote and saved on Wednesday was suddenly taken offline on Thursday, and you no longer had your presentation or your notes or your research for a client meeting today? How does this promise from Google sound now?

Your apps, documents, and settings are stored safely in the cloud. So even if you lose your computer, you can just log in to another Chromebook and get right back to work.

Google has owned and operated Blogger since 2003. It’s not like they’re still trying to figure out how to integrate the service into their operation. If it can happen at Blogger, why can’t it happen with another Google service?

Yes, Blogger is a free, ad-supported service. Just like Google Docs and Gmail. In fact, Gmail and YouTube have their official blogs on Blogspot.com (the domain used by the Blogger service). If either one of those teams announced any news in the last 48 hours, you’ll have to wait to read about it.

This, to me, is the strongest possible argument against putting everything you own in the cloud. If your data matters, you need a hybrid strategy, with local storage and local content creation and editing tools. If your local storage fails, you can grab what you need from the cloud. If your cloud service fails, you’ve still got it locally. But if you rely just on the cloud, you’re vulnerable to exactly this sort of failure.

Update: As my colleague Zack Whittaker just reminded me, earlier this week Google Docs did indeed have some issues. Two ZDNet bloggers reported problems saving documents to their Google Docs account. The saved documents didn’t appear online for several hours. PC World’s Tony Bradley reported similar issues in the same timeframe:

I was using Chrome, and I thought maybe it was a browser specific issue or some problem with cookies, so I tried looking in Internet Explorer 9– same thing. Firefox 4–same result. I checked out my wife’s Google Docs on her computer, and it seemed to work just fine, so I thought it must just be the laptop I was using, so I checked from my iPad–same thing.

No amount of browser refreshes or system reboots seemed to make any difference. Finally, I decided to move on. There was a file I had started earlier that was not appearing on my list of files in Google Docs, but I assumed it was still there somewhere. So, I did a search for the file name and when I typed “blog_051111″ suddenly all of my files from today showed up. Weird.

The issue is still not resolved, though. Once I cleared the search field and refreshed the Google Docs page, the files disappeared once again. If anyone has any ideas (Google–are you reading this?) feel free to send them my way. Not only would I like to fix it, but I am very curious to get to the root cause of why the issue is occurring to begin with.

Google’s Apps Status dashboard includes no mention of any Google Docs problems this week (week of May 13).

Update, 13-May 11AM PDT: Google says Blogger service is now restored. The official explanation attributes the problem to “data corruption” during scheduled maintenance.

Ed Bott is an award-winning technology writer with more than two decades’ experience writing for mainstream media outlets and online publications.

Responza knows networks, infrastuctures, computers and their behaviors in real-life business situations. Responza’s IT Pros are also knowledgeable resources who can answer questions about new technologies and methodologies as well as the risk/reward scenarios that accompany them. www.responza.com/206-762-2100

These steps can prevent the majority of potential hacks.

1. Don’t open email or browse the web while logged in as an Administrator.
Administrator accounts are only suitable for (un)installing software and changing computer configurations. If an admin account is exposed to malware the computer is more likely to be compromised to the core. That’s just making it easy for hackers.

If a computer login account is an admin and those rights are needed, do the following things:
- Go to control panel and create a local administrator account for the primary computer user with a strong password (see #3).
- Change the regular login account to a limited user account.

2. Keep your PCs patched.
Patches are usually applied by the IT department when they don’t interfere with work – at night or on weekends. Find out when the PCs are patched and leave computers on. Log off and let the system apply the patches that have passed testing.

Monitors can be turned off to save power.

3. Don’t use a simple password.
When other people get infected with malware (such as the Conficker worm) their machines continuously attempt to breach passwords of the machines around them (as many as three million guesses per hour for an indefinite period of time). The machines do this by downloading dictionaries of all known words and numbers and trying them in various combinations and with common letter substitutions. For example, P@$$w0rd42 is actually not a strong password, even though it will stand up longer than Princess42.

Use a passphrase to create a strong password. “All work and no beer makes Homer go crazy!” becomes Aw&nbmHgc! The phrase is difficult to guess, easy to remember and can just be repeated as each character is typed. An easy reminder can be kept without compromising the account that says password=crazybeer.

4. Turn off two simple settings in Adobe Acrobat and/or Adobe Acrobat Reader.
Half of all machines are infected by exploiting Adobe vulnerabilities.
a. Launch Acrobat or Acrobat Reader.
b. Click Edit.
c. Click Preferences – We are going to make two changes.
d. Under Categories on the left side, click JavaScript, then clear the box that says “Enable Acrobat JavaScript in the right window.”
e. Under Categories on the left side, click Trust Manager. In the right window, clear the box under PDF File Attachments that says “Allow opening of non-PDF file attachments with external applications.”
f. Click OK to accept the changes.

5. Call Responza to assist in patching applications.
Periodically, machines may prompt an update of Java, Flash, Acrobat Reader, Firefox or some other application that are prevented from automatically launching by security settings. In such instances, check with the IT department before accepting updates. Sometimes, updates break applications or cause weirdness in PCs. Responza’s IT Pros can assist with patching processes.

Call your Responza IT Pro if you have any questions about security and policies for protecting your business data: 206-762-2100.

Epsilon alerted its customers that some of their electronic information could have been exposed after a computer hacker penetrated the online marketer’s data systems. The names and emails of customers of Citigroup and other large organizations that use Epsilon’s email services were exposed in a massive and growing data breach that has the potential to become the largest in U.S. history.

According to Epsilon, no personal financial information, such as credit cards or social security numbers, appeared to be exposed.

Walgreens, TiVo, Capital One Financial Corp and HSN are included in the list of targets along with some of the nation’s largest banks. We are aware of fraudulent digital certificates issued by Comodo – a certification authority present in the Trusted Root Certification Authorities Store on all supported versions of Microsoft Windows – that could affect many users.

Responza’s Recommendations:

It is our recommendation that you remain alert to email messages that ask questions or request information about financial account information of any type. As policy, financial institutions never request, provide or ask confirmation on full account numbers, user names, passwords or social security numbers.

Here is your to-do/to-don’t list:
1. Expect MORE spam.
2. Expect more spam that LOOKS LEGITIMATE.
3. DON’T open spam emails.
4. DELETE EMAILS from people you don’t know.
5. Don’t click on LINKS in spam emails.
6. Never enter ANY PERSONAL INFORMATION in an email or a website from an email.
7. Never CONFIRM personal information in spam emails.
8. If asked to confirm your Social Security Number in an email – DON’T – and forward that email to spam@uce.gov.
9. CALL your Responza IT Pro if you need help: 206-762-2100

Data Breaches are serious reminders to assess your security strategy and to implement policies that reduce the risk of data breaches within your own organization.

As always, call your Responza IT Pro if you have any questions about your security and policies for protecting your business.

Certificates for the following Web properties are affected:
. login.live.com
. mail.google.com
.www.google.com
. login.yahoo.com (3 certificates)
. login.skype.com
. addons.mozilla.org
. “Global Trustee”

Comodo has revoked these certificates, and they are listed in Comodo’s current Certificate Revocation List (CRL). In addition, browsers which have enabled the Online Certificate Status Protocol (OCSP) will interactively validate these certificates and block them from being used.

An update is available for all supported versions of Windows to help address this issue.
Typically, no action is required of customers to install this update, because the majority of customers have automatic updating enabled and this update will be downloaded and installed automatically. For more information about this update, or to manually install this update, see Microsoft Knowledge Base Article 2524375 (http://support.microsoft.com/kb/2524375).

The full advisory can be found on the Web at:http://www.microsoft.com/technet/security/advisory/2524375.mspx.