RSS Feed
Latest Updates
Jun
25
The Social Engineering Threat - Learn to Protect Yourself
Posted by Clint Thomson on 06/25/14 10:34 AM

Social Engineering Header

 

 

 

 

 

 

What is Social Engineering

Social Engineering is a type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. Social engineering is more about winning your confidence so that you divulge the information they need or provide them with remote access to your system in order to complete the con.

Types of Social Engineering

Pretexting

Pretexting is the act of creating and using an invented scenario (the pretext) to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances. An elaborate lie, it most often involves some prior research or setup and the use of this information for impersonation (e.g., date of birth, Social Security number, last bill amount) to establish legitimacy in the mind of the target.

Pretexting can also be used to impersonate co-workers, police, bank, tax authorities, clergy, insurance investigators — or any other individual who could have perceived authority or right-to-know in the mind of the targeted victim. The pretexter must simply prepare answers to questions that might be asked by the victim. In some cases, all that is needed is a voice that sounds authoritative, an earnest tone, and an ability to think on one's feet to create a pretextual scenario.

Examples of actual pretexting calls:

A caller claiming to be Apple Technical Support calls and says that they have detected a problem with your computer and are calling to fix the issue. The caller asks you to start a remote session so that the technician can correct the issue.

A caller claiming to be Microsoft Piracy Department calls and says that they have detected pirated software on your machine and unless you provide them remote access to remove the software, they will sue you and your company.

A caller claims to be from your IT department and is calling back to resolve your issue (hoping that you have an issue). They ask you to start remote access software to resolve the issue.

Beware of unsolicited phone calls

Cybercriminals might call you on the phone and offer to help solve your computer problems or sell you a software license. Once they've gained your trust, cybercriminals might ask for your user name and password or ask you to go to a website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information is vulnerable.

Treat all unsolicited phone calls with skepticism. Do not provide any personal information.

For more information, see Avoid tech support phone scams.

Phishing

Phishing is a technique of fraudulently obtaining private information. Typically, the phisher sends an e-mail that appears to come from a legitimate business—a bank, or credit card company—requesting "verification" of information and warning of some dire consequence if it is not provided. The e-mail usually contains a link to a fraudulent web page that seems legitimate—with company logos and content—and has a form requesting everything from a home address to an ATM card's PIN.

Phishing email messages, websites, and phone calls are designed to steal money. Cybercriminals can do this by installing malicious software on your computer or stealing personal information off of your computer.

Cybercriminals also use social engineering to convince you to install malicious software or hand over your personal information under false pretenses. They might email you, call you on the phone, or convince you to download something off of a website.

What does a phishing email message look like?

Here is an example of what a phishing scam in an email message might look like.

What is phishing

  • Spelling and bad grammar. Cybercriminals are not known for their grammar and spelling. Professional companies or organizations usually have a staff of copy editors that will not allow a mass email like this to go out to its users. If you notice mistakes in an email, it might be a scam. For more information, see Email and web scams: How to help protect yourself.

  • Beware of links in email. If you see a link in a suspicious email message, don't click on it. Rest your mouse (but don't click) on the link to see if the address matches the link that was typed in the message. In the example below the link reveals the real web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's web address.

    Phishing scams masked web address

    Links might also lead you to .exe files. These kinds of file are known to spread malicious software.

  • Threats. Have you ever received a threat that your account would be closed if you didn't respond to an email message? The email message shown above is an example of the same trick. Cybercriminals often use threats that your security has been compromised. For more information, see Watch out for fake alerts.

  • Spoofing popular websites or companies. Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows. For more information, see Avoid scams that use the Microsoft name fraudulently.

    Cybercriminals also use web addresses that resemble the names of well-known companies but are slightly altered. For more information, see Protect yourself from cybersquatting and fake web addresses.

Report phishing scams

If you do accidentaly provide remote access to your system, click on a link or visit a website which is malicious, please call us immidiately for assistance. We will help you to re-secure your system and information and decide what additional steps you need to take.

As s rule of thumb:

  • Treat unsolicited calls with skepticism.
  • Do not open unsolicited attachments ever.
  • Do not click on links in unsolicited emails.
  • Do not provide anyone with remote access to your machine.

If you doubt an email, caller or website. Call us to verify its legitimacy - (888) 423-5372


Read more »



Apr
16
Heartbleed Security Flaw Information
Posted by Clint Thomson on 04/16/14 4:43 PM

 Heartbleed Logo

** Introduction **

By now you have heard about the Heartbleed security flaw affecting a majority of Internet servers and routers via a major news outlet or two. This post will help you to understand this security flaw and how it affects you. It will also outline the steps we are currently taking to address this security flaw and mitigate the possible risks. Sections are outlined below so that you can skip the background and jump straight to the systems affected list or steps you should take to mitigate the risk to your business.

** Background **

Secure Sockets Layer otherwise know is SSL is a method used to encrypt data transmission between two machines on the Internet to protect it from malicious interception.Every time you access your bank website, online shopping payment page or other sensitive data your Internet session is most likely secured using SSL.

You can tell that you are accessing an SSL secure site by the lock logo in each browser.

Secure site icon in Safari

Safari SSL Lock

Secure site icon in Firefox

Firefox SSL

Secure site icon in Internet Explorer

IE SSL

Secure site icon in Google Chrome

Chrome SSL

In addition to this use of SSL, it is also used in some VPN implementations and on some of the network hardware used to run the Internet by the two major vendors Cisco Systems and Juniper Networks. The affected version of SSL is OpenSSL which is an open-source implementation of the SSL protocol. OpenSSL is widely used on the Internet and the full impact of this flaw cannot yet be known.

** Heartbleed Flaw Details **

In 2011 a new feature called Heartbeat was added to the OpenSSL protocol. Heartbeat gave a remote client the ability to verify that an SSL server was responding to requests by having that server reply to the client with a specified response (a heartbeat). The client specified what the heartbeat response should be and it’s properties, including the length. Heartbeat support was enabled by default in new versions of OpenSSL at the end of 2011 and the vulnerable code has since been adopted to widespread use with the release of OpenSSL version 1.0.1 on March 14, 2012.

The flaw with the Heartbeat feature is that the server does not check to ensure that the response requested matches the properties provided the client and just assumes that the client is providing valid properties. The response is loaded into the server memory and then the server locates the response and returns it from memory to the client. A malicious client can specify a response length that is much greater than the response itself and the server will return the response and everything else in the server memory following the response up to the system limit of the request. Since passwords, user details and all manner of secret data is temporarily stored in server memory while the server is processing it for any reason, a malicious user would be able to retrieve virtually any information from the server over time.

On April 1st of this year, Google's security team reported the flaw in the Heartbeat feature and named this flaw Heartbleed, an allusion to the bleeding of information from the server via the Heartbeat feature. Since the flaw has been present since 2011 and widely distributed, it is possible that malicious users have had access to this flaw and availed themselves of it since 2011.

It is reasonable to assume that details stored on affected servers or systems have already been compromised and should be changed where possible.

** Common Web Services Affected **

This is not a complete list, just a list of the most common services.

If indicated in the Reset Password column, you should reset your password for this service at your earliest convenience.

Social Networks

Service

Affected?

Patched?

Reset Password?

Facebook

Unclear

Yes

Yes

Instagram

Yes

Yes

Yes

LinkedIn

No

N/A

No

Pinterest

Yes

Yes

Yes

Tumblr

Yes

Yes

Yes

Twitter

No

Yes

Unclear

Large Consumer Companies

Service

Affected?

Patched?

Reset Password?

Apple

No

N/A

No

Amazon

No

N/A

No

Google

Yes

Yes

Yes

Microsoft

No

N/A

No

Yahoo

Yes

Yes

Yes

Email

Service

Affected?

Patched?

Reset Password?

AOL

No

N/A

No

Gmail

Yes

Yes

Yes

Hotmail / Outlook

No

N/A

No

Yahoo Mail

Yes

Yes

Yes

Stores and Commerce

Service

Affected?

Patched?

Reset Password?

Amazon

No

N/A

No

Amazon Web Services (for website operators)

Yes

Yes

Yes

eBay

No

N/A

No

Etsy

Yes

Yes

Yes

GoDaddy

Yes

Yes

Yes

Groupon

No

N/A

No

Nordstrom

No

N/A

No

PayPal

No

N/A

No

Target

No

N/A

No

Walmart

No

N/A

No

Videos, Photos, Games & Entertainment

Service

Affected?

Patched?

Reset Password?

Flickr

Yes

Yes

Yes

Hulu

No

N/A

No

Minecraft

Yes

Yes

Yes

Pandora

No

N/A

No

Netflix

Yes

Yes

Yes

SoundCloud

Yes

Yes

Yes

YouTube

Yes

Yes

Yes

Financial

Service

Affected?

Patched?

Reset Password?

American Express

No

N/A

No

Bank of America

No

N/A

No

Barclays

No

N/A

No

Capital One

No

N/A

No

Chase

No

N/A

No

Citigroup

No

N/A

No

E*Trade

No

N/A

No

Fidelity

No

N/A

No

PNC

No

N/A

No

Schwab

No

N/A

No

Scottrade

No

N/A

No

TD Ameritrade

No

N/A

No

TD Bank

No

N/A

No

T. Rowe Price

No

N/A

No

U.S. Bank

No

N/A

No

Vanguard

No

N/A

No

Venmo

Yes

Yes

Yes

Wells Fargo

No

N/A

No

Government and Taxes

Service

Affected?

Patched?

Reset Password?

1040.com

No

N/A

No

FileYour Taxes.com

No

N/A

No

H&R Block

No

N/A

No

Healthcare .gov

No

N/A

No

Intuit (TurboTax)

No

N/A

No

IRS

No

N/A

No

TaxACT

No

N/A

No

USAA

Yes

Yes

Yes

Other

Service

Affected?

Patched?

Reset Password?

Box

Yes

Yes

Yes

Dropbox

Yes

Yes

Yes

Evernote

No

N/A

No

GitHub

Yes

Yes

Yes

IFTTT

Yes

Yes

Yes

OKCupid

Yes

Yes

Yes

Spark Networks (JDate, Christian Mingle)

No

N/A

No

SpiderOak

Yes

Yes

No

Wikipedia (if you have an account)

Yes

Yes

Yes

Wordpress

Yes

Yes

Yes

Wunderlist

Yes

Yes

Yes

Password Managers

Service

Affected?

Patched?

Reset Password?

1Password

No

N/A

No

Dashlane

Yes

Yes

No

LastPass

Yes

Yes

No

** Celeratec Services Affected **

All of the affected Celeratec services have been patched.

The list below provides details on if a service was affected, when it was patched and if you should change your password.

Service

Address

Affected?

Patched?

Reset Password?

Hosted Exchange

Exchange.Celeratec.com

No

N/A

No

CirruStor

Cirrustor.com

Yes

4/7/2014

Yes

eProActive

eProActive.Celeratec.com

No

No

No

eProUser / LogMeIn

eProUser.Celeratec.com

Yes

No

No

Linux Web Hosting

Celeratec.net/cpanel

Yes

4/7/2014

Yes

Windows Web Hosting

ControlPanel.Celeratec.com

No

No

No

SugarCRM

CRM.[clientdomain].com

Yes

4/7/2014

Yes

Domain Name System

Register.Celeratec.com

No

No

No

Ticket System

Support.Celeratec.com

No

No

No

Intrusion Detection Services

IDS.Celeratec.com

Yes

4/7/2014

No

Meraki Network Management

Dashboard.Meraki.com

No

No

No

** Steps You Should Take **

You should reset your password on any affected service once the service is patched. Check with the provider of your online service to determine if they have patched the vulnerability and if you should change your password. Remember to use a complex and unique password for each service and use a password manager such as LastPass to manage your online passwords. If your online service offers enhanced authentication such as the Paypal Security Key, you should take advantage of that enhanced protection.

For clients on CirruStor, we are systematically resetting your passwords. This process should be completed in the next week.

For clients on SugarCRM, your passwords have already been reset as of 04/07/2014

For clients on Linux Hosting, we will begin systematically resetting your password on Friday.

** Conclusion **

We take security of our systems and yours very seriously. In this instance we believe that the threat has been mitigated for our clients however we will continue to monitor the situation.

If this post has left you with any additional questions, please contact me directly for additional information or assistance.

Clint Thomson - (888) 423-5372 x911


Read more »




Help Desk Software by Celeratec