The Social Engineering Threat - Learn to Protect Yourself
Posted by Clint Thomson on 06/25/14 10:34 AM
What is Social Engineering
Social Engineering is a type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. Social engineering is more about winning your confidence so that you divulge the information they need or provide them with remote access to your system in order to complete the con.
Types of Social Engineering
Pretexting is the act of creating and using an invented scenario (the pretext) to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances. An elaborate lie, it most often involves some prior research or setup and the use of this information for impersonation (e.g., date of birth, Social Security number, last bill amount) to establish legitimacy in the mind of the target.
Pretexting can also be used to impersonate co-workers, police, bank, tax authorities, clergy, insurance investigators — or any other individual who could have perceived authority or right-to-know in the mind of the targeted victim. The pretexter must simply prepare answers to questions that might be asked by the victim. In some cases, all that is needed is a voice that sounds authoritative, an earnest tone, and an ability to think on one's feet to create a pretextual scenario.
Beware of unsolicited phone calls
Cybercriminals might call you on the phone and offer to help solve your computer problems or sell you a software license. Once they've gained your trust, cybercriminals might ask for your user name and password or ask you to go to a website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information is vulnerable.
Treat all unsolicited phone calls with skepticism. Do not provide any personal information.
For more information, see Avoid tech support phone scams.
Phishing is a technique of fraudulently obtaining private information. Typically, the phisher sends an e-mail that appears to come from a legitimate business—a bank, or credit card company—requesting "verification" of information and warning of some dire consequence if it is not provided. The e-mail usually contains a link to a fraudulent web page that seems legitimate—with company logos and content—and has a form requesting everything from a home address to an ATM card's PIN.
Phishing email messages, websites, and phone calls are designed to steal money. Cybercriminals can do this by installing malicious software on your computer or stealing personal information off of your computer.
Cybercriminals also use social engineering to convince you to install malicious software or hand over your personal information under false pretenses. They might email you, call you on the phone, or convince you to download something off of a website.
What does a phishing email message look like?
Report phishing scams
If you do accidentaly provide remote access to your system, click on a link or visit a website which is malicious, please call us immidiately for assistance. We will help you to re-secure your system and information and decide what additional steps you need to take.
As s rule of thumb:
If you doubt an email, caller or website. Call us to verify its legitimacy - (888) 423-5372
Read more »
Heartbleed Security Flaw Information
Posted by Clint Thomson on 04/16/14 4:43 PM
** Introduction **
By now you have heard about the Heartbleed security flaw affecting a majority of Internet servers and routers via a major news outlet or two. This post will help you to understand this security flaw and how it affects you. It will also outline the steps we are currently taking to address this security flaw and mitigate the possible risks. Sections are outlined below so that you can skip the background and jump straight to the systems affected list or steps you should take to mitigate the risk to your business.
** Background **
Secure Sockets Layer otherwise know is SSL is a method used to encrypt data transmission between two machines on the Internet to protect it from malicious interception.Every time you access your bank website, online shopping payment page or other sensitive data your Internet session is most likely secured using SSL.
You can tell that you are accessing an SSL secure site by the lock logo in each browser.
Secure site icon in Safari
Secure site icon in Firefox
Secure site icon in Internet Explorer
Secure site icon in Google Chrome
In addition to this use of SSL, it is also used in some VPN implementations and on some of the network hardware used to run the Internet by the two major vendors Cisco Systems and Juniper Networks. The affected version of SSL is OpenSSL which is an open-source implementation of the SSL protocol. OpenSSL is widely used on the Internet and the full impact of this flaw cannot yet be known.
** Heartbleed Flaw Details **
In 2011 a new feature called Heartbeat was added to the OpenSSL protocol. Heartbeat gave a remote client the ability to verify that an SSL server was responding to requests by having that server reply to the client with a specified response (a heartbeat). The client specified what the heartbeat response should be and it’s properties, including the length. Heartbeat support was enabled by default in new versions of OpenSSL at the end of 2011 and the vulnerable code has since been adopted to widespread use with the release of OpenSSL version 1.0.1 on March 14, 2012.
The flaw with the Heartbeat feature is that the server does not check to ensure that the response requested matches the properties provided the client and just assumes that the client is providing valid properties. The response is loaded into the server memory and then the server locates the response and returns it from memory to the client. A malicious client can specify a response length that is much greater than the response itself and the server will return the response and everything else in the server memory following the response up to the system limit of the request. Since passwords, user details and all manner of secret data is temporarily stored in server memory while the server is processing it for any reason, a malicious user would be able to retrieve virtually any information from the server over time.
On April 1st of this year, Google's security team reported the flaw in the Heartbeat feature and named this flaw Heartbleed, an allusion to the bleeding of information from the server via the Heartbeat feature. Since the flaw has been present since 2011 and widely distributed, it is possible that malicious users have had access to this flaw and availed themselves of it since 2011.
It is reasonable to assume that details stored on affected servers or systems have already been compromised and should be changed where possible.
** Common Web Services Affected **
This is not a complete list, just a list of the most common services.
If indicated in the Reset Password column, you should reset your password for this service at your earliest convenience.
** Celeratec Services Affected **
All of the affected Celeratec services have been patched.
The list below provides details on if a service was affected, when it was patched and if you should change your password.
** Steps You Should Take **
You should reset your password on any affected service once the service is patched. Check with the provider of your online service to determine if they have patched the vulnerability and if you should change your password. Remember to use a complex and unique password for each service and use a password manager such as LastPass to manage your online passwords. If your online service offers enhanced authentication such as the Paypal Security Key, you should take advantage of that enhanced protection.
For clients on CirruStor, we are systematically resetting your passwords. This process should be completed in the next week.
For clients on SugarCRM, your passwords have already been reset as of 04/07/2014
For clients on Linux Hosting, we will begin systematically resetting your password on Friday.
** Conclusion **
We take security of our systems and yours very seriously. In this instance we believe that the threat has been mitigated for our clients however we will continue to monitor the situation.
If this post has left you with any additional questions, please contact me directly for additional information or assistance.
Clint Thomson - (888) 423-5372 x911
Read more »