WANTED:
2 New Clients
We are looking for a couple of new clients. The ideal candidates:
- have 10 or more PCs
- who want lightning fast response to their IT problems
- who want IT support with a “Today, Not Tomorrow” attitude
- are tired of 2nd rate IT support
- who don’t like IT surprises
- are willing to pay a set monthly fee for IT service
- who want honesty, reliability and predictability out of their IT Vendor
- who are most likely (but, not required) in the Professional Services industry such as Medical, Law, Engineering, or Accounting fields
If you are ready to talk about making a switch of IT vendors, give us a call.
Computer Networks of Roanoke, Inc.
Hank Wagner
hank.wagner@computernetworksinc.com
757-333-3299 x200
Google Got It Wrong
In October, a tech blogger uncovered a pretty big flaw in the freshly revealed Google Home Mini speaker. It was secretly recording the conversations of its owners. And those owners happened to be reporters. Big mistake!
This incident, and countless others, underscores the importance of bringing your security and privacy teams in early. Any time you are considering a new product or solution that involves connected technology or personal information, you have got to make the effort to get your experts around the table.
The speed of innovation is a very real challenge for innovators. No one wants to add more time to the product roadmap. But, it's worth it. Consider the potentially HUGE ramifications for your business if you were to release a product with this kind of flaw.
Google's reputation may be able to survive a privacy fumble like this, but that doesn't mean your brand will.
KRACK
Short for “Key Reinstallation Attack” is the latest vulnerability that we all have to be concerned about.
Wi-Fi Protected Access 2 (WPA2) is the current industry standard for WiFi.
That’s right, the standard. In other words, it’s everywhere. WPA2 networks, in fact, are what most of our Wi-Fi-connected devices are using (and have been since 2004). Those networks have been considered uncrackable until now.
WPA2 uses cryptographic protocols to secure traffic on Wi-Fi networks. The best-known WPA2 control is strong encryption.
But, it turns out, they’re actually quite vulnerable to cryptographic attacks, which give criminals an open door to millions of connected devices – if they’re not patched.
The flaw in WPA2’s cryptographic protocols – nicknamed “KRACK,” short for Key Reinstallation Attack – can allow hackers to read and steal data on a Wi-Fi network. The bug even leaves room for an attacker to manipulate the data or inject new data into a Wi-Fi network. That means criminals can steal passwords, intercept financial information or even manipulate commands to send money to themselves.
This is very bad news for people sending sensitive information over a Wi-Fi connection – which is pretty much everyone.
For individuals, the fix is relatively straightforward. All they need to do is update their system by downloading the patch.
We are continually checking all of our client Access Points and updating them as the various Vendors release their patches to fix this bug.
Equifax Has Possible Second Data Breach
The IRS has temporarily suspended the $7.2 million, no-bid contract it awarded to Equifax to verify the identities of taxpayers when they create accounts on its website, the agency said today.
The short-term suspension means that taxpayers will not be able to establish new accounts through a program called Secure Access, which grants them access to online records and transcripts. Those taxpayers who already have accounts will not be affected, the agency said.
The decision comes after media reports earlier today that the Equifax website may have been compromised a second time. The embattled credit-reporting company disclosed in September that it had been hacked earlier this year and the data of as many as 145.5 million Americans had been breached.
The IRS plans to continue reviewing the security of Equifax's systems during the suspension. The agency had previously said its hands were tied and it had to keep the contract with Equifax.
"The IRS emphasized that there is still no indication of any compromise of the limited IRS data shared under the contract. The contract suspension is being taken as a precautionary step as the IRS continues its review," agency spokesman Matthew Leas said in a statement.
Lawmakers heavily criticized the agency's decision to award the $7.2 million contract to Equifax — which POLITICO first reported — after the data breach. In letters to IRS Commissioner John Koskinen, some members of Congress questioned whether Equifax could be trusted to handle taxpayer data and suggested the contract should be revoked.
Freeze Your Credit
The Equifax breach of approximately 145 million records was comprised of data on almost HALF of the people in the United States.
Equifax is a “repository”. They are 1 of 3 repositories of credit data, with Experian and Trans Union being the other two repositories.
If a car dealer or mortgage lender need to run your credit, they purchase your data from a Credit Bureau. The Credit Bureaus buy your credit information from one or more of the 3 repositories.
Now that you know how things work, here is some advice:
Probably the best way to protect yourself from all this is to put a Credit Freeze on your credit reports at the repository level.
Contact each of the nationwide credit reporting companies:
Equifax — 1-800-349-9960
Experian — 1‑888‑397‑3742
TransUnion — 1-888-909-8872
You'll need to supply your name, address, date of birth, Social Security number and other personal information. Fees vary based on where you live, but commonly range from $5 to $10.
After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique PIN (personal identification number) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.
A Credit Freeze will prevent the issuance of ANY new credit in your name for as long as the freeze is in effect. In most states that lasts until YOU lift the freeze. In others it is 7 years.
A credit reporting company must lift a freeze no later than three business days after getting your request. The cost to lift a freeze varies by state.
If you opt for a temporary lift because you are applying for credit or a job, and you can find out which credit reporting company the business will contact for your file, you can save some money by lifting the freeze only at that particular company.
Once that is done, if a crook comes along and tries to steal you identity and open a bunch of new credit accounts in your name, the merchants will get info back that you have a freeze on your credit and they will refuse to open any new credit.
That should send the crook looking for a new victim.
Most of your credit “protection” companies do the same thing, along with helping you if you are an Identity Theft victim, for an annual fee.
There is also a “Fraud Alert” which is different from a Credit Freeze.
A Credit Freeze locks down your credit. A Fraud Alert allows creditors to get a copy of your credit report as long as they take steps to verify your identity.
For example, if you provide a telephone number, the business must call you to verify whether you are the person making the credit request. Fraud Alerts may be effective at stopping someone from opening new credit accounts in your name, but they may not prevent the misuse of your existing accounts. You still need to monitor all bank, credit card and insurance statements for fraudulent transactions.
Putting a Credit Freeze on your account means you have to plan to purchase an item requiring new credit. But, it is probably the safest way to protect yourself, especially in light of the Equifax Breach.
Facebook Links May Cause You Troubles
It turns out that spammers can spoof URLs (website addresses) of shared links on a Facebook page to trick users into visiting pages they do not expect, redirecting them to phishing or fake news websites with malware or malicious content.
Discovered by 24-year-old security researcher Barak Tawily, a simple trick could allow anyone to spoof URLs by exploiting the way Facebook fetches link previews.
Tawily found that Facebook does not validate if the link mentioned in a preview meta tag is same as the actual web page URL, allowing spammers to spread malicious web pages on Facebook with spoofed URLs.
Tawily reported the issue to Facebook, but the social media giant refused to recognize it as a security flaw and stated that Facebook uses "Linkshim" to protect against such attacks.
Every time a link is clicked on Facebook, a system called "Linkshim" checks that URL against the company's own blacklist of malicious links to avoid phishing and malicious websites.
But, that does not work on a spoofed website address.
So, be mindful that not every Facebook preview and website link is what you think they are.
Ransomware
The U.S. government has issued a warning about a new ransomware attack that spread through Russia and Ukraine and into other countries around the world.
Cybersecurity experts said the ransomware - which posed as an Adobe update before locking down computers and demanding money for people to get their files back -- targeted Russian media companies and Ukrainian transportation systems. It has also been detected in other countries including the U.S., Germany and Japan.
The U.S. Computer Emergency Readiness Team said late Tuesday it "has received multiple reports of ransomware infections ... in many countries around the world."
Dubbed "Bad Rabbit," the virus is the latest example of cybercriminals using ransomware to try to extort money from victims across the globe. Two major international attacks earlier this year - - NotPetya and Wannacry -- caused widespread disruption affecting businesses, government institutions and hospitals.
