Back to Top

Tech, Web, Cloud & Cabling Services

Category: BigBeagle.com

BigBeagle.com Category

Hacker Steals 272M Emails & Passwords

Security firm announces it has persuaded fraudster to give up database of email addresses along with passwords users use to log in to websites

hacking gmail

The internet on Wednesday gave you another reminder that everyone has been hacked.

Hold Security, a Wisconsin-based security firm famous for obtaining hoards of stolen data from the hacking underworld, announced that it had persuaded a fraudster to give them a database of 272m unique email addresses along with the passwords consumers use to log in to websites. The escapade was detailed in a Reuters article.

It might sound bad, but it is also easily mitigated.

The passwords and email addresses, which include some from Gmail, Yahoo and Russia’s mail.ru service, aren’t necessarily the keys to millions of email accounts. Rather, they had been taken from various smaller, less secure websites where people use their email addresses along with a password to log in.

People who use a different password for both their email account and, say, Target.com, won’t be affected. But those who tend to use the same password for multiple sites as well as their email should change their email password.

“Some people use one key for everything in their house,” Hold Security founder Alex Holden says. “Some people have a huge set of keys that they use for each door individually.”

Holden said there is no way for consumers to check if their emails were included in his firm’s latest find. In 2014, when his firm tried to set up such a service after obtaining a billion hacked login credentials, his site crashed.

The hacker appears to have been largely targeting Russian users. Some 57m of the email addresses were for the country’s largest email provider mail.ru, which claims 100 million monthly users. Around 40m of the addresses were Yahoo Mail, 33m Hotmail and 24m for Google’s Gmail service.

In this case, the hacker had been bragging on internet chat forums that he had a treasure trove of login credentials that he was trying to sell. Holden, who is fluent in Russian, said he wouldn’t pay for the data but would give him “likes” on various social media posts in exchange.

The hacker, who apparently is quite young, agreed. “We kind of call him the collector,” Holden says in a heavy Russian accent. “Eventually, almost everyone gets breached.”

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Low-Cost SSL Trusted Certificates

SSL Certificate

With Purchasing SSL Certificates through BigBeagle.com you receive the following great services!

  • Includes a FREE website Malware Scanner to monitor your site for malicious links inserted by hackers trying to spread worms, viruses and spyware to your visitors.
  • Pay up to 90% LESS and get your certificate FAST!
  • Encrypts data transferred to and from your site and protects against session hijacking attacks, including Firesheep.
  • Secure UNLIMITED servers. Compare that to other Certification Authorities that charge for licensing on each server.
  • Enjoy the backing of established industry standards. There is NO TECHNICAL DIFFERENCE between our certificates and any other major Certification Authority.
  • 99.9% browser recognition and up to 256 bit-encryption.
  • Get industry-best service and support! Help is always there when you need it.

About Our SSL’s:

  • One SSL Covers Unlimited Servers
  • Cost up to 90% Less
  • Among the First to Offer Green Browser Bar
  • Works with all Major Browsers
  • Backed by industry-best support

Need an SSL certificate that supports Intel vPro technology for remote PC management? Check out our Deluxe Certificate

Call (888) 505-1532 to get started now or Click Here

Professional Email Tips: 5 Rules

Tips and advice for making the best use of this medium.

email

E-mail is a great tool that has become both a blessing and a curse. Designed to enhance productivity in the workplace, it slowly had the reverse effect. Today, e-mail is ubiquitous, much easier to use, and often abused. It’s time to focus on how to turn e-mail back into an effective management tool for 21st century executives.

Don’t use it to do your thinking for you. Writing e-mails at work is not like doing calculus at school. At school you needed to show that your logic flow was part of the answer. With e-mail, assume no one is interested in how you came to your conclusion. They are only interested in what impacts them and their work and anything on which they need to take action.

Make your request clear. When publishers lay out a newspaper, they place the most important news “above the fold.” You should think the same way about your e-mails, especially when you are making requests. If you ask for something, always put that request, including names and dates related to it, in the first two or three sentences of your e-mail. Do not assume that the reader will read far enough to see the request buried in all of the detail.

Limit emotion of all types. Humor can cut through a lot of noise when you communicate, and it can help a team rally around a common thought or issue, but it rarely belongs in e-mail. This is especially true of sarcasm, which is very easy to misinterpret. The reader almost never understands what you are trying to communicate.

Use the save button before the send button. When we were young and got angry, people told us to count to 10 before saying anything. When you need to be cool and show that you have a levelheaded approach to problems, the last thing you want to do is send an e-mail. If you are writing an e-mail about an emotional or difficult topic, such as a performance review or a follow up to a contentious meeting, save the e-mail. Then, come back to it in 30 minutes or even the next day and decide whether you want to send at all.

Use the phone. These days, an e-mail lasts forever and there is no such thing as privacy in the workplace. In many cases, the laws and regulations governing publicly held companies require strict adherence to document retention rules. If you don’t want someone else to read what you wrote, don’t send it via e-mail. Also, if the subject matter you want to discuss is important and sensitive or personal, a phone call or face-to-face discussion is always the better option.

The bottom line. E-mail is a great tool for communicating, although we are never as effective as we think we are going to be. Remember to stop and think before hitting “send.”

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

BigBeagle.com: Save 15% Today

This is your chance to stock up on everything you need.  Save 15% on new web products. Offer expires November 30, 2014 at midnight (Mountain Time).

 

save 15

 

Please Visit BigBeagle.com.

End of Support: Server 2003

end windows server 2003

 

A large number of businesses still run Microsoft MSFT -1.71% Windows Server 2003 and it’s unlikely they all will upgrade before Microsoft Corp. ends support on July 14, 2015, say analysts. Companies that don’t upgrade increase their cyber security risks because the company will no longer issue security updates and these systems will be more vulnerable to hackers.

Businesses worldwide run an estimated 23.8 million physical and virtual instances of Windows Server 2003, according to data released by Microsoft in July 2014. Analysts say the technology is more prevalent in industries such as health care, utilities and government. Yet it’s also still used in about 7% of retail point of sale systems, according to a report Thursday by Trend Micro Inc.4704.TO -1.11%

“Microsoft does not plan to extend support for Windows Server 2003 and encourages customers who currently run Windows Server 2003 and have not yet begun migration planning to do so immediately,” said Vivecka Budden, a Microsoft spokesperson, in an email.

South Jersey Techies offers various migration options to include Windows Server 2012 R2, Microsoft Azure, hosting partners and Office 365.

“It is going to be difficult to get this done in time,” said David Mayer, practice director of Microsoft Solutions at Insight Enterprises Inc.NSIT -1.12%, a provider of IT hardware, software and services.

Many of these same industries were impacted by the end of service for the Windows XP operating system on April 8.  Microsoft broadcasts these sorts of moves years in advance, so it shouldn’t come as a surprise to anyone. But, the product was stable and for many companies there simply wasn’t incentive to update.

“In general, everyone has been slow to migrate, especially those with servers that are running applications,” said Rob Helm, vice president of research at Directions on Microsoft consulting firm.

The problem in industries such as health care and utilities is that companies run legacy apps written by vendors who still require Windows Server 2003. For example, there are smaller vendors in health care that have not kept up with development and application modernization, said a health-care CIO who asked not to be identified. A hospital may have an inventory of 100 to 500 different applications and many applications will still require Windows Server 2003, he added.

Electric utilities, for example, widely use Windows Server 2003. There hasn’t been much movement to upgrade those systems, said Patrick C. Miller, founder of the nonprofit Energy Sector Security Consortium and a managing partner at The Anfield Group, a security consulting firm. Instead, utilities are working to better secure and isolate those systems.

“I’m concerned about directory services such as application authentication and user permissions,” said Mr. Miller. “If you compromise an Active Directory server, you get access to everything.”

For now, analysts are recommending that companies work out their risk of exposure and make plans to first migrate those applications that will be most difficult. Companies should make plans to harden servers that can’t be updated. That might entail putting those systems on an isolated network, where they’d be less prone to outside attack, said Mr. Helm.

To protect and upgrade your home or business

 please contact us 856-745-9990 or click here.

 

Disable SSL 3.0 on Your Server

 

Due to a critical security vulnerability with SSL 3.0  (an 18-year-old, outdated technology), we recommend disabling it on your server. We have instructions on how to do that in the Updating section but recommend reading the entire document to understand the scope of what this does.

What does POODLE do?
In short, it’s a way attackers can compromise SSL certificates if they’re on the same network as the target if (and only if) the server the target is communicating with supports SSL 3.0.

Google has a lot more detail on their security blog here.

Does POODLE affect my server/sites?
Because POODLE is a vulnerability in SSL technology, it only impacts sites using SSL certificates. If your server or your sites don’t use an SSL certificate, you don’t need to update your server. However, we recommend doing it now in case you do end up installing an SSL certificate at a later date.

Updating
How you update your server depends on whether your server uses a Linux® distribution or Windows® and if it uses cPanel.

cPanel

cPanel requires slightly different steps from any other control panel/operating system configuration.

To Configure cPanel to Prevent POODLE Vulnerability on HTTP

1. Log in to your cPanel (more info).
2. In the Service Configuration section, click Apache Configuration.
3. Click Include Editor.
4. In the Pre Main Include section, from the Select an Apache Version menu, select All Versions.
5. In the field that displays, type the following, depending on which version of CentOS you’re using:

CentOS Version Type this…
Cent OS/RHEL 6.x
SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
Cent OS/RHEL 5.x
SSLHonorCipherOrder On
SSLProtocol -All +TLSv1

If you encounter errors while applying this update, please review this forum post at cPanel that discusses potential fixes.

6. Click Update.

Preventing POODLE on Other Protocols (FTP, etc.)

Right now, only servers using RHEL can protect themselves against POODLE on non-HTTPS protocols. They can do this by updating the latest version of OpenSSL, and then implementing TLS_FALLBACK_SCSV.

Servers using CentOS do not yet have a known fix for the vulnerability on non-HTTPS protocols. However, we will update this article with those instructions as soon as we do.

Linux (Apache)

Modify your Apache configuration to include the following line:

SSLProtocol All -SSLv2 -SSLv3

For more information on how to do that, view Apache’s documentation.

Windows (IIS)

Modify your server’s registry (which removes access SSL 3.0 support from IIS) using Microsoft’s document here. You can jump down to the Disable SSL 3.0 in Windows section.

World’s Largest Meat Supplier Attacked

The breach is the latest targeting of a crucial supply chain and comes three weeks after the Colonial Pipeline hack disrupted fuel operations in the U.S.

Here’s what we know:

What is JBS?
JBS USA is part of JBS Foods, one of the world’s largest food companies. It has operations in 15 countries and has customers in about 100 countries, according to its website. Its customers include supermarkets and fast food outlet McDonald’s and in the US, JBS processes nearly one quarter of the county’s beef and one-fifth of its pork. JBS’s five biggest beef plants are in the US, and the shutdowns have halted a fifth of meat production there, according to Bloomberg.

Its brands include Pilgrim’s, Great Southern and Aberdeen Black. The US headquarters is based in Greeley, Colorado, and it employs more than 66,000 people.

What happened?
Hackers attacked the company’s IT system last weekend, prompting shutdowns at company plants in North America and Australia. IT systems are essential in modern meat processing plants, with computers used at multiple stages including billing and shipping.
JBS hack shuttered nine US beef plants but normal operations to resume Wednesday
The hack, which the White House described Tuesday as ransomware, affected all of JBS’s US meatpacking facilities, according to an official at the United Food and Commercial Workers union that represents JBS employees. The cyberattack resulted in the closure of all nine of the company’s US beef plants, which are located in states including Arizona, Texas, Nebraska, Colorado, Wisconsin, Utah, Michigan and Pennsylvania, the union official said. The company said on Monday that it suspended all affected IT systems as soon as the attack was detected, and that its backup servers were not hacked.

The White House has said that the ransomware attack was likely carried out by a Russia-based criminal organization, and that it is dealing with the Russian government on the matter.
JBS’ operations in Australia were also affected. The Australian Meat Industry Council, a major trade group, said in a statement that “there is no indication whatsoever that this cyberattack will cause a major impact on Australian domestic red meat and pork products supply.”

What is ransomware?
In a ransomware attack, hackers steal an organization’s data and lock its computers. Victims must pay to regain access to their network and prevent the release of sensitive information.
Some sophisticated ransomware hackers, such as the Russian hacker group Darkside, sell their ransomware technology and take a cut of any ransoms paid to their customers.

Experts generally encourage ransomware victims not to pay any ransom. But a company’s ability to get back online without paying hackers may depend on whether it has protected backups of its data. In some cases, hackers can delete their target’s backups before locking its files, leaving the victim organization with no recourse.

JBS did not comment to CNN about details of the ransomware attack, including whether it paid the ransom.

This kind of cyberattack sounds familiar. Where have I heard that?
The hack comes a few weeks after a ransomware attack targeted Colonial Pipeline, which forced a six-day shutdown of one of the United States’ largest fuel pipelines. That May attack resulted in gas shortages, spiking prices and consumer panic. Colonial Pipeline has confirmed it paid a $4.4m (£3.1m) ransom to the cyber-criminal gang responsible.

Similar to JBS, Colonial Pipeline’s systems were hit with ransomware. Once a company has been hit by ransomware, its first course of action is usually to take much or all of its systems offline to isolate the hackers’ access and make sure they can’t move into other parts of the network.
That may be among the reasons why JBS shut down its operations and Colonial shut down its pipeline — to disconnect the companies’ operations from the IT systems that hackers breached. People briefed on the Colonial attack have said that the company halted operations because its billing system was also compromised and feared they wouldn’t be able to determine how much to bill customers for fuel they received.
The pipeline has since returned to normal operations.

Don’t be the next victim of a ransomware attack. Contact South Jersey Techies to discuss how your critical information can be secure.

If you have any questions, please call us at (856) 745-9990.

 

 

Cloud Computing: Companies Stay Cautious

In a new report from SolarWinds, 92% of companies say adopting cloud is critical to long-term success. But, most don’t think they’ll ever be fully cloud.

On March 29, IT management software provider SolarWinds released its annual report titled IT Trends Report 2016: The Hybrid IT Evolution, detailing some interesting trends around cloud adoption in the enterprise and the rise of hybrid IT.

First off, according to the results of the report, cloud adoption is a foregone conclusion for most businesses. The report found that 92% of the IT professionals who were surveyed said adopting cloud was important to long-term success in their business. Nearly 30% labeled it extremely important.

However, despite this widespread adoption, most organizations aren’t fully embracing the cloud within the whole of their organization. Joel Dolisy, CIO of SolarWinds, said that is because the cloud isn’t the best option for all workloads.

“The findings of this year’s study paint a clear picture: Cloud adoption is nearly ubiquitous, but it’s not now and will not in the foreseeable future be suitable for all workloads, and even if it were, very few if any companies would convert all of their existing applications to run in the cloud,” Dolisy said in a press release.

The data to support Dolisy’s statement came from the report as well. Only 43% of respondents said that half or more of their IT infrastructure will make it to the cloud over the next 3-5 years. And, 60% said it is unlikely that their entire infrastructure will ever be fully cloud-based. Additionally, 9% said they hadn’t migrated any piece of their infrastructure to the cloud.

Dolisy called the resulting dynamic hybrid IT, where an organization blends critical on-premises tools with cloud-based technologies. This affects IT as well, he said, because it shifts the dynamic of the corporate IT professional to one who can guarantee always-on performance regardless of where he or she is based. Additionally, these professionals need new skills and tools to effectively deploy and manage these environments.

Basically, the rise of this hybrid IT means that IT professionals are faced with two key tasks: Leveraging the cloud to increase efficiency and performance, while maintaining security of critical systems.

So, what are the benefits of this hybrid IT infrastructure? The SolarWinds report listed three in ranked order:

  1. Infrastructure cost-reduction
  2. Increased infrastructure flexibility/agility
  3. Relieving internal IT personnel of day-to-day management of some infrastructure

However, there are some challenges to managing this type of infrastructure as well. Of the respondents, 62% listed security as the top challenge within these type of environments.

Then, of course, there are also inherent challenges to encouraging cloud adoption as well. SolarWinds pegged the top three barriers to overall cloud adoption (which, in turn, affects hybrid IT) as follows:

  1. Security/compliance concerns
  2. Legacy system support
  3. Budget limitations

Nearly 70% have migrated their applications to the cloud, almost 50% have migrated their storage, and 33% have moved their databases.

So, how does this affect your organization? Well, new trends in infrastructure often require new skills to support them.

According to the survey, only 27% are convinced that their IT department has the skills needed to fully support a hybrid IT environment. To succeed in hybrid IT, respondents said they needed better monitoring tools, application migration support, distributed architectures, service-oriented architectures, and automation or vendor management tools.

Hybrid IT also require support from leadership as well. Of those surveyed, 56% felt that they had the support needed to do hybrid IT right.

“In short, IT is everywhere,” Dolisy said. “Effectively managing and monitoring the new environment—from on-premises to the cloud with multiplying endpoints—to be able to act when needed is more critical now than ever.”

The 3 big takeaways for readers

1. Hybrid IT, a mix of cloud and on-premises solutions, is growing as the prevailing trend in IT architecture. Almost all respondents said cloud was critical to future growth, but many felt that their organization would never be fully cloud.

2. Hybrid IT can offer cost reduction, increased agility, and management relief. But, it also brings security challenges, issues with legacy systems, and budget challenges.

3. If your organization is engaging hybrid IT, your IT professionals need the proper tools and skills to stay on top of it. Look into monitoring, different architectures, and automation to help support your staff.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Windows 8 Cisco VPN Error 442 Fix

FAILED TO ENABLE VIRTUAL ADAPTOR –

HOW TO FIX IT

The Cisco VPN client is one of the most popular Cisco tools used by administrators, engineers and end-users to connect to their remote networks and access resources.

With the introduction of Windows 8, Cisco VPN users are faced with a problem – the Cisco VPN software installs correctly but fails to connect to any remote VPN network.

When trying to connect to a VPN network through a Windows 8 operating system (32 or 64 bit), the Cisco VPN client will fail to connect. As soon as the user double-clicks on the selected Connection Entry, the VPN client will begin its negotiation and request the username and password.

As soon as the credentials are provided, the VPN client shows the well-known “Securing communications channel” at the bottom of the windows application:

cisco-vpn-client-windows8-fix-

After a couple of seconds the Cisco VPN client will timeout, fail and eventually the connection is terminated. The user is then greeted by a pop up window explaining that the VPN failed with a Reason 442: Failed to enable Virtual Adaptor error:cisco-vpn-client-windows8-fix

INTRODUCING THE FIX – WORKAROUND

Thankfully the fix to this problem is simple and can be performed even by users with somewhat limited experience.

Here are 4 easy-to-follow steps to the solution:

1. Open your Windows Registry Editor by typing regedit in the Run prompt.

2. Browse to the Registry Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CVirtA

3. From the window on the right, select and right-click on DisplayName and choose Modify from the menu. Alternatively, double-click onDisplayName:

cisco-vpn-client-windows8-fix

4. For Windows 8 32bit (x86) operating systems, change the value data from @oem8.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter to Cisco Systems VPN Adapter.

For Windows 8 64bit (x64) operating systems, change the value data from @oem8.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter for 64-bit Windows to Cisco Systems VPN Adapter for 64-bit Windows (shown below):cisco-vpn-client-windows8-fix

When done editing the Value data, click on OK and close the Registry Editor.

You can now run the Cisco VPN Client and connect to your VPN network.  Changes performed do not require a system restart.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Chrome Labels HTTP Sites ‘Not Secure

Google sends a nudge toward the unencrypted web

Starting in July, Google Chrome marked all HTTP sites as “not secure,” according to a blog post published today by Chrome security product manager Emily Schechter. Chrome currently displays a neutral information icon, but starting with version 68, the browser is warning users with an extra notification in the address bar. Chrome currently marks HTTPS-encrypted sites with a green lock icon and “Secure” sign.

Google has been nudging users away from unencrypted sites for years, but this is the most forceful nudge yet. Google search began down-ranking unencrypted sites in 2015, and the following year, the Chrome team instituted a similar warning for unencrypted password fields.

The Chrome team said the announcement was mostly brought on by increased HTTPS adoption. Eighty-one of the top 100 sites on the web default to HTTPS, and a strong majority of Chrome traffic is already encrypted. “Based on the awesome rate that sites have been migrating to HTTPS and the strong trajectory through this year,” Schechter said, “we think that in July the balance was tipped enough so that we can mark all HTTP sites.”

HTTPS encryption protects the channel between your browser and the website you’re visiting, ensuring no one in the middle can tamper with the traffic or spy on what you’re doing. Without that encryption, someone with access to your router or ISP could intercept information sent to websites or inject malware into otherwise legitimate pages.

HTTPS has also become much easier to implement through automated services like Let’s Encrypt, giving sites even less of an excuse not to adopt it. As part of the same post, Google pointed to its own Lighthouse tool, which includes tools for migrating a website to HTTPS.

 

CALL US NOW!