Archive for October 2019

How the Bad Guys Get Your Password

How to make your passwords better

Passwords are essential to your safety, but like everyone else you probably have dozens of passwords to remember. So, you might take shortcuts – but taking advantage of this is one way bad guys access your passwords.

Incredibly, there are still people out there using “password” or “123456” in their access credentials. Also, some people don’t change the default passwords on their devices and this can be dangerous.

So how to make your passwords stronger?

Avoid the obvious passwords

When you have to create a password, make an effort. Steer clear of simple, easily guessed patterns – an ideal way of getting a good password but one that you will remember, is to think of a word (or combination of words) and change letters for numbers and special characters such as exclamation marks. For example, instead of “strongpassword“, make it “sTr0NgpassW0rd!”

Cybercriminals can also guess your password. With a little bit of research about you online, they can make some informed guesses. Common passwords include pet names, birthdays, and anniversaries. These are all easy to find via your social media accounts.

Be careful what you share on social media

Always remember that as well as updating your friends and relatives, you are potentially updating cyber criminals, giving them access to a goldmine of info for personalizing an attack on you.

If that doesn’t work, criminals may try brute force. They might script an automation bot to run thousands of password permutations until they get a hit. The software will try a long list of common passwords and run through dictionary words to gain access, which makes it more important to have a good password (see above).

Don’t duplicate passwords – Company data breaches

The criminal may also be working with info from a data breach. In early 2019, a security researcher found more than 2.7 billion email/password pairs available on the Dark Web. Criminals accessing that database could use the data as a starting point, as many people duplicate their passwords across accounts, so try not to duplicate!

Not only that, a major broadband company in the UK was hacked and millions of accounts compromised, so it can happen here too.

It can be overwhelming to remember all your passwords, and that’s also why you should use a password manager to keep track of it all for you – for more information see our previous Blog page about Passsword Managers.

‘Phishing’ – it’s not what it seems

Of course, there’s one more method of getting your password that we haven’t addressed yet. It’s the familiar ‘phishing attack’ – something pretending to be from a company but is in fact a fake. For instance, you get an email that looks like it was sent by your bank. Phishing typically has an urgent message and a link that directs you to what looks like a credible page.

Pay attention to who is sending the email and hover the mouse over the link to see where it actually ponts to. If you are concerned about your bank account, for example, open up a browser and type the URL manually rather than clicking the link. Many times, you will see that it is not the internet address that you would expect, such as instead of barclays. co.uk it is abcdef.barclays.co.uk.

The most important thing to remember is that if you are in any way not sure, pick up the phone to your bank (or other company involved) to verify that the email is from them. As a rule of thumb, try not to use links in emails as fake web pages can be very convincing.

These tips can help you to protect your valuable passwords. Still, setting up a password manager and amping up your internet security can help too. Need support getting ahead of the cybercriminals?

Contact us on 01455 209505.

Update iTunes and iCloud against Ransomware Vulnerability

Update iTunes - Ransomware Exploit

A vulnerability has been found in the Windows version of iTunes and iCloud, which may allow ransomware to be inserted into Windows computers, bypassing antivirus security programs.

Mac versions are not affected.

Bonjour software exploited

The Bonjour component that both iTunes and iCloud uses, is meant to allow communication between devices on your network and is often used to allow Windows to communicate with Apple devices.

A bug has been found (by security company Morphisec) in Bonjour, called a ‘zero day vulnerability’ which in geek-speak, is an ‘unquoted service path’ – essentially code which has been written incorrectly. As iTunes and iCloud are classed as trusted programs, the vulnerability can avoid antivirus security software and install ransomware software, which can potentially encrypt hard drives and prevent you accessing your data.

Get your iTunes and iCloud update patches

Apple has now patched the vulnerability in iTunes 12.10.1 and iCloud 7.14, so grab your updates if you haven’t already and ensure that automatic updates are enabled, to provide maximum benefit from security fixes in the future – especially as other vulnerabilies were found at the same time, which are yet to be resolved.

Uninstalled iTunes? You can still be vulnerable

Even if you have previously uninstalled iTunes, the Bonjour software is probably still present on your system, as it is a separate program and is not automatically uninstalled when iTunes is removed.

If Bonjour is still on your system it may be still have background services running but in a potentially unpatched state, so you would need to go to your Control Panel and remove it manually.

How to Get Your Devices to Play Nicely Together

Connect your Network Devices

Desktop computers. Laptops. Tablets. Network printers. Routers. Smartphones. Smart speakers. Media players. Gaming systems. Homes today have many, if not all of these. Each has all sorts of features, and they’d be even more useful if they connected to one another. If only it wasn’t so challenging to get all our devices to relay information between each other reliably.

Home networking can bring so many benefits. You might enjoy:
• accessing emails on all your devices, wherever you are;
• surfing the Web using your voice;
• being able to share files, photos, and other media with any other networked device;
• viewing a baby photo album from your computer on your Smart TV
• printing from your smartphone or other devices, even when not connected to the device via cable, using AirPrint or Google Cloud Print;
• backing up all computers in the house to a centralized location via the network;
• securing your activity on all devices at home with a protected Wi-Fi network.

Yes, all that sounds pretty good, but how do we get our devices to do all that?

What Your Home or Business Network Needs

First, take a moment to imagine connecting all the computers and smart devices in your home or office via cables. As if you want more cables snaking around! So, you’ll be looking into a wireless network to connect your devices to the internet and each other. That means setting up a router (we’re assuming you already have an internet service provider).

The router connects you to the internet with its built-in modem, but just as importantly it connects your devices to each other. The router communicates the wireless signal between your devices and gives each device its own address on your network.

If your home or office is spread out over several floors or square feet, or you have to deal with thick walls, you might have difficulties with Wi-Fi dead spots. Don’t worry! You could try a mesh network (where instead of making one device do all the signaling, a primary router and many smaller satellites or nodes relay the signals with equal power) or use a Powerline setup which uses your electrical wiring.

Securing Your Home or Business Network

When you get your devices connected, you’ll want to secure your network. Taking these simple steps helps protect your personal information and prevent cyberattacks.

First, change the default passwords on your router, and choose something more complex than “123456,” “password,” or anything else easily guessable. You may also want to set up a guest network if the router supports it. This allows visitors to access the Wi-Fi without you having to share access to your main network.

Also, rename your Wi-Fi network so that it isn’t obvious that it’s your premises or what broadband router type you have. For example, if you live at 920 Hassell Place, you wouldn’t name it 920Hassell. Or, if you’ve got, for example, a BT router, don’t leave it with the name it came with as it’s a starting point for anyone trying to get into your network – don’t make it easy for someone trying to target you to identify which network they are trying to hack.

For business networks, there are other considerations too, but the above is a good starting point.

You like using all your devices, but getting them all networked seems like a headache. Still, once you have a network set up, you’ll wonder why you waited so long.

We can help you get all your devices playing together nicely and securely. Contact us today on 01455 209505!