dropbox got hacked

The Sky Is Falling! The Sky Is Falling! Dropbox Got Hacked!

“Have you heard?dropbox got hacked

Dropbox was hacked!” 

“Oh no! When did that happen?”

“In 2012.”

“Now you’re telling me?”

 

If No News Is Good News Does That Make Old News Bad News?

Well, it’s a little bit of both. The good news is that it is old news. Dropbox has fixed their security issues. Everything should be fine now.

According to Information Age, “The company was alerted to the breach when users noticed they were receiving spam on email accounts they only used for Dropbox. Their investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts.” (Emphasis ours.) That item was posted on 01 August 2012. Seems innocuous enough. Things happen.

Now for the bad news. Fortune magazine published a report on 31 August 2016 first released by Motherboard on 30 August 2016. Thanks to these updates, we now know what “a small number” means. To the surprise of many, it is close to 70 million. That’s small compared to the national debt, but it’s kind of a big deal for any of the 68,680,741 accounts whose email addresses and password details were stolen.

 

Don’t Run. Reset.

There is no need to panic (unless you are one of the 68,680,741). What’s done is done. It’s water under the bridge. There is nothing anyone can do to undo what has been done. Dropbox initiated a password reset during the last two weeks of August. According to a Dropbox spokesperson, “We’ve confirmed that the proactive password reset we completed last week covered all potentially impacted users.” That makes you wonder how similar “all potentially impacted” and “a small number” are.

Dropbox recommends that users also reset their passwords as a precautionary measure. Tech Talk has published seven easy steps to enable a two-step verification for Dropbox account access. Those steps are listed below.

  • Sign in to dropbox.com.
  • Click on your name from the upper-right of any page to open your account menu.
  • Click Settings from the account menu and select the Security tab.
  • Under Two-step verification section, click Enable.
  • Click Get started.
  • For security reasons, you’ll be asked to re-enter your password to enable two-step verification. Once you do, you’ll be given the choice to receive your security code by text message or to use a mobile app.
  • After enabling the feature, consider adding a backup phone number that can receive text messages as well. If you ever lose your primary phone, you’ll be able to receive a security code to your backup phone number instead.

That does it. Be good to go. The sky is not falling. We will let you know if it is.

In the meantime, if you need any additional information, contact us here at Tech Sentries at 843-282-2222.

Tech Support Scam

This Is Tech Support. You Are About to Be Scammed.

Tech Support Scam

Internet usage continues to expand as coverage becomes more available and as users are added by the thousands. Those users include people who do not understand what goes on behind the scenes as well as others who know that they do not know.

Scam artists have been around throughout recorded history. The intent is always the same: to take advantage of innocent people, usually absconding with some of their cash. It is just that many of the methods have changed over the years. The art of catching people unaware is common to nearly all scams. The best scams work, not because the victims are oblivious, rather that they respond without thinking, often erring on the side of caution.

Here’s an example. On a recent episode of ABC-TV’s “The Catch.” a couple of con artists (who were also pickpockets) needed to get their hands on some cash. They posted legitimate looking signs near an outdoor café. The signs read, “Be careful. Pickpockets operate in this area.”

It was a perfect scam. People who saw the signs immediately put a hand on the pocket where their cash was, just to be safe. Their response to the signs made it easier for the pickpockets to pull off their scam. In fact, the signs were the scam.

Virtually the same thing is happening on the internet with tech scams. The user may receive a message by phone or on their screen, prompting the user to take action to protect their computer from some alleged issue or malware. Just like the victims of the pickpockets, people react instinctively out of an abundance of caution.

Once in contact, the tech scammer will request access to the individual’s computer in an alleged attempt to fix the non-existent problem. Presto-chango! Before the victim knows what has happened, his computer has new malware installed, his personal banking information has been stolen, or his PC is being held for ransom.

This has become particularly dangerous in the era of remote monitoring and maintenance. There are two things you can do to protect yourself from the tech service scammers.

  1. Think about what is really happening.
  2. Never respond to a tech service warning unless you know the person making contact and that person has been authorized by you to protect your computer.

Be vigilant and think before you react. Thinking first may keep you from doing something foolish. Tech Sentries is the logical source of your protection. We guard and protect your PCs, laptops, and other connected devices against the dangers that lurk in cyberspace and the scam artists who want to take you for everything they can.

Don’t wait. Contact us today (843-282-2222). Tech Sentries is always on duty helping you “Guard Your Technology” at all hours of the day or night and keeping updated on how to be better prepared for Internet scams.

Your Mobile Phone Calls May Be Up for Grabs

mobile phone security

You’ve seen the cell phone intercepts, tracking, and cloning in the movies and on TV. It’s scary, but you know that it is make-believe.

You’ve read the headlines about the NSA listening in on cellular conversations. That’s really scary, but you don’t really care because you think that they won’t be listening to you. You have nothing to hide.

Think again. The NSA’s favorite son, Edward Snowden says that you should care.

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”

IMSI Catcher Development

IMIS catchers were developed in the mid-1990s. Referred to in the vernacular as “grabbers,” IMSI catchers are cellular monitoring devices. Of course, since no one wants anyone else to be able to be able to monitor their calls, the original versions were marketed as anti-terrorism equipment.

Just in case you are wondering, IMSI is the acronym for International Mobility Subscriber Identity. And, if you are thinking that cellular monitoring requires a technologically advanced war room deep inside the NSA (or China), be warned that, as rapidly as technology advances, so does the technology require for grabbing your subscriber identity and call data.

Don’t think for a minute that wearable technology is only about being healthy and fit. As far back as 2013, body-worn IMSI catchers were advertised “for covert snooping.” According to published reports,

“The device is small enough to fit under a shirt. It needs from one to 90 seconds to capture the international mobile subscriber identity (IMSI) or international mobile equipment identity (IMEI) of the person being tracked. It works on all GSM-based networks regardless of country and is fully operational even when functioning in a moving vehicle.”

IMSI Catcher Distribution

The distribution of IMSI catchers is kind of like hand grenades. They may be advertised as anti-terror devices, but they can also be used to create the thing they were designed to prevent. And, they are illegal in most places.

While it’s not always clear whether grabbers are illegal (technology moves faster than legislators), like hand grenades, not many of us want our neighbors to own them. It’s not a matter of whether they are legal or not. It is a matter of whether they will use them.

We should all be able to take comfort in the knowledge that our neighbors would never be able to obtain a hand grenade – or a grabber. We should be able to, but we can’t – because they can. Most ostensibly, Alibaba, the world’s largest e-commerce website offers a grabber for $1,800 USD.

Do a Google search for IMSI catcher under the Shopping tab. The good news is there is only one SERP. The bad news is that there are any. It should also not warm the cockles of your heart to see that there are nearly 15,000 searches per month for IMSI catcher. Who are those people and why are they searching for this?”

IMSI Detection

All is not lost. Android IMSI Catcher Detector (AIMSICD) is an app designed to “detect and avoid fake base stations.” SnoopSnitch is available from Security Research labs in the Google Play Store, but its application is somewhat limited at this time. Signal, RedPhone, TextSecure, and ChatSecure apps are all robust enough to shield the content of your personal communications.

What happens on your cell phone should stay on your cell phone. Especially if you are Anthony Weiner.

Call Tech Sentries today for all your security needs.

what is whitelisting?

The Wisdom of Whitelisting

Do you remember the good old days when we were able to tell the bad guys from the good guys on TV westerns by the what is whitelisting?color of their hats?

Cyber vocabulary includes the term “black hat.” It is derived directly from those old westerns and those dirty, low-down, dastardly villains. Today, the term is used to describe internet hackers who ambush the innocent folks in white hats. Folks like you and me.

The problem is that it’s hard to tell the color of their hat when they are lurking in the shadows of cyberspace.

There’s an App for That

Yep. There seems to be an app for just about anything. Including some apps created by and for bad guys.

Until recently the most commonly used means of identifying malicious apps was “blacklisting,” or what some of the wranglers around the campfire call “The Oops Method.” In its most simplistic form, you create a blacklist of apps you already know are bad guys. The digital list blocks the bad guys from loading on your PC. The problem is that someone has to discover the evil app either by being caught unaware or by keeping up to speed with all the latest information. Except for the apps that are unknown because they are not on the list, the idea works fairly well.

There’s a Better Way than That

The better way is called “whitelisting.” This method involves creating a list of apps that we already know to be good guys. Instead of blocking the bad apps, whitelisting turns the tables and allows only the apps and software that are on your white list to have access to your computer or mobile devices. Only those who have been “deputized” on the whitelist are allowed in.

Now, that’s very technical, but it does describe the difference well enough for you to know that whitelisting is more effective than blacklisting.

We can help you get a white list started and help you keep it up to date. Tech Sentries is the logical source for your protection. We’re wearing our white hats and protecting your PCs, laptops, and other connected devices against the dangers that lurk in the shadows of cyberspace.

Don’t wait. Contact us today at (843) 282-2222. Tech Sentries is always on duty helping you “Guard Your Technology” at all hours of the day or night and keeping updated on how to be better prepared for Internet scams.

New Age of Security

mobile-security

Open Whisper Systems has taken mobile device voice and texting to a new level with the release of its Signal 2.0 app.

The original version of the free, open source, encryption app for iOS encrypted calls between phones on which the Signal app was installed. Version 2.0 add encryption for SMS text message as well as voice communication. This is but another step in the agile development process for which the objective is “a unified app that will work on iPhones, Android-based phones, and desktops.”

Signal 2.0 ensures complete end-to-end encryption of voice and text based on the TextSecure protocol. The app has already been cited as easy to use and, although it is open-source, it nonetheless features forward secrecy, eliminating the potential for a once hacked, always hacked scenario. In other words, if someone is able to decrypt your message, they will not be able to do so to future messages, because forward security utilizes a new, random key for every session.

The Humorous Side of Cellular Security

In most cases, there is no humorous aspect to security. It is interesting at the very least to note that some Signal users have complained that the app requests access to their contact list. This is a case of being overly sensitive about messaging security that goes back to the days of tin can and string telecommunications. Just as that communication required another person with a tin can attached at the other end of the string, so does modern encryption technology.

And, just as it would be foolish to speak into a tin can and a string without the string being attached to the right person with another tin can, so it is necessary that the app knows that the person you want to contact has his or her own tin can.

The Serious Side of Cellular Security

Lest we forget, there are even government agencies that would like to eavesdrop on our messages. The forward secrecy aspect of Signal 2.0 stymies their efforts as well. The significance of this matter has not been overlooked by the popular WhatsApp. Although not yet fully encrypted over all platforms, WhatsApp has partnered wth Open Whisper for encryption of their own messaging system.

Cellular security is, indeed important, for governments, businesses, and individuals. Ask anyone (except Hillary Clinton). The Intercept recently issued the following caveat.

“It’s important to keep in mind that no technology is 100 percent secure, and an encrypted messaging app can only be as secure as the device you install it on. Intelligence agencies and other hackers can still exploit security bugs that have not been fixed, known as zero-day exploits, to take over smartphones and bypass the encryption that privacy apps employ. But apps like Signal go a long way to making mass surveillance of billions of innocent people infeasible.”

Call Tech Sentries if you have any doubt about your security. We provide peace of mind.

Phishing

New Phishing Attack Targets Gmail Users

PhishingIncreased awareness is taking place concerning a phishing attack. It has been around for over a year and is targeting Gmail users. Inboxes are being infiltrated by hackers, which is allowing these cyber criminals access to both incoming and outgoing email messages. That in and of itself isn’t the shocker. What is more surprising is what happens next. Hackers look for emails that have links attached and replace them with a Gmail login screen that is malicious. Once the user clicks on the attachment, they will see a Gmail login screen prompting the login and password for that account. Once this happens, the hackers have instant access to sensitive login information, making it easy for them to see a whole new inbox to start the process over from.

Here’s how it works…

Let’s say someone sends you an email that has a Word document attached to it. That email is sent from their Gmail account to your Gmail account. Your account becomes hacked, which opens it up to cyber criminals who can get in and put that malicious Gmail login screen in place of the attached Word document. Now when you click on that attachment, you follow the prompts to sign into your Gmail account. Instead of opening the document as you thought it would, it gives hackers full access to your password so they can get into your account. They grab more email addresses from your list and repeat the cycle.

Phishing Attacks

Phishing attacks take place when malicious links, malware or attachments sent by hackers infect your account through the emails they send. They are certainly nothing new, but they are always changing and evolving, becoming more sophisticated and tough to catch.

This Gmail attack is a great example of that. Usually there are several red flags associated with a phishing attack that make it easy to avoid being infected. But with this attack, it comes from an email thread that seems familiar and trusted. You usually don’t know the sender, whereas in this Gmail attack, you most likely do know the sender. It’s easy to suspect a hacker when you see urgent messages in your email, telling you to please open immediately. It could be under the guise of overdue bills, an invoice that has a mistake, package tracking info, etc. Because it is coming from a trusted source, you click on the malicious attachment, giving the hackers the info they are looking for. One tip is to watch out for spelling and grammar mistakes. The hackers are counting on the fact that you won’t think twice about it if it’s coming from an email you already deem safe. If you see spelling errors, be careful about what you click on. Also, be wary of any screen prompting you to log into your account when you’re already logged in! Many people miss the small but obvious signs of a phishing attack.

Stay safe online with more tips from Tech Sentries! Call us at 843-282-2222.

phone scams

Phone Scams – Just Say Nothing

Just when you think you are above being scammed by callers to your phone, some new twist on the old scam schemes sneaks onto the scene. The latest scam may be the sneakiest since Satan got Eve to say “Yes” in the Garden of Eden.

phone scams

The new scam is so simple that many people never see it coming. After all, this is the hallmark of a scam. If we saw it coming, it wouldn’t work.
The point of this article is to help you see it coming.

The Skinny on the New Phone Scam

The objective: to get you to say “Yes.”
The method: to ask you a question to which you will answer “Yes.” The questions sound innocent enough. For example:

  • “Can you hear me clearly?”
  • “Am I speaking to (your name)?

The sting: Once the caller has a recording of your voice saying “Yes,” your response can be “spliced” into another recording in which the questions are different. In the altered recording, your “Yes” sounds like a response by which you agree to purchase something. Or worse.

The Sides of New Technology

The constant and accelerating development of new technologies is exciting. However, we need to be aware that there are people who use good technology for evil purposes. It’s okay to be excited, but it is important that we be cautious.
Both the FCC and the BBB have issued advice on how to avoid being scammed on the phone.

  1. Don’t answer calls from unknown numbers. Let them go to voicemail.
  2. If you answer and the caller (often a recording) asks you to hit a button to stop receiving calls, just hang up. Scammers often use these tricks to identify, and then target, live respondents.
  3. If you receive a scam call, write down the number and file a complaint with the FCC so it can help identify and take appropriate action to help consumers targeted by illegal callers.
  4. Make a note of the number and report it to BBB Scam Tracker to help warn others.
  5. Ask your phone service provider if it offers a robocall blocking service. If not, encourage your provider to offer one. You can also visit the FCC’s website for information and resources on available robocall blocking tools to help reduce unwanted calls.
  6. Consider registering all your telephone numbers in the National Do Not Call Registry.

Common sense used to be enough to be your guide. Now it takes education, wisdom, and forethought. Be alert. Be cautious. Be safe.

Dynamic Whitelisting

From Whitelisting to Dynamic Whitelisting

Dynamic Whitelisting

“Fundamentally, we need to change the way we interact with the Internet… This whole reactive approach we’ve taken for years just doesn’t work.”

That is the opinion of Frank Dickson, the Research Director for Worldwide Security Products at International Data Corp. He was talking about the need for a more assertive, dynamic whitelisting approach to protecting personal and corporate technology.

 

One of the reasons that people – especially businesses – don’t utilize whitelisting is that it is so manual intensive. Someone has to create the whitelist and keep it up to date. We agree. It can be tedious.

However, what if there were a better way to do whitelisting?

There Is a Better Way.

It is dynamic whitelisting. Think of it as the difference between being the maître d at a restaurant or being one at an exclusive club.

A whitelist is like the maître d at a restaurant checks a list that changes daily to see if you have a reservation. Assuming that you have a reservation, the maître d will allow you to enter and arrange to have you seated. If you are not on the list, you will be politely turned away.

A dynamic whitelist is like the maître d at an exclusive club may have a reservations list, but your name is not going to be on his list unless it is first on the club’s membership list.

Dynamic Whitelisting Is Not New But Still Developing

Even some computer technicians think that dynamic whitelisting is new, but there is at least one report online that cites dynamic whitelisting as having been used in highly-regulated businesses and industries before 2009.

It is increasingly apparent that the accelerating pace of software and application development is rendering companies unable to keep pace. Dynamic whitelisting “facilitates an immediate reaction to any updates in the software world.” Dynamic whitelisting is being refined by leading technology security firms utilizing artificial intelligence, certifications, software tracking, processing, analysis, and classification.

Information is aggregated and loaded into massive databases in real time. Businesses that subscribe to what may become known as WLaaS (Whitelisting as a Service) will no longer have to manage whitelists daily. The security firm provider’s database is akin to the exclusive club’s membership list. If the software is not in the database, it will not be seated in your system.

Look for our next whitelist article, “Why BYOD Makes a Case for Whitelisting.”

Tech Sentries is as concerned about your computer system security as you are. Your computer system security is our business. That’s why Tech Sentries is always on duty. Contact us today to learn how we can help you “GUARD YOUR TECHNOLOGY” (843-282-2222).

guard your technology

Four Simple Ways to Guard Your Technology

guard your technologyGuarding your technology is a narrower way of saying “Protect your assets.” After all, your business’ computers, software, and information are a significant, specific segment of your assets. Worrying about guarding your technology won’t get you anywhere. You have to do something.

Think with us for a minute, not about specific threats, but the fundamental need to protect your assets. Here are four simple suggestions that, if followed, will prove beneficial.

  1. Back up your data. Often.

It has been 30 years since we entered the Information Age, i.e., the era when information began to become a business’ most important asset. Yet, in 2017, many businesses still do not perform a daily backup of their data. Here’s what we recommend:

  • Back up daily. That means every
  • Back up to the cloud. If an unforeseen local disaster strikes, your data is still safe.
  • Back up to a USB drive. If an unforeseen disaster happens locally or in the cloud, your data is still safe – as long as your USB drive is kept in a separate place.
  1. Use the Principal of Least Privilege.

This principle states that “each system component or process should have the least authority necessary to perform its duties.” This may be counterintuitive. That’s a good sign. The point is that the more authority a component or process or user has, the more exposure your system and your data have to cyber threats. You might call this “minimizing your threat window.”

  1. Keep All Your Software Up-to-Date.

There are two common excuses for not keeping software up to date.

  • You don’t want to spend the money (if, in fact, the update costs anything).
  • You want to wait until “they work the bugs out.” More than likely, the update is working the bugs out.
  1. Have 24/7 Support.

You can, and should, use security software, but don’t forget point #3. You have to be committed to keeping it up to date. Perhaps more importantly, your business information is always exposed to cyber threats, whether you are there or not.

If your tech security is not operational 24/7, you may as well not have any security. That’s where Tech Sentries comes in. We collaborate with you to ensure 24/7 protection, including ensuring backups and keeping your software up to date, plus monitoring your system for aberrations that may indicate potential attacks and more.

You should be concerned about your computer system security, but you should also know that you are not alone and defenseless in the computer world. Tech Sentries is always on duty. Contact us today to learn how we can help you “GUARD YOUR TECHNOLOGY” (843-282-2222).

computer encryption Myrtle Beach

Computer Encryption and How it Works

computer encryption Myrtle BeachKeeping others from being able to see the content on your computer is your right. No justification is needed—only appropriate action. In today’s political climate, computer security is one of the most common questions we are asked here at Tech Sentries. These questions often deal with protecting your data, keeping the government out of your affairs, and even encryption. If you don’t know what encryption means, much less how it’s used, this article is for you!

So Just What Does Computer Encryption Mean?

Basically, encryption involves scrambling text into a unique code using mathematics. Special encryption software uses algorithms to generate these codes from your text. Unless you are a person who knows how to unlock this code, it will look like unrecognizable nonsense.

The key to unlock encryption is referred to as a cipher. They have been used in many ways for the last 2000 years. Due to their complexity, it can take many years for any person or computer to successfully decode or unlock the cipher.

The truth is we all use computer encryption everyday but might not be aware of it. Did you know that each time you log into your bank account, join a Wi-Fi network or shop on an HTTPS site you are using encryption? These types of transactions use encryption called “in transit,” which deals with information transferred over the internet. If a file or disk gets encrypted on a computer, it’s referred to as “in place or at rest” encryption.

To put it simply, think of encryption as bits. The standard encryption key uses 256 bits, which literally has billions of possible cipher combos. The math is downright overwhelming! The two most common encryption types are symmetrical and asymmetrical. This simply means that with symmetrical, the same key is used to both lock and unlock the encrypted files. The opposite is true of asymmetrical—one key locks it and another unlocks it. The latter is the more commonly used method.

How Does Computer Encryption Work?

Certain software is used that creates ciphers which are highly complicated. This is what will scramble the data in your folders and files. Often, the encryption is so complicated that it can only be read once unless properly decrypted or “unlocked.” While a supercomputer or superhuman might be able to decode the encryption, it would likely take many years. Instead, encryption software can be installed like other programs and you will need a strong password to protect the files it encrypts. The password is your cipher to unlock everything so it is crucial to choose wisely when creating this password. Here are some tips:

  1. Don’t use words from the dictionary
  2. Try creating a phrase rather than just a word
  3. The more characters, the stronger the password
  4. If possible, use combinations of upper and lowercase letters, numbers and special characters such as (#$%&!).

You might have a file with one or more lines of text in it that could be dangerous. If you enter that line into your encryption software, it would take the line of text and convert it to a long combination of letters, numbers and characters that would make no sense to anyone unless decoded. It may end up looking far longer than your original line of text, which makes it even harder for a hacker to get to it.

Should I Encrypt My Data?

For the most part, we strongly encourage everyone to encrypt their data. Even more so if you use tablets and/or laptops. Encryption goes a long way in protecting you from spying eyes of thieves, hackers, and even government. It also prevents malware and other viruses from getting into your data. The simple fact that it takes your carefully chosen password to unlock your files makes encryption worth it—everyone who values their privacy and security should use it!

There are a few options depending on what device you’re using.

Each of these options works in much the same way. Enable or install the encryption program, set a drive or folder, give it a secure password and encrypt. Just do not forget that password!

What About Backdoors?

The term “backdoors” has come up when certain officials aren’t happy with security companies not providing them a “backdoor” way to access encrypted files. Government seems to always want to put more surveillance in place and they don’t take too kindly to companies refusing to provide them with a hidden key that would allow them access to the data they want whenever they choose. Fortunately, no backdoor access is currently being enforced and we have no reason to believe that these security companies are building any backdoor access to their encrypted data files.

The bottom line is encrypting your files is legal, free and easy to do. If you run a business or just have personal files you don’t ever want anyone gaining access to, computer encryption is the safest thing to do!

For more information about computer encryption and computer security, call Tech Sentries today! (843) 282-2222.

1 2 3 4