It was right there in the email:
"Thank you for your pizza order. Your order will be ready for delivery on......."
Wait, what pizza order? My wife must have ordered pizza for herself and her coworkers. How much did she spend THIS time?.....Pizza, breadsticks, liter of Coke. Under $30. Deliver at 12:30 pm to Tupelo, Mississippi. Wait a minute! Mississippi??? We live in Arizona!
And that is how a security professional found out that he was hacked a few months ago. Even I am not exempt from the nefarious behaviors of the underworld. I had done all of the right things. I changed my passwords regularly, watched what websites I browsed to and I kept my antivirus current. There must be a mistake....
And there was. Mine. I discovered that I had accounts on websites that were created a long time ago(2009) that were still active and had been breached(shown below):
All of these accounts used the same username and password. When one of these websites was hacked, they gained my username, email address and password. Armed with that information, the hackers used my credentials to access the most popular websites and waited until they got a, "Welcome, Silly User!" And voila, fresh, hot pizza for everyone under my account. Even my username was changed.
Two things were my saving grace: I had purchase notifications turned on so that if something was ordered I would know, and I didn't have my credit card information saved. The hackers were limited, but it would look bad on my record the next time I wanted it, "Fresh, hot and fast!" I quickly called the pizza place and told them that they had been duped and to not deliver the pizza. They were very thankful and so was I. Subsequently, I closed the exploited accounts and changed all my passwords. If you haven't figured it out by now, there is no free pizza!
- Search for old accounts and accounts with the same password. Delete unused accounts and change the passwords on the rest.
- Passwords should never be used for more than one account. There are personal password managers that can store all your passwords and you'll only have to remember one.
- As soon as you are notified of a breach of security on a website where you have an active account, change that password immediately.
- Always use notifications and alerts.
- Use two-factor authentication to force a push to a mobile device before a user can login. We recommend Duo Mobile.
- Credit card information should not be stored on a website. While it may be extra work to re-enter your card information each time, that is easier than trying to recoup stolen funds.
We are here to support our clients and recommend products or services that will prevent breaches and minimize any resulting damage. If you have any questions, please don't hesitate to contact us.
Tucson Dinner Meeting
October 12, 2017
@radisson Suites Speedway
Project SAFE "best OF" Contest Winners & Guest Speaker Bert Ratia.
Bert Ratia of LeeShanok Network Solutions will be presenting on "IT Security for the Common Worker." It's packed with useful tips we can all use every day to recognize, deflect, and protect.
Click HERE for more Info
On June 27 the US Government became aware of new ransomware called Petya.
Similar to WannaCry, it didn't require any user involvement, but infected through operating system vulnerabilities. It's demand for ransom in exchange for decryption key was a hoax, as encryption of Master Boot Records cannot be undone. Infected drives became unreadable and computers became un-bootable and any ransom paid was lost.Recommended prevention steps:
- Protect end-point Windows devices with antivirus/antimalware software from respected providers (we recommend Trend Micro). Make sure subscriptions haven't expired. Central purchasing and administration allows for consistent protection and alert handling.
- Apply operating system and device patches (especially MS17-010) and updates to both Servers and end-user computers. It's true that updates occasionally cause problems. But vulnerabilities in unpatched systems increase over time.
- Apply updates to web browsers, Adobe Reader and Flash, Java, and other software regularly.
- Back up servers and file shares regularly, and periodically validate whether backups were effective. The date, time, and status should be reviewed for success. Try to extract several folders and files from backup sets. Ideally, disaster recovery and business continuity solutions are in place that synchronize continuously and can spin-up a server identical to the moment it failed. LeeShanok offers BDR and BC solutions that are effective and affordable.
- Make sure end users store data files on Shared Drives so they are included in backups.
- Protect end-user computers with active firewall software.
- Periodically review your network firewall. Businesses need a modern commercial grade device. Those with business centers or wifi for guests need filtering of malicious and illegal content, and traffic shaping. We recommend Cisco Meraki and Cisco ASA with FirePower. Make sure firmware updates are current.
- Host a security policy meeting for employees and satellite offices. Partner with LeeShanok's team as you prepare. To help you, we offer a 45 minute presentation called "IT Security for the Common Worker", also available via webinar.
- Many of these checklist items are managed by LeeShanok as part of our Managed IT and Hosted service plans.
Feel free to contact us to discuss your situation.
The popular Foscam C1 webcam has multiple vuln erabilities that, if exploited, allow retrieval of information stored in the camera and the running of arbitrary commands in it's operating system.
A compromise of these wireless cameras is particularly disturbing when you consider they are frequently used as baby monitors and home security. Apps for computer and phone provide ready access to the camera, which captures both 720 HD video and 2-way audio. Data is stored on micro-SD cards, NVR, NAS, local hard drive, or in Foscam’s Cloud, and can also be sent with FTP.
Cisco's Talos Intelligence Group worked with Foscam to understand and resolve 20 separate issues, and Foscam has released an update to it’s firmware, version V-2.x.2.46, that patches these vulnerabilities in several of their cameras, and can be downloaded from: https://www.foscam.com/downloads/firmware_details.html?id=1
The vulnerabilities and exploits include:
- Dynamic DNS allows running admin commands in camera with authority, and when a response string is longer than the response buffer, the extra characters can be executed by the camera as code.
- Un-signed “custom” Firmware Updates can be installed through the web interface, which lacks security and validation of the firmware image’s authenticity and integrity.
- Private camera information (MAC address, camera name, firmware version) can be obtained using unsecured UDP for device to device communication.
- If a username is entered that is longer than the receiving buffer in the camera, the extra characters can be executed as code by the camera’s operating system.
- User accounts in camera can be reset to factory defaults by an un-authenticated user in the web management interface.
- Even when logging off the web management interface, if the interface submits too long a string to the “logOut” command in the camera, even the limited but authenticated “visitor” account can cause the camera to run the extra characters as program code.
- These cameras are designed to communicate with a network gateway for remote access to the device through the web management interface using UPnP Discovery and Response. If the web interface sends a UPnP response that has more characters than the receiving buffer is expecting, the extra characters can be run as program code.
It is clear that the coding practices of programmers can introduce multiple vulnerabilities just waiting to be discovered. The companies releasing e-devices often release firmware updates when vulnerabilities are discovered or exploits are reported. When you purchase a new device, be sure to register it, save a bookmark to the Support page for your device, and sign up for email alerts when updates are released.
If you wish to read more about the Foscam Camera Vulnerabilities click here.
Layers of Security
IT Security today is like an onion with concentric layers of protection, where each layer must be compromised to get to the center. The military calls this "deep defense", as multiple defensive layers work together to deflect or slow down an attack.
Next generation firewalls remain your first line of defense with monitoring, content filtering, intrusion prevention, and 2 factor VPN access. Active Directory and Group Policy enforce consistent rights management that enables employees to work with the data they need, but protects the data they don't need. Modern cloud and client/server apps encrypt data in transit. Antivirus software and operating system patches protect both servers and end-user devices. Organizational policies, procedures and backups protect against and respond to threats.
Design and periodically review IT security strategy with certified specialists.
Cisco Meraki or ASA 5506X Next Gen Firewall, with annual subscription for content filtering and intrusion prevention.
Dashboard managed end-point protection software on company-owned PCs, tablets and smart phones.
LeeShanok's Managed IT or Hosted plans, where we design role-based access to your network and data, and enforce it through Active Directory and Group Policy.
SSL VPN two-factor authenticated remote access to network.
Modern supported operating systems patched with the latest security updates.
VoIP and Video over IP communications need to be encrypted and secured too.
Local and cloud backup of servers and data repositories that can spin up quickly following disaster.
Physically locking server rooms, and automatic screen locking of PCs and phones.
Layered IT Security is not a "set and forget" exercise. Contact us for a complimentary review of your situation and professionally designed security that will protect your most valuable assets: your ability to research, compute, communicate and contribute to your company's supply and value chains.
- Shorts and Damage from WATER.
- POWER Surges and Outages.
- Failure from Excessive HEAT.
WATER - In your utility room, look for gaps between floor, walls, and ceiling, and around conduit entry paths and terminations. Water will follow cables into rack-mounted and free-standing devices, then seek low points on the floor to pool. Being a good conductor with little resistance, water lets big current flow where it shouldn't, zapping anything in it's path.
Use Silicone based sealer to fill gaps in walls and around conduit and cable terminations. Patch roof coatings and gaps around flashing now to stop water on it's way to Arizona.
POWER - Spikes, shorts, lows and outages cause unplanned shutdowns and can damage electronics and data. Uninterruptible power supplies (UPS's) condition lines against low voltage brownouts and power outages, which can spike when power returns. If power remains off, the UPS can initiate normal shutdown and avoid data loss. Check UPS batteries using monitoring software or dashboard. Make sure power capacity supports what's plugged in: Servers can require 1500 VA, Desktop PC's 600 VA, Switches/Routers/Firewalls 350 VA.
If you haven't checked your backups in a while, now is a good time. Review logs for frequency and successful completion, then restore a few test files and folders. If you're not sure, create a new full backup before the first storm hits. We're here if you need help.
HEAT - Monsoon storms are accompanied by excessive heat. As dust accumulates inside enclosures and airflow around components slows down, it's like wearing a heavy jacket on a summer day with little wind. It won't take long to exceed your comfort zone. Most electronic components have built-in temperature limits that cause rapid shutdown to avoid damage. The best prevention is adequate airflow around the devices in a relatively dust-free environment, with all internal fans working well. Don't forget annual device cleanouts. Monsoon storms can be dramatic, but these tips can help protect both network and data.
Two years ago on September 15, 2015, Experian discovered a massive data breach that exposed sensitive personal data of 15 million people who had applied for service with T-Mobile. Fast forward to 2017, and the personal information of 143 million Americans was exposed from May through July. As we have little say in the collection of our personal information by the credit agencies, there are several things all American's should do now.
Visit and bookmark the following websites:
Freeze Your Credit
A credit freeze makes it harder for someone to open a new account in your name, but won't prevent a thief from making charges to your existing accounts.
Place a Fraud Alert on your files:
A fraud alert warns creditors that you may be an identity theft victim and that they should take steps to protect you
If you have any questions, please don't hesitate to contact us.
Cisco Connect Phoenix
Tuesday, September 19, 2017
8:00 a.m. – 4:00 p.m.
2400 E Missouri Ave
Phoenix, AZ 85016
Tuesday, September 19, 2017
8:00 a.m. – 4:00 p.m.
2400 E Missouri Ave
Phoenix, AZ 85016
Join us for a free Cisco tech event! Don’t miss out on your opportunity for free, in-depth technical sessions designed to help you drive improved business outcomes through digital transformation.
- Customize your day with multiple technical session tracks
- Network and learn in-person with local experts who are leading the industry in digital transformation
- No other event offers the same best-in-class education, training and networking focused on the challenges and issues that matter most to you!
Enterprise Networks Track
- Evolution of the Enterprise Network: The Cisco Digital Network Architecture
- The Catalyst 9000 Switch Family - An Architectural View
- SD-WAN and Branch of the Future
- Meraki Full Stack: Simplicity Driving Simple IT
- NGFW Protecting the Edge Including Firepower 2100
- Ransomware Defense with Cisco Advanced Threat Solutions
- Umbrella (OpenDNS) / CloudLock
- Talos Insights
Data Center Track
- DevOps for Infrastructure Teams - Containerize IT
- Digital Transformation Starts with Cisco ASAP Data Center
- Deep Dive on Cisco Security in ACI
- Next Generation UCS: Cloud Powered Intelligence
- Cisco Collaboration Updates: CSR 12, Video Endpoints and Jabber
- Spark Board - Hybrid Services - Integrating Cloud with On Premise Systems
- Powerful Collaboration the Easy Way with Spark: Real world Application
- Connected Digital Experience for Customer Care
When you leave home, you lock the door or close the garage. When you walk away from your computer, do you lock the display? Probably not.
In Windows 10, your display automatically locks after 10 minutes, which gives plenty of time for open windows to be inspected. One touch of the mouse or keyboard and the screen lock timer resets, providing another 10 minutes. It doesn’t take long for someone to run a search and email the findings off-site or upload them to a cloud account. They may connect a browser to a risky website or delete important folders.
Even a quick trip to the coffee station can be interrupted by a crisis that delays your return. When unattended, all computers should be:
- Display off and computer locked
Don’t have time to lock your computer? Try this:
Some industries have serious compliance regulations and penalties. This policy protects you and your employer, customers and suppliers.