4-Digit Codes

4-Digit Codes

It is unfortunate that many organizations have instituted basic 4-digit codes to be used for a variety of security applications:

  • bank and credit card pins
  • luggage tags
  • garage door opener
  • home keyless locks
  • safes
  • briefcases
  • padlocks

Almost everyone uses some form of their birthdate, combination of their birthdate (month, year), or other family members.

Interesting I read recently that the top ten 4 digit codes are:

  1. 1234
  2. 0000
  3. 2500
  4. 1111
  5. 5555
  6. 5683
  7. 0852
  8. 2222
  9. 1998

It is estimated that the above 10 codes represent 15% of all user codes being used. Even worse is that once you know someone’s user code, they tend to use it everywhere, even for email accounts and computer passwords.

Certainly 4-digit codes have limited variations, but if you must use only 4-digits, please try and make the deterent a bit more difficult to overcome. Shake things up and use different codes in different places. And most of all, don’t be part of the 15%!

Are you guilty as well?

[divider_top]

Fraudulent and Annoying Solicitations

Fraudulent and Annoying Solicitations

Being the owner of a company, I receive many irritating calls per day from companies trying trying to either gain my business or scam me. Special rewards and promotions, cheaper overseas work, & discounts. Some are bold and indicate they are from a survey company or some well known company asking to update their records. They want you to confirm information (mailing address, email address, owner of company, phone, fax, number of employees).

I get so many of these that you tend to lose patience, cut them off, and ask them to remove you from their list. Hang up and don’t give them another chance. They are very smooth talking and have been coached with their scripts on how to counter anything you say. They have an excuse for everything. Some will even try to bully you and/or talk fast and not let you interject. Otherwise will say it is a limited time offer and you need to act immediately.

If it sounds too good to be true, that’s because it is. You aren’t that lucky, you haven’t won that dream vacation. There is always fine print and a scam in play. If something is legitimate, there are many ways to qualify it and you don’t need to be time pressured. You can ask questions and ask for written information. Ask for their number so you can call them back.

If you are suspicious of a business, you can report them to:

[divider_top]

Infected Laptop Running Windows, Hijacked hosts File

Infected Laptop Running Windows, Hijacked hosts File

Recently I helped a friend who had an infected laptop running Windows. One of the first things you want to do is disable any network connection (wireless or wired) such that your computer cannot communicate with your own local area network or the Internet. This helps prevent further spread of the virus and collateral damage.

In order to run scans on the system, it is best to download them to a USB stick or burn to a CD, and then install from that removable device on the infected system. CD’s are the ideal because they are read-only and cannot be infected while the USB key could potentially carry a virus back to your other systems.

After running through a variety of scanning tools for spyware, malware, and viruses we felt we had cleaned it up quite well. (Note that the only way to truly know is to reinstall everything – not fun). (Second note, not all antivirus are the same and they scan for different issues).

I thought I would just check one last spot which I have seen some crafty (malicious) things done in the past:

c:\windows\system32\drivers\etc\hosts

Sure enough, this file had been hijacked. Here were the contents:

 

  • 74.125.45.100 4-open-davinci.com
  • 74.125.45.100 securitysoftwarepayments.com
  • 74.125.45.100 privatesecuredpayments.com
  • 74.125.45.100 secure.privatesecuredpayments.com
  • 74.125.45.100 getantivirusplusnow.com
  • 74.125.45.100 secure-plus-payments.com
  • 74.125.45.100 www.getantivirusplusnow.com
  • 74.125.45.100 www.secure-plus-payments.com
  • 74.125.45.100 www.getavplusnow.com
  • 74.125.45.100 safebrowsing-cache.google.com
  • 74.125.45.100 urs.microsoft.com
  • 74.125.45.100 www.securesoftwarebill.com
  • 74.125.45.100 secure.paysecuresystem.com
  • 74.125.45.100 paysoftbillsolution.com
  • 74.125.45.100 protected.maxisoftwaremart.com

 

What this accomplished was not only preventing your system from communicating with legitimate anti-virus websites, it was potentially hijacking your web browser and redirecting it to a site that looked and felt like the legitimate one (spoofed / phishing).

The hosts file had been hidden as a system file. It had been set as read-only. And no matter what we did, we could not overwrite it, delete it, save new contents…

We discovered a handy free utility called Unlocker (http://majorgeeks.com/download.php?det=4660) which resolved the problem and deleted the file for us.

Maybe check the contents of your hosts file and see if anything interesting lurks there.

[divider_top]

Online Banking Security

Online Banking Security

Even though online banking may seem risky, it is absolutely safe to conduct all of your banking online every day. Millions of people do their banking online and feel safe doing so. Do you think that online banking is safe? Let’s explore some of the ways to keep online banking safe and your sensitive information secure.

Thieves can access your account by tricking you into thinking that you’re logging into your account when you’re not. This is called phishing. So how do they do it? They simply send you an email that instructs you to log into your online account to change your information or verify a purchase through a link in the email. Avoid clicking on this link in every instance. Always access your online banking through a bookmark created by you or by typing in the URL in your browser.

Ignore any and all requests that ask you to send your personal information via email. Usernames, passwords, PIN numbers, account information and credit card numbers can easily be read and intercepted by a third party since email is usually unencrypted. This information is also stored on servers, which can become compromised and read by thieves.

Ensure that all of the web pages that you visit are secure when you are online banking. You will know that a web page is encrypted when you see a small padlock symbol appear in the bottom right corner of the window or beside the address bar and URL at the top of the web page. If this symbol does not appear, assume that the web page is not secure. Avoid entering your username and password and log off immediately.

Be aware of where you log into your bank online. At work, your computer may have key loggers installed on it or your company may be using other methods to monitor your actions and access your login information while you’re online. Since wireless networks can be intercepted and read by a third party, ensure that the wireless network is secure using WPA. Avoid logging into your account from your friend’s computer or an unfamiliar computer. Usernames and passwords can be stored and used to access your personal information.

Use a strong password for logging into your bank online. Avoid using a password that thieves can guess easily, such as your pet’s name or a 1234 combination. Your banking password should contain a mixture of numbers, special characters, and capitalization. In other words, your password should be difficult for thieves to guess.

Ensure that you install virus software on your personal computer to keep it protected from potential thieves. A thief can infect your computer and install a key logger that keeps track of each keystroke that you enter on your computer. Your username, password and other confidential information could be captured.

Online banking is safe. All you need to do is take the right precautions to ensure that you keep your account information secure every time you log into your bank. If you are aware of the potential dangers, you will be able to do your online banking safely and securely.

[divider_top]

Preventing Laptop Theft

Preventing Laptop Theft

Laptop theft is a serious threat to every person who owns one. What do you use to protect your laptop from potential thieves? It’s important to protect your laptop as you can lose hardware, software, and data that you may not have backed up. Thieves can have access to sensitive and personal information that will provide them with ways to steal your identity.

Laptops are becoming more widely used by companies and individuals because they allow you to be more productive while you’re on the go. Laptop theft is now on the rise and organizations as well as individuals are being affected by this crime. This also leads to potential data breaches that can affect employees, customers and reputations. Laptop theft is also the second highest cause of financial loss.

There are ways to protect your laptop and the sensitive information on it. Methods of protecting laptops and intellectual information have been developed to prevent theft. Alarms, cables, and laptop locks prevent potential thieves from simply walking away with your laptop in tow. Visual deterrents, such as STOP security plates are very difficult to remove, and they can also destroy the resale value. These methods are great ways to prevent laptops from being stolen.

You can lose your hardware, software, and sensitive data that you have not saved or backed up elsewhere. In addition, thieves may also have access to sensitive data and personal information if it isn’t encrypted. Some systems authorize access based on credentials stored on the laptop, including MAC addresses, Internet browser cookies, cryptographic keys, and stored passwords. In the absence of security measures, thieves can access information such as bookkeeping files, Word documents containing passwords and employee and customer information.

Use unique passwords and more advanced technological security precautions, such as Remote Laptop Security (RLS) that is designed to secure data and important information even if the laptop is not in the trusted hands of its owner. With RLS, the owner of a laptop can reject access rights to the stolen laptop from any computer.

Remember to secure your laptop and protect it from potential thieves. If you have important company information or files stored on your laptop, ensure that it is password protected and encrypted. More importantly, ensure that you back up all of your information on your laptop and keep it safe.

[divider_top]

How to Keep Your Business Safe Online

How to Keep Your Business Safe Online

The Internet is a great tool and resource for your business but viruses, identity theft and online fraud can place your business at risk. The best way to protect your business is through prevention. Multi-layered defenses, staff training, policies and business-class computers are what you need to be safe online.

Take a look at your IT security, including your hardware, software, staff, and policies. Think ahead and make a plan to prevent fraud, viruses, data loss, and identity theft. If you think that you can make some improvements, start making all of the necessary changes to ensure the utmost safety for your business. Consider what you most need to protect and what you need to ensure that your business operates.

Theft is more likely to occur than hacking. It’s a good idea to use cable locks to ensure that your PCs and laptops are secure when they aren’t in use. Make sure that office windows and doors have sturdy locks and install an alarm system if you don’t already have one. Consider storing a backup of data away from the office just in case. It may also be useful to write a list of serial numbers to recover any stolen hardware.

Protect your computers by installing security software, including firewall, anti-virus, anti-spyware, and anti-spam protection. Also ensure that all of your software is kept up-to-date. You should also protect your company’s information by encrypting any wireless networks by using strong passwords and erasing data on old computers before you send them to be recycled.

Ensure that your staff receives clear guidelines about what is acceptable to do online. You may want to restrict access to social networking sites and ban software piracy or other inappropriate content. Also, make sure that you train your staff so that they understand office policies and know who to contact if they have any questions or concerns.

It’s always worth it to get good advice as well. Call your local IT Specialist who understands small businesses and communicates in simple, jargon-free language. Your business and staff will thank you.

[divider_top]