I am refering to the recently wide-spread “Flashback Trojan” that has infected an estimated 600,000 Apple brand PC’s and laptops in recent weeks.  Yes, Apple has been forthcoming in its information releases and has issued 3 Java updates in the past 9 days in order to combat and remove this threat.  Flashback as of today has been reduced to an estimated 140,000 active infections through these measures, but some variants of the Trojan are not so easily removed.

Flashback works through Java scripting; some variants have the ability to create a counterfeit signed Apple certificate, prompting the user to install it.  But once installed, Flashback works to capture personal data including passwords to banking and e-commerce sites, and transmit its findings to the cloud.

Like most security issues, the most basic flaw is a false sense of security.

Bad things, man.

Apple has released several fixes to help users remove and block Flashback.  Some include Java Plugin updates that turn off Java as a Plugin in the Apple browser Safari, restricting the ability to run any Java scripts automatically.  A setting that can be manually changed by the user later.  Other Java patches are designed to identify and remove the malicious code Flashback is created by, and close the security holes that allow the code to be executed.

But if there is one thing we have learned from the Microsoft experience with viruses it is, those that write the malicious code are a persistent bunch.  Why?  Because writing a small amount of code is not too time consuming and if it gets them the right information, it can be incredibly, although very illegally, profitable.  The bad-guys are also usually a few steps ahead of the good-guys as well.  As Apple releases these fixes, you can bet new malicious code is being created and tested to subvert these fixes and possibly even disable or modify them.  So is this the end of the road for Flashback and other Mac designated viruses?  Personally I believe it is only the beginning.

What made Flashback a quick success?  One contributing factor is undoubtedly so much of the Apple user population maintaining a, “It can’t happen to me,” attitude about viruses and security.  After all, we’ve been hearing it for years: viruses are a Microsoft thing, and Macs CAN’T get viruses.  Not that there just aren’t viruses written for Macs.  Those that stand far to the Apple side of the Mac vs. PC debate have literally been lulled into the misconception that Mac O/S has some magical, you can’t execute malicious code on me, properties that no other software designers have found the fairy dust to.

Now we see just what a falacy that is, and I’m sure 600,000 Apple users can relate their frustrations.

As I pointed out before in my article (link)about virus proliferation through out the technology community almost a year ago, a lot of the lack of viruses in the Apple side of the community is just a numbers game.  But now as those numbers are increasing toward more and more home and business users using Apple products for business utilities beyond video and graphics, there will no doubt be an increasing interest by would-be cyber criminals to target unsuspecting and unprepared Mac users.  It is estimated that in the United States as of 2011, Apple now owns approximately 11% of the desktop and laptop market-share, and globally they have eclipsed 5% world wide for the first time.  But that still means that almost 95% of the world runs Windows as their primary desktop platform.

Are the cyber theives going to go after 5% or 95%?  You know the answer.  But as that Apple number grows it will become more and more attractive of a target, even being the minority.  Especially considering most Apple users will still operate under the false assumption that they don’t need real security as long as they’re sitting behind the glowing white logo on the lid.

A better policy would be to be proactive, install a reliable security software on your Apple Mac device and make sure your own network is secured from external attacks.  Be prepared before the bad-guys get one step ahead of the Apple developers again.

I can assure you, they will.

Fool Me Once… is a post from: @ Blog

Proponents of Cloud Computing Solutions often discuss the silver linings and ignore the potential for a storm...

His situation became desperate when his Google account had been hacked, hijacked and all of his data was lost.

Lost-lost.

He couldn’t even access his account until reaching out to Google to have his account credentials reset, but once was able to access his account again he found empty folders, an empty in-box and I’m sure a very empty feeling in the pit of his stomach.  After weeks, literally weeks of going around Google’s security procedures and contacting Google directly, providing them information to prove he was the account owner, he was able to retrieve all of his files and get everything back to where he needed it to be.  But how do you measure the cost in lost time and opportunity while dealing with this issue?  The bottom line answer for most small businesses is, you can’t.

This is the equivalent of a business production server having a disk failure and not being able to perform any disaster recovery because the server doesn’t trust the new disk drive is the one it should give the data to.  If a disaster recovery solution took weeks to implement an get a business back up and running, would you not fire the IT manager that implemented such a solution?

I know I would.

This is one of the problems with going to an exclusively Cloud Environment in business.  Sure it is convenient and cost effective for many businesses, but does it offer the level of flexibility and security that you want if something does go wrong?  And what happens if you’re cut off from your data?  Maybe not even a security breech or other account failure – what happens if you or your Cloud Provider is cut off from the Cloud for some reason?  What then?  What is the back-up plan?

For every benefit of Cloud computing, there is at least one significant drawback as well.  Most have to do with connectivity, access and security.  While normally a provider like Google is very reliable providing backups and redundant systems, if you don’t keep all of your security informational ducks in a row, you could find yourself in a situation like my colleague did.

The first thing – no matter what you are doing with social media, if it is a part of your business or not, any business type cloud services through providers like Google, Yahoo or MSN, should be kept separate and never touch your social media.  So many people unwittingly compromise their own security installing rogue Facebook apps designed to steal account passwords, or by clicking short-links in Twitter, while using their primary G-Mail, Yahoo or Hotmail account as their login name or primary email for the social media accounts.  All too often, not only do people use the same email addresses, but they use the same logon passwords for their email and their social media.  That is our number two no-no.  All email, Cloud Services and Social Media passwords

should be significantly unique and individualized.  Any similarities, although they help you remember, they make the passwords easier to crack if one is obtained.  Created different passwords and keep a paper log and an encrypted or password secured file of what your passwords.

We love XKCD. The truth about passwords - click the image to view their site.

A good rule of thumb is to have at least 2 email accounts: one for your primary business services and one for creating and identifying social media and other online service accounts.

Many web hosting service providers allow you unlimited email and message filtering from the server.  We are a huge proponent of using your business’s custom domain as your primary business email.  Services like G-Mail will usually allow you to link the two, and for marketing purposes you always want your domain front and center with your clients.  But in addition to that, having control over your own mail server gives you the option of creating email accounts for use exclusively online, thereby sheltering your primary accounts from the additional dangers and exposure.

Point number three is don’t depend on JUST Cloud services for your essential business data.  Most providers allow you to create client email connections such as Outlook to retrieve email.  These client connections can be set to both leave messages on the mail server of your provider as well as saving a copy locally on your PC.  Having your own record of these emails can save you if your connection to email is disrupted or if an error causes your server copy email to be deleted.  Important files should also have a local home in your office.  Products such as the Buffalo Networking Linkstation can be employed as a secure network storage device to keep a password protected copy of important business files locally, again in the event of a connection disruption or a loss of data with your provider.

And always – ALWAYS – use common sense and discretion when using social media.  If you’re on Facebook for business, ask yourself, “Do I really need to give this game/media application access to my single sign-on credentials?”  Think about the links and responses you click carefully.  Even today I received a Facebook message from an

account called Fącebooƙ Șecuriƫy telling me my account was out of compliance and I needed to follow a link and answer questions about my account.  Aside from the obvious character substitution which someone else may or may not notice, I asked myself, “Would Facebook really be sending me a message on Facebook about security, or would they email me?”  I’m 99.99% sure they would email it, since that is the way I get all Facebook notifications.  Message deleted, link not followed.  However I can see a lot of less experience users following that link for fear their account will be deleted.

These are some of the things that users need to be aware of though when using Cloud Computing Services and Social Media together.

For more information please email us at questions@aspiretechnet.com.

The Potential (Horrors) of Cloud Computing is a post from: @ Blog

Here is what else we see as a result:

• Unrefined business processes that cost time rather than save it, because time wasn’t spent on learning an application properly.
• Poor technology platform choices because the only person consulted was a 16 year old nephew that knows what technology is cool, but not necessarily what technology works for business or how to implement it.
• Poor technology performance, due to cutting corners on vital, required items such as PC hardware specs and maintenance, Operating system maintenance, security and anti-virus or internet access services, and centralizing critical data on a server or network storage device.
• Time and money lost due to inadequate printing devices and no management.
• Improper file storage and no backup or recovery solution.

One of the main things that wastes time and money is either ignoring problems until they snowball into issues, or setting untrained, inexperienced employees to the task of managing the business’s IT and with no budget to do so. Not only do they not have the training required to adequately manage and make good IT decisions, but the task of problem solving takes them away from their primary roles – the role they were hired for – which can have a negative impact on productivity throughout the organization and less visibly end up costing the company a whole lot more than a qualified IT consultant or contractor would.

Storing critical data on your Best Buy bargain laptop? Yeah... that's why they're not called Best Plan.

Lest we ignore the biggest disaster waiting to happen; leaving back-ups in the hands of the employees themselves. If your job was painting houses, would you use ladders or stand on the shoulders of your employees? And when there is a failure, what is the plan to recover from it? A single hard drive failure could potentially put a business out of business.

What is the simple solution? Treat your IT as it deserves to be treated and put it in the hands of professionals. The technology industry moves fast – let a company that keeps up with those changes advise you in what changes would work best to improve your business.

Not everything is a do-it-yourself project. Some of life’s necessities need to be handled by a professional, or the results could end in disaster.

Is your business headed for an IT disaster?

What IT Means Today is a post from: @ Blog