Norton LifeLock Inc Acquires BullGuard

We have recently heard that our ever reliable BullGuard family of Anti Virus products have joined the Norton LifeLock Inc group.

I know we are a bit late to the party but lets pray this will not reduce the excellent customer service we have received from BullGuard  over the last 16 years!

Norton’s communication and customer service isn’t the best – most common questions to their website asking for assistance are sent on a never ending loop eventually getting you back to page you started at with no answer to the question.

Lets hope they take on some of the BullGuard ideas and values on how best to communicate with customers.

PayPal accounts integrated with Google Pay are hacked

Earlier this year users of PayPal accounts that have been linked to Google Pay have reported unauthorised transactions on their PayPal accounts.

According to a number of victims, the illegal transactions have taken place at shops in the US with purchases particularly prolific at Target stores in New York.

Most of the victims appear to be from Germany and the costs of the transactions run as high as €1,000 in some cases.

PayPal has created a virtual payment card with a number, expiration date, and CVC number. When a Google Pay user makes a payment using PayPal funds, the transaction is done via the virtual card.

Researchers believe hackers could have found a way to discover the details of the virtual cards, though this is by no means certain.

PayPal said it has now resolved the issue without giving further details.

PayPal flaw

Two security researchers said last year they discovered a flaw in PayPal that allowed hackers to read the card details of a virtual credit card from a mobile phone if the mobile device is enabled.

This could likely happen via a near field communications (NFC) reader app. NFC is used when you tap your card on a payment device. For security purposes, the signal range is meant to be no more than about 20 centimetres. However, if a mobile device is being used to make a payment it has been proven that attackers can read the signal from up to 10 meters away with special equipment.

Given that only users from Germany, some of whom have never even visited the US, are affected suggest that their virtual card details are being picked up at contactless payment facilities in Germany and then brute-forced to reveal the full payment numbers.

For instance, in Germany the first eight digits of the virtual card are always the same, leaving 7 digits left to guess. The researchers who first discovered the flaw said attackers would only need 170 guesses to establish a valid credit card number and card expiry date.

With automated software, this could be discovered in seconds and online accounts could be filled up with funds from hacked PayPal accounts within minutes.

What to do?

  • Google has reportedly said that fraudulent payments need to be cancelled through PayPal.
  • PayPal advises reporting fraudulent transactions immediately so they can be cancelled.
  • PayPal users can also avoid using contactless features and remove Google Pay from their PayPal accounts.

Be vigilant everyone.

The MPMIT Team, offering local IT support in byte sized chunks to Micro businesses and Sole Traders in the Ipswich, Bury St Edmunds, Stowmarket and the surrounding areas.

Online Security Update – Mumsnet Glitch

Mumsnet, the UK’s popular website for parents to share advice and information, has suffered a data breach.

It happened between 2pm on Tuesday 5thand 9am on Thursday 2th February, with 4000 users logged in.  Apparently, it was caused by a glitch in a software update.

This is what Mumsnet had to say:

What information could have been affected?

If someone other than you logs into your account, they can see your:
email address
account details
posting history
personal messages

They would NOT have been able to see your password because that data is encrypted and they would not have been able to change your password because you need to input a password to do that.

How many people are affected?

At the moment, we don’t know for sure but we are investigating the logs and hope to know definitively very soon. We do know that approximately 4000 user accounts were logged into in the period in question but we don’t as yet know which of those were actually breached (i.e. also affected by a mismatched login), although we know for sure it wasn’t every account.Users have made us aware of 14 incidents and we have contacted the individuals that we know were affected. We are working hard to establish if there were more.

What have you done about it so far?

We’ve reversed the software change that was made on Tuesday pm, and this morning we forced a log out, requiring users to log in again before they can post. This ensures that anyone who had inadvertently logged in as someone else will no longer be logged in to the wrong account.

Where can I get updates?

We’re posting about the situation on this thread, and will update as and when we have further relevant info.

What happens next?

When we have any further substantial information affecting the security of Mumsnet user accounts we will send another email and post on the site.

We’re very sorry.

You’ve every right to expect your Mumsnet account to be secure and private. We are working urgently to discover exactly how this breach happened and to learn and improve our processes. We will also keep you informed about what is happening. Some of you will be very worried by the possibility that your account has been breached – please mail us on if you’d like to discuss your individual account details. This incident will be reported to the Information Commissioner.

[Source: Mumsnet ]

Passwords were safe as they are encrypted.  The update has been reversed with no more problems.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich, Bury St Edmunds, and surrounding villages.  

Beware Fake Apps

Fake apps


Yes, there really are fake apps out there masquerading as the real deal.

They can be used to implant trojans onto your device that can, for instance, be used to steal banking credentials, spyware and adware.

Last year, two new types of mobile malware were found that planted adware and spyware:

  • LevelDropper – discovered in the Google Play Store it first rooted devices and then went on to install applications on the victim’s device such as adware and malicious spyware.
  • Shedun – masqueraded as legitimate apps such as Facebook, Twitter and WhatsApp and then planted adware

How to spot the fakes

A recent article on offers some handy tips on how you can spot fake apps:

  • Many fake apps are clones of popular established apps. If in doubt as to the legitimacy of an app you are about to download back pedal a little bit and do a bit of research.

  • Read reviews about the app. If they are short and a bit bland it could well be a scam. Also look out for reviews from users who have been duped; they’ll let you know in no uncertain terms if it’s a scam.

  • However, also keep in mind that an app with few reviews or few downloads might be from a developer who is just starting out.

  • To establish a developer’s legitimacy see if they have a website. If they are genuine they will likely have website  that showcases their apps.

  • You can also check the app details. If it’s genuine it will likely be well designed with lots of clear instructions. If it’s a scam its likely to be poorly designed so much so it could be actually quite jarring.

Here at MPMIT, we recommend you use BullGuard to protect your devices.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

 Source: Bullguard

Even Old Windows Server Machines Can Fend of Hacks

Windows Server 2003


Microsoft wants you to upgrade your business onto the latest Windows OSes that offer security patches because, if you’re running a Windows Server 2003 machine, you’re doomed.

Sound advice, but many large institutions (such as those in healthcare and manufacturing) can’t upgrade because they rely on legacy software that won’t run on modern operating systems.

It costs an enormous amount to upgrade, especially when the machines are fine and it’s just the Server that’s the issue.

However, all is not lost because there are some things you can do to keep your old Windows Server 2003 secure.

Network segmentation and monitoring

Network segmentation goes beyond placing vulnerable servers behind a firewall.

By restricting access to your most critical servers, and making sure only system admins can control them, you’re reducing the network hackers can access should they breach your firewall.

It’s not a costly exercise, and Enterprise internet routers often have access control features that can limit which computers can talk to what. It’s also wise to monitor vulnerable servers (especially if carrying critical information) for any unusual traffic.

Application whitelisting

Whitelisting works by allowing only trusted applications to run on your computer.

It’s the opposite approach to antivirus products that blacklist malicious programs based on known indicators.

Backup sensitive data

Hopefully, you’re already doing this, but backing up important data stored in your machines will help. Particularly with the growing popularity of ransomware that infects your computer and encrypts all the data within it, which will only be freed once a ransom is paid.

The best option

Although these ideas will help, the best solution is still to upgrade.

Yes, it will be costly in the short-term, but that investment will help the long-term security of your data and reputation of your business.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: pcworld

Stay Secure With Two-Factor Authentication

keep data safe


Two-factor authentication is a way of adding a second layer of protection to the standard password method of identification.

It’s free and easy to use but isn’t infallible. Critics are quick to point out that because you normally have to use your phone number, it’s just one more bit of information you’re handing over to a third party. However, it is a good step towards protecting your online accounts.

How to use two-factor authentication

To help you boost your online security, here are details of how to use two-factor authentication on your favourite sites.


  • Log in to your account on the website. Click on your profile icon then Profile and then settings
  • On the left side of the page, click My Settings and scroll to the bottom of the page
  • Find Security Key and click on Get Started to the right. You’ll have to enter your password again before continuing
  • Your Security Key page will have a message that says there are no keys currently activated
  • Click on the Get Security Key link at the bottom of the page and follow the prompts
  • You’ll then need to enter a phone number. A confirmation code is then sent to the phone number you specify via text
  • The security key page will then list your phone number, and every time you access your account you will need to enter your password and then phone number


  • Sign in to your Facebook account. Click the drop-down arrow in the top-right corner and choose Settings
  • Select Security in the left pane, then click Edit to the right of Login Approvals
  • Next, check ‘Require a security code to access my account from unknown browsers’
  • A window opens explaining how log-in approvals work
  • Follow the prompts, which include adding a phone number to your account and entering a confirmation code that will be sent to your number
  • You can also take advantage of the code generator feature within Facebook’s mobile applications
  • The code generator is found within the app by sliding out the More menu and scrolling down to the Settings section
  • There you will find a Code Generator option, which will display a six-digit code when launched


  • Yahoo’s two-step verification can be setup by visiting your account settings page
  • Click on Account Security on the left side of the page
  • At the bottom of the list will be a switch to enable two-step verification. Sliding it to the On position will bring up a prompt asking you for your phone number
  • Enter your number, then click either Send SMS or Call Me to receive a confirmation code
  • Enter the code when you receive it, and you’re done


  • Log in to your Dropbox account from a Web browser, then open the menu in the top-right corner and head to Settings and then Security
  • Click Enable next to the Status for Two-step verification. After entering your password, you’ll be prompted to pick a method of receiving authentication codes in the future
  • You’ll need to choose between receiving codes via SMS or using an authenticator app. SMS only requires a phone number, and you’re set

If you plan to use an authenticator app, follow these steps:

  • Scan the barcode with your authenticator app of choice
  • Enter the six-digit code from SMS or the authenticator app into box on the website
  • Dropbox will show you a 16-digit code to be used in case you lose your device. Keep this emergency backup code in a safe place
  • Click Enable and you’re all set


  • Open the top-right menu and click on Manage next to Privacy & Settings
  • On the tabs along the bottom-left-hand side, click Account > Manage security settings (bottom of the left column)
  • Under Two-step verification for sign-in, click Turn On. Enter a reliable cell phone number and then click Send Code
  • Enter the code you receive via SMS to log back into the LinkedIn website


  • Setting up Twitter’s two-factor authentication requires you to use a computer and visit your security settings page
  • Tick the box next to ‘Send login verification requests to (my number)
  • If you don’t already have a phone number attached to your account, follow the prompts to add one
  • With the box is ticked you’ll receive a series of prompts letting you know that the service is about to be enabled and that you need to connect your mobile phone number to your Twitter account

No security system is completely infallible, but by using the two-factor authenticator system, you’re at least taking the right steps to keep your data safe from prying eyes.


MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

The Internet of Things is Insecure

Internet of Things

Internets of Things (IoT) devices are becoming increasingly commonplace and yet many are widely acknowledged to be insecure.

If that’s the case, why isn’t anything being done about it?

Before you start throwing our your IoT devices it’s worth remembering that they aren’t all insecure. However, many security issues arise during the manufacturing process because the companies that make your IoT devices aren’t security vendors and so end up making fundamental mistakes, such as:

  • Passwords are hard coded into device firmware meaning they can’t be changed
  • Web consoles used to control IoT devices don’t encrypt data
  • Back doors are left open by the manufacturer’s developers when they are creating the software for IoT devices
  • Pre-set default passwords are often very easy to detect and crack such as ‘admin’
  • It’s not easy to apply updates to IoT devices to patch against vulnerabilities
  • Security that does exist is often too complex for average users to manage

If that’s the case why aren’t manufacturers doing anything about it?

Well, there are steps they can take to increase security. These include:

  • Enabling automatic device updates
  • Designing devices with security in mind
  • Providing lifetime support
  • Incorporating best security practice
  • Giving users the option to disable specific functionality such as peer-to-peer communications
  • Incorporating IOT devices into regular security assessments

The reason why they aren’t taking these ostensibly simple steps is that it would mean having to adopt new business models, which would incur additional costs. Most operate on low margins and need to sell lots of devices to be profitable and to adopt the points outlined above would require a lot of investment.

Perhaps the answer is for the government to impose regulations as in other industries. The problem is if a government were to do that it could:

  • Drive manufacturers to operate in rival territories
  • Create conflict with other nations
  • Cause economic conflicts

Above all, it’s seen as an industry issue rather than a government one.

All of this paints a pretty bleak picture, so what can be done?

Change will come down to one thing: large technology companies and organisations coming together to create a working body and set down security standards for IoT devices.

The result will be the adoption of standards, with those companies refusing to comply losing market share. Of course, all of this will take time.

Is there anything you can do now?

If you don’t want to wait for the manufacturers to take action, there is something you can do.

Despite the widespread vulnerabilities of IoT devices, BullGuard is offering consumers the option of protecting their smart devices and home networks with innovative protection.

The Dojo is a smart network device that plugs into a Wi-Fi router and it generates a view of all connected devices on a home network via a device called the Dojo pebble:

  • All internet traffic on the home network is routed via Dojo, allowing it to secure the home network against cyber-attacks and protect the user from privacy breaches.

  • Dojo discovers devices connected to the network, secures them and constantly analyses their network activity.

  • A cloud platform is constantly updated with this behavioural information and with cyber security- related knowledge.

  • When malicious activity or privacy breach is detected, Dojo notifies its owner through a mobile app, and in most cases automatically emits mitigates the risk.

  • The Dojo pebble also provides simple colour -based safety indication using green, orange, and red lights.

IoT devices are here to stay and will continue to dominate our lives. With growing fears about security, BullGuard’s solution will offer you peace of mind.

 MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Soure: BullGuard

New Computer? Here’s Our Security Advice

Don't fall for viruses


Getting a new computer is exciting.

Come on, admit it. It doesn’t matter how many you’ve owned in the past; you always get a buzz when unpacking a new one.

You look forward to a long and happy life together. However, the only way you can make sure that happens is to protect it from all the cyber nasties that are out there just waiting for their chance to bring your online world crashing down.

Whether you’re an old hand at owning computers, or this is your first foray into the world of the internet, here are a few gentle reminders to help you stay safe:

  • Your computer is sturdy but not indestructible
  • It likes to be clean
  • It doesn’t like liquids or food of any kind
  • Nothing is forever; just because you save a document doesn’t mean it’s there for posterity
  • Start off not trusting anything that comes from the internet until it’s proven safe
  • Saving is NOT automatic. If in doubt, save it again
  • The internet is public, and anything you put on it should be treated as though it were broadcast to the world
  • If in doubt, HANDS OFF and call someone who understands computer stuff
  • If “Microsoft” call you, hang up (it’s not them)
  • Get paid antivirus
  • Set a strong admin password (not ‘password’) and use a normal user (non-admin) account for everyday use
  • If it sounds too good to be true, it is

 MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.


Yahoo Hack Once Again Highlights Online Security

Password management paradox


Last year, Yahoo disclosed that one billion accounts were compromised in an attack that took place in August 2013. That’s on top of the 500 million accounts that were breached in a separate incident in 2014.

The breached data included names, email addresses, phone numbers, birthdays, hashed passwords, and a mix of encrypted and unencrypted security questions and answers, although according to Yahoo it didn’t include unencrypted passwords, credit card numbers, or bank account information.

This incident once again highlights the issues with online security. Hacked email accounts cause all sorts of problems.

They can be used to send out junk messages; your contacts can be harvested and then be inundated with malware spam and phishing attacks and of course they can be used to impersonate you.

If you sign up with an online service, it will almost certainly require you to supply an email address. If a hacker gets this information, they can reset the password by requesting a password reset email and take control of your account.

So how can you stay safe even when trusted companies are falling prey to hackers?

It’s all in the password

Always use strong passwords of at least 8 to 10 characters, consisting of upper and lower case letters, numbers and symbols.

If this is difficult to remember you can base it on a phrase, you will remember, such as “I like eating bread with butter and sauce” becomes: ‘iLEt!ngB&bWs0’ or some other variation that you choose.
Hackers find these types of passwords extremely difficult to crack.

Get protected

One of the best ways to add an extra layer of security is to install internet security. Here at MPM, we recommend BullGuard Internet Security, which offers protection against phishing emails, spam, malicious links and all forms of malware.

If you receive an email with a malicious link embedded in the email body or as an attachment, it will get flagged.

To go one step further, BullGuard Premium Protection includes robust identity protection. It searches the web, including the dark web, for your personal information such as email addresses and bank details. If it finds this information, for instance on a deep web hacking forum, you receive immediate notification.

Together with a strong password, these tools will keep you and your family safe from all types of hacks, protecting your personal information at all times.


MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: Bullguard

Watch Out Cerber Ransomware is About

Cerber Ransomware


Cerber ransomware is the latest scam to watch out for.

This one is a spam campaign that uses fake credit card reports to trick unsuspecting users to infect themselves.

The email they send looks like this:

cerber ransomware email

Yes, there are some tells that show you it’s probably not genuine, but imagine if it landed in your inbox on a particularly busy day – are you still convinced you’d pick on the signs?

The attack is executed by the user opening the Word document attachment and enabling macros. One step you can take to keep yourself safe, if feasible, is to make Office macros disabled by default. 

If you can’t do that or worry that someone might enable them again, the best course of action you can take is to circulate the image above so everyone one in your organisation knows what to look out for.

According to Spiceworks, Cerber is currently doing the rounds so stay vigilant.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: Spiceworks