Online Security Update – Mumsnet Glitch

Mumsnet, the UK’s popular website for parents to share advice and information, has suffered a data breach.

It happened between 2pm on Tuesday 5thand 9am on Thursday 2th February, with 4000 users logged in.  Apparently, it was caused by a glitch in a software update.

This is what Mumsnet had to say:

What information could have been affected?

If someone other than you logs into your account, they can see your:
email address
account details
posting history
personal messages

They would NOT have been able to see your password because that data is encrypted and they would not have been able to change your password because you need to input a password to do that.

How many people are affected?

At the moment, we don’t know for sure but we are investigating the logs and hope to know definitively very soon. We do know that approximately 4000 user accounts were logged into in the period in question but we don’t as yet know which of those were actually breached (i.e. also affected by a mismatched login), although we know for sure it wasn’t every account.Users have made us aware of 14 incidents and we have contacted the individuals that we know were affected. We are working hard to establish if there were more.

What have you done about it so far?

We’ve reversed the software change that was made on Tuesday pm, and this morning we forced a log out, requiring users to log in again before they can post. This ensures that anyone who had inadvertently logged in as someone else will no longer be logged in to the wrong account.

Where can I get updates?

We’re posting about the situation on this thread, and will update as and when we have further relevant info.

What happens next?

When we have any further substantial information affecting the security of Mumsnet user accounts we will send another email and post on the site.

We’re very sorry.

You’ve every right to expect your Mumsnet account to be secure and private. We are working urgently to discover exactly how this breach happened and to learn and improve our processes. We will also keep you informed about what is happening. Some of you will be very worried by the possibility that your account has been breached – please mail us on contactus@mumsnet.com if you’d like to discuss your individual account details. This incident will be reported to the Information Commissioner.

[Source: Mumsnet ]

Passwords were safe as they are encrypted.  The update has been reversed with no more problems.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich, Bury St Edmunds, and surrounding villages.  

Beware Fake Apps

Fake apps

 

Yes, there really are fake apps out there masquerading as the real deal.

They can be used to implant trojans onto your device that can, for instance, be used to steal banking credentials, spyware and adware.

Last year, two new types of mobile malware were found that planted adware and spyware:

  • LevelDropper – discovered in the Google Play Store it first rooted devices and then went on to install applications on the victim’s device such as adware and malicious spyware.
  • Shedun – masqueraded as legitimate apps such as Facebook, Twitter and WhatsApp and then planted adware

How to spot the fakes

A recent article on Bullguard.com offers some handy tips on how you can spot fake apps:

  • Many fake apps are clones of popular established apps. If in doubt as to the legitimacy of an app you are about to download back pedal a little bit and do a bit of research.

  • Read reviews about the app. If they are short and a bit bland it could well be a scam. Also look out for reviews from users who have been duped; they’ll let you know in no uncertain terms if it’s a scam.

  • However, also keep in mind that an app with few reviews or few downloads might be from a developer who is just starting out.

  • To establish a developer’s legitimacy see if they have a website. If they are genuine they will likely have website  that showcases their apps.

  • You can also check the app details. If it’s genuine it will likely be well designed with lots of clear instructions. If it’s a scam its likely to be poorly designed so much so it could be actually quite jarring.

Here at MPMIT, we recommend you use BullGuard to protect your devices.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

 Source: Bullguard

Even Old Windows Server Machines Can Fend of Hacks

Windows Server 2003

 

Microsoft wants you to upgrade your business onto the latest Windows OSes that offer security patches because, if you’re running a Windows Server 2003 machine, you’re doomed.

Sound advice, but many large institutions (such as those in healthcare and manufacturing) can’t upgrade because they rely on legacy software that won’t run on modern operating systems.

It costs an enormous amount to upgrade, especially when the machines are fine and it’s just the Server that’s the issue.

However, all is not lost because there are some things you can do to keep your old Windows Server 2003 secure.

Network segmentation and monitoring

Network segmentation goes beyond placing vulnerable servers behind a firewall.

By restricting access to your most critical servers, and making sure only system admins can control them, you’re reducing the network hackers can access should they breach your firewall.

It’s not a costly exercise, and Enterprise internet routers often have access control features that can limit which computers can talk to what. It’s also wise to monitor vulnerable servers (especially if carrying critical information) for any unusual traffic.

Application whitelisting

Whitelisting works by allowing only trusted applications to run on your computer.

It’s the opposite approach to antivirus products that blacklist malicious programs based on known indicators.

Backup sensitive data

Hopefully, you’re already doing this, but backing up important data stored in your machines will help. Particularly with the growing popularity of ransomware that infects your computer and encrypts all the data within it, which will only be freed once a ransom is paid.

The best option

Although these ideas will help, the best solution is still to upgrade.

Yes, it will be costly in the short-term, but that investment will help the long-term security of your data and reputation of your business.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: pcworld

Stay Secure With Two-Factor Authentication

keep data safe

 

Two-factor authentication is a way of adding a second layer of protection to the standard password method of identification.

It’s free and easy to use but isn’t infallible. Critics are quick to point out that because you normally have to use your phone number, it’s just one more bit of information you’re handing over to a third party. However, it is a good step towards protecting your online accounts.

How to use two-factor authentication

To help you boost your online security, here are details of how to use two-factor authentication on your favourite sites.

Paypal

  • Log in to your account on the website. Click on your profile icon then Profile and then settings
  • On the left side of the page, click My Settings and scroll to the bottom of the page
  • Find Security Key and click on Get Started to the right. You’ll have to enter your password again before continuing
  • Your Security Key page will have a message that says there are no keys currently activated
  • Click on the Get Security Key link at the bottom of the page and follow the prompts
  • You’ll then need to enter a phone number. A confirmation code is then sent to the phone number you specify via text
  • The security key page will then list your phone number, and every time you access your account you will need to enter your password and then phone number

Facebook

  • Sign in to your Facebook account. Click the drop-down arrow in the top-right corner and choose Settings
  • Select Security in the left pane, then click Edit to the right of Login Approvals
  • Next, check ‘Require a security code to access my account from unknown browsers’
  • A window opens explaining how log-in approvals work
  • Follow the prompts, which include adding a phone number to your account and entering a confirmation code that will be sent to your number
  • You can also take advantage of the code generator feature within Facebook’s mobile applications
  • The code generator is found within the app by sliding out the More menu and scrolling down to the Settings section
  • There you will find a Code Generator option, which will display a six-digit code when launched

Yahoo

  • Yahoo’s two-step verification can be setup by visiting your account settings page
  • Click on Account Security on the left side of the page
  • At the bottom of the list will be a switch to enable two-step verification. Sliding it to the On position will bring up a prompt asking you for your phone number
  • Enter your number, then click either Send SMS or Call Me to receive a confirmation code
  • Enter the code when you receive it, and you’re done

Dropbox

  • Log in to your Dropbox account from a Web browser, then open the menu in the top-right corner and head to Settings and then Security
  • Click Enable next to the Status for Two-step verification. After entering your password, you’ll be prompted to pick a method of receiving authentication codes in the future
  • You’ll need to choose between receiving codes via SMS or using an authenticator app. SMS only requires a phone number, and you’re set

If you plan to use an authenticator app, follow these steps:

  • Scan the barcode with your authenticator app of choice
  • Enter the six-digit code from SMS or the authenticator app into box on the website
  • Dropbox will show you a 16-digit code to be used in case you lose your device. Keep this emergency backup code in a safe place
  • Click Enable and you’re all set

LinkedIn

  • Open the top-right menu and click on Manage next to Privacy & Settings
  • On the tabs along the bottom-left-hand side, click Account > Manage security settings (bottom of the left column)
  • Under Two-step verification for sign-in, click Turn On. Enter a reliable cell phone number and then click Send Code
  • Enter the code you receive via SMS to log back into the LinkedIn website

Twitter

  • Setting up Twitter’s two-factor authentication requires you to use a computer and visit your security settings page
  • Tick the box next to ‘Send login verification requests to (my number)
  • If you don’t already have a phone number attached to your account, follow the prompts to add one
  • With the box is ticked you’ll receive a series of prompts letting you know that the service is about to be enabled and that you need to connect your mobile phone number to your Twitter account

No security system is completely infallible, but by using the two-factor authenticator system, you’re at least taking the right steps to keep your data safe from prying eyes.

 

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

The Internet of Things is Insecure

Internet of Things

Internets of Things (IoT) devices are becoming increasingly commonplace and yet many are widely acknowledged to be insecure.

If that’s the case, why isn’t anything being done about it?

Before you start throwing our your IoT devices it’s worth remembering that they aren’t all insecure. However, many security issues arise during the manufacturing process because the companies that make your IoT devices aren’t security vendors and so end up making fundamental mistakes, such as:

  • Passwords are hard coded into device firmware meaning they can’t be changed
  • Web consoles used to control IoT devices don’t encrypt data
  • Back doors are left open by the manufacturer’s developers when they are creating the software for IoT devices
  • Pre-set default passwords are often very easy to detect and crack such as ‘admin’
  • It’s not easy to apply updates to IoT devices to patch against vulnerabilities
  • Security that does exist is often too complex for average users to manage

If that’s the case why aren’t manufacturers doing anything about it?

Well, there are steps they can take to increase security. These include:

  • Enabling automatic device updates
  • Designing devices with security in mind
  • Providing lifetime support
  • Incorporating best security practice
  • Giving users the option to disable specific functionality such as peer-to-peer communications
  • Incorporating IOT devices into regular security assessments

The reason why they aren’t taking these ostensibly simple steps is that it would mean having to adopt new business models, which would incur additional costs. Most operate on low margins and need to sell lots of devices to be profitable and to adopt the points outlined above would require a lot of investment.

Perhaps the answer is for the government to impose regulations as in other industries. The problem is if a government were to do that it could:

  • Drive manufacturers to operate in rival territories
  • Create conflict with other nations
  • Cause economic conflicts

Above all, it’s seen as an industry issue rather than a government one.

All of this paints a pretty bleak picture, so what can be done?

Change will come down to one thing: large technology companies and organisations coming together to create a working body and set down security standards for IoT devices.

The result will be the adoption of standards, with those companies refusing to comply losing market share. Of course, all of this will take time.

Is there anything you can do now?

If you don’t want to wait for the manufacturers to take action, there is something you can do.

Despite the widespread vulnerabilities of IoT devices, BullGuard is offering consumers the option of protecting their smart devices and home networks with innovative protection.

The Dojo is a smart network device that plugs into a Wi-Fi router and it generates a view of all connected devices on a home network via a device called the Dojo pebble:

  • All internet traffic on the home network is routed via Dojo, allowing it to secure the home network against cyber-attacks and protect the user from privacy breaches.

  • Dojo discovers devices connected to the network, secures them and constantly analyses their network activity.

  • A cloud platform is constantly updated with this behavioural information and with cyber security- related knowledge.

  • When malicious activity or privacy breach is detected, Dojo notifies its owner through a mobile app, and in most cases automatically emits mitigates the risk.

  • The Dojo pebble also provides simple colour -based safety indication using green, orange, and red lights.

IoT devices are here to stay and will continue to dominate our lives. With growing fears about security, BullGuard’s solution will offer you peace of mind.

 MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Soure: BullGuard

New Computer? Here’s Our Security Advice

Don't fall for viruses

 

Getting a new computer is exciting.

Come on, admit it. It doesn’t matter how many you’ve owned in the past; you always get a buzz when unpacking a new one.

You look forward to a long and happy life together. However, the only way you can make sure that happens is to protect it from all the cyber nasties that are out there just waiting for their chance to bring your online world crashing down.

Whether you’re an old hand at owning computers, or this is your first foray into the world of the internet, here are a few gentle reminders to help you stay safe:

  • Your computer is sturdy but not indestructible
  • It likes to be clean
  • It doesn’t like liquids or food of any kind
  • Nothing is forever; just because you save a document doesn’t mean it’s there for posterity
  • Start off not trusting anything that comes from the internet until it’s proven safe
  • Saving is NOT automatic. If in doubt, save it again
  • The internet is public, and anything you put on it should be treated as though it were broadcast to the world
  • If in doubt, HANDS OFF and call someone who understands computer stuff
  • If “Microsoft” call you, hang up (it’s not them)
  • Get paid antivirus
  • Set a strong admin password (not ‘password’) and use a normal user (non-admin) account for everyday use
  • If it sounds too good to be true, it is
  • IF IN DOUBT ABOUT ANYTHING SPEAK TO SOMEONE BEFORE ACTING

 MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

 

Yahoo Hack Once Again Highlights Online Security

Password management paradox

 

Last year, Yahoo disclosed that one billion accounts were compromised in an attack that took place in August 2013. That’s on top of the 500 million accounts that were breached in a separate incident in 2014.

The breached data included names, email addresses, phone numbers, birthdays, hashed passwords, and a mix of encrypted and unencrypted security questions and answers, although according to Yahoo it didn’t include unencrypted passwords, credit card numbers, or bank account information.

This incident once again highlights the issues with online security. Hacked email accounts cause all sorts of problems.

They can be used to send out junk messages; your contacts can be harvested and then be inundated with malware spam and phishing attacks and of course they can be used to impersonate you.

If you sign up with an online service, it will almost certainly require you to supply an email address. If a hacker gets this information, they can reset the password by requesting a password reset email and take control of your account.

So how can you stay safe even when trusted companies are falling prey to hackers?

It’s all in the password

Always use strong passwords of at least 8 to 10 characters, consisting of upper and lower case letters, numbers and symbols.

If this is difficult to remember you can base it on a phrase, you will remember, such as “I like eating bread with butter and sauce” becomes: ‘iLEt!ngB&bWs0’ or some other variation that you choose.
Hackers find these types of passwords extremely difficult to crack.

Get protected

One of the best ways to add an extra layer of security is to install internet security. Here at MPM, we recommend BullGuard Internet Security, which offers protection against phishing emails, spam, malicious links and all forms of malware.

If you receive an email with a malicious link embedded in the email body or as an attachment, it will get flagged.

To go one step further, BullGuard Premium Protection includes robust identity protection. It searches the web, including the dark web, for your personal information such as email addresses and bank details. If it finds this information, for instance on a deep web hacking forum, you receive immediate notification.

Together with a strong password, these tools will keep you and your family safe from all types of hacks, protecting your personal information at all times.

 

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: Bullguard

Watch Out Cerber Ransomware is About

Cerber Ransomware

 

Cerber ransomware is the latest scam to watch out for.

This one is a spam campaign that uses fake credit card reports to trick unsuspecting users to infect themselves.

The email they send looks like this:

cerber ransomware email

Yes, there are some tells that show you it’s probably not genuine, but imagine if it landed in your inbox on a particularly busy day – are you still convinced you’d pick on the signs?

The attack is executed by the user opening the Word document attachment and enabling macros. One step you can take to keep yourself safe, if feasible, is to make Office macros disabled by default. 

If you can’t do that or worry that someone might enable them again, the best course of action you can take is to circulate the image above so everyone one in your organisation knows what to look out for.

According to Spiceworks, Cerber is currently doing the rounds so stay vigilant.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: Spiceworks

 

Why We Recommend BullGuard Internet Security

BullGuard Internet Security

 

We always recommend BullGuard Internet Security to our clients, which inevitably means they ask why.

That’s why we decided to write this post so we could give you the low down on why we think it’s the best product on the market.

For starters, in January this year UK consumer champion Which? endorsed BullGuard Internet Security 2016 with a Which? ‘Best Buy’.

BullGuard Security

On top of that, it also offers you all of this:

It’s simple to install and easy to use.

BullGuard installs in minutes. Its intuitive layout makes it simple for you to run a quick scan, adjust protection levels, back up your files, customise your settings and more. Everything is just one click from the main BullGuard home screen.

Malware and Spyware Protection

The latest version of Antivirus includes Behavioural Detection, which spots new viruses by how they act on your computer. Together with Signature-based Detection, which deals with known malware, they make up a multi-layered defence system for PC that’s virtually impenetrable.

Safe Browsing

Some websites have malicious code hidden in them. Or they are used to launch phishing attacks. The BullGuard protection software checks the websites that come up in your searches and lets you know which ones are safe.

Stop unwanted applications take control

Some programmes contain adware, they install toolbars and modify your system settings. They’re not malicious like trojans or worms but they can change your browser settings, alter your home page and direct you to another search engine by default. BullGuard’s unwanted app tool flags up these programmes and stops them from changing your settings.

Advanced Backup

There is a whopping 5GB of FREE online storage included so you can keep your important data, photos, music and more safe. You can choose what you want to back up and how often, or just set the feature to auto backup. You can even back up content directly from folders with one click. Plus your back-up data is easily accessible whenever you want to view it or restore it to another computer or even your smart phone.

Firewall

This is your first line of defence against unwanted hackers and identity thieves. The firewall protects you against network attacks and prevents cyber crooks from entering your system.

Spam filter

BullGuard Spamfilter keeps out junk mail and email scams, like phishing attempts, virus spreading and foreign language spam. You can also customize filters to block emails you don’t want to receive.

PC Tune Up

You’ll never have to wait again to get your computer up and running. BullGuard’s PC Tune Up removes unnecessary files and frees up memory so your computer runs faster

Vulnerability Scanner

Checks your computer for out-dated software that hackers and viruses can exploit to gain access to your system, damage it or steal personal information. Once this software is flagged up it can then be removed.

Free 24/7 support

The BullGuard support team is there for you 24/7, providing expert advice and quick answers to your questions.

 

As you can see, it’s a pretty comprehensive internet security package. If you want to learn more give us a call. 

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: BullGuard

Could Biometrics Replace Easily Forgettable Passwords?

Biometric security

How many different passwords do you have?

How do you remember them all?

If you follow all the advice you are given, you should have a sizeable collection of complex passwords, but in reality you’ve probably got 2 or 3 simple ones you use for pretty much everything.

There lies the problem – you choose simple words that are easy to remember, but equally easy for hackers to guess.

So what are the alternatives?

A recent article on the BBC website (link takes you to the full article) Dr Ant Allan (authentication expert at Gartner Research) discusses a potential low-cost option – biometrics.

He suggests that the simplest way to log on would be through an “authentication selfie” making use of the devices camera. Users would simply have to look at their computer or mobile screen. Another option would be logging in using voice recognition.

Of course, if these were to be used security would have to be beefed up by adding contextual information such as GPS data from a mobile phone, or simply the time of day. Then, if a user tries to log on at an unusual time or place, additional authentication information can be requested.

Digital portrait

Biometric authentication systems use biometrics and other information to build a complex profile of a user, creating a digital portrait that can be used to recognise them.

Then this is added to a physical profile of the user – voice or face biometrics – and characteristics that can be learned from a computer’s camera or a mobile device’s GPS, gyroscope and other sensors. These can include “whether the user is left or right handed, how tall they are, the length of their gait, and a measurement of their hand-eye co-ordination.”

The next layer is the construction of a “cognitive profile” that is built up by monitoring preferences such as where windows are placed on the screen, how quickly the user actually uses the computer or mobile device, and what their typing or touch gesture patterns are.

Finally, the user’s response patterns to a variety of “challenges” are measured.

Dr Allan explains:

“The system may introduce a bias which changes where the device thinks your finger is placed on the screen. It’s very subtle and not enough for you to see, but enough for you to correct for it.”

This type of authentication uses “active” or “continuous” authentication, so a user’s characteristics and behaviour for as long as they are logged on.

Dr Allan goes on to say:

“The benefit of this is that you get increased confidence that the user is who they say they are over time, and you also can also keep checking that the person using the system is the same person who logged on originally.”

The sound of your voice

Biometrics sounds like the answer, but what happens when users have to authenticate themselves over a conventional telephone, say for access to phone banking services?

The article goes on to say that Barclays Bank has begun to authenticate some of its customers using “voice print” analysis. The system checks the speaker’s voice in real time against a signature pattern they already have stored.

Seb Reeve (Marketing Manager at Nuance) explains:

“The idea is to be as transparent as possible so the customer won’t know that they are actually logging in. The system listens to the customer speaking, and after ten or fifteen seconds it will pop up a green traffic light in the call centre to confirm that the person is who they say they are, and the conversation can continue.”

Both of these sound as though they could be the way forward, but for the time being the traditional username and password pairing is still the most common way for people to authenticate themselves online.

Why? Well, even taking into account all the password security breaches, it offers a reasonable level of security at very low cost.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.