We’ve posted about this a couple of times before, but since the deadline to update your machines is quickly approaching, the message bears repeating.

DNSChanger is a malware that has changed many machines to use a handful of malicious DNS servers. The hackers that set up these malicious DNS servers and propagated the malware hoped to cash in by controlling the adverts that were displayed on infected machines. The FBI uncovered the network and took steps to disable the rogue servers, and also set up temporary “clean” servers to provide DNS services for the infected machines. However, these temporary FBI servers are being taken off line effective July 8.

So what does this mean to you? Well, if your machine was infected with DNSChanger and the infection has not yet been discovered and corrected, as of July 8 your computer will simply not be able to connect to the internet. Providence has run a check of our clients’ machines and found none that have any issues, but if you haven’t done so already you may want to check your home machines and other computers that you use.

The FBI has made available an excellent document that fully explains the issue and provides guidelines on how to deal with it. But if you have any other questions or concerns about DNSChanger and any of the machines that you use, don’t hesitate to give us a call.

The words “hacking” and “printers” usually don’t go together, but recent research on the vulnerabilities of IT systems are now suggesting otherwise. A flaw in many printers (those connected to the Internet) has been discovered which allows hackers and online thieves to infiltrate an otherwise secure network.

When it comes to printers, we usually think about ink, paper jams and minor irritations – but certainly NOT getting hacked. But recent research suggests that printers can be used by hackers to infiltrate computer systems.

According to researchers at Columbia University, printers that are connected to the are the weakest (and almost always unnoticed) link that can compromise an otherwise secure system. Details are emerging, as the research was done under government and corporate grants. The Federal Bureau of Investigation got the first look at the research results, followed by people from Hewlett-Packard. What is clear is that this new research reveals that printers CAN be used by hackers or online thieves not only to infiltrate networks, but also to steal personal information and even identities.

The security flaw involves the printer software used to run “embedded systems” which enables both advanced functions and connects the printer directly the Internet. Alarmingly, researchers were able to hack into a printer, and give it instructions to continuously heat up the part of the device that dried the ink after it’s applied to the paper. The resulting heat caused the paper to turn brown and smoke.

The implications of this type of security flaw are concerning, but can be addressed properly and promptly with the right planning. HP is looking into the study for their own line of printers and business owners should also take precautionary steps to protect already installed devices on their networks.

If you want to know more about how you can ensure that your systems are secure, give us a call so we can sit down with you and discuss a security blueprint that meets your specific needs.

In an unprecedented move against online fraudsters and hackers, the United States Federal Bureau of Investigation (FBI) and authorities in Estonia, aided by information from security firm Trend Micro, recently conducted a raid that brought down an enormous bot network made up of at least 4 million bots.

Four million is a big number – which makes four million bots, in security terms, a staggering and frightening number as well.

It is a good thing, then, that four million is also the number of bots taken down in a recent bust by the United States Federal Bureau of Investigation, the Estonian Police, and security firm Trend Micro. Data centers in New York City, Chicago, and Estonia were raided by authorities, shutting down hundreds of servers used to create a network of bots that spanned some 100 countries.

The said bust, dubbed “Operation Ghost Click”, is one of – if not THE – largest cybercriminal bust in history, putting to sleep a sophisticated scamming operation that victimized 4 to 5 million users and was said to have generated at least $14 million in illegal revenue.

The scam mainly involved hijacking Domain Name Server (DNS) settings in infected computers, which can be used not only to introduce more malware into an IT system, but also to hijack search results and replace advertisements loaded on websites visited through an infected computer.

While this bust does bode well for all IT users everywhere in the world, it also illustrates the scope of influence and level of organization behind security threats. Since this is probably not the only scam / fraud / botnet operation in the world, it is always best to have a comprehensive security policy for your IT infrastructure to minimize the risk of compromising your company’s data and information.

For more details on the bust, check out Trend Micro’s blog post here.

Employees using their own mobile devices for work may seem like a good idea at first – it’s less expense for you, the employer, and they can also make employees more productive. However, it also means that you are allowing potentially unsecure devices to access your company’s data. The solution? An effective IT security policy that balances personal freedom to use these devices and your need to secure important business information.

As technology continues to become more affordable and accessible to consumers, it’s an inevitable fact that employers will see more and more of their employees using their own personal devices such as laptops and mobile phones to access the company’s IT system.

This can be a dangerous thing. Since these devices aren’t company owned and regulated, you have limited access and control over how they are used. Employees could download all sorts of malware and viruses on their devices and pass the infection along to your IT system when they access it.

The solution: a comprehensive IT security policy. It’s important that you find a compromise between the freedom of the employee to use the device as desired and your need to keep your IT system safe from viruses and other threats to your data’s security. Steps such as having employees run mobile device management (MDM) software on their devices is one of many actions you can take to lessen the risk of security breaches. You may also want to implement applications and software that check and screen for malware, both for laptops and mobile devices. And don’t forget that while Android seems to have a bigger problem with malicious software, Apple isn’t exactly virus-free, either.

Employees have a right to use their personal devices as they see fit, but not at the expense of important company information stored in your IT system. Running a tight ship in terms of security is an effective way to protect your business interests and your sensitive company data. If you are interested in knowing more about developing a concrete and effective IT security policy for personal device use as well as general system access, please don’t hesitate to give us a call so we can sit down with you and discuss a custom security blueprint that’s just right for you.

It doesn’t matter how solid your security system is –any hacker or online thief can figure out a weak password in a couple of hours through trial and error. Don’t risk being a victim of a security breach and data theft. Avoid these passwords that are especially easy to crack.

If you think using ‘password’ as your password is no big deal, then it’s time to rethink.

Security experts have recently compiled a list of the worst passwords users can choose, and ‘password’ is at the very top of the list. Weak passwords make your information more vulnerable simply because hackers can guess them. It may be easier to pick a password that you don’t have to think about, but it’s a choice that you may come to regret.

To help you avoid common password choice mistakes that users make, management application provider SplashData has compiled a list of the 25 worst passwords to use:

1. password
2. 123456
3. 12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football

Make a smart password choice
Experts advise using a combination of letters and numbers when creating your passwords, and to avoid things that anyone might be able to guess, such as birthdays and anniversary dates. Passwords with eight characters or more are safer and it’s best to use different passwords for different accounts and websites. Use a password manager to help you keep track of all of your passwords if you’re finding it difficult to remember them all..

No matter how sophisticated your security system is, a weak password gives hackers and online thieves an advantage. Helping all the users in your organization understand the importance of password strength will help you secure the IT systems in your organization.

If you’re interested in learning more, please contact us so we can develop a comprehensive and custom security blueprint that meets your specific needs.

Reference: Worst Internet Passwords