Skip to Content

Blog

An Alexa Issue

51TFnR7AtGL._SY300_QL70_

Living in a world where people are always wanting the most up to date technological advances, there can be a darker side to these new products, an example of this has just recently been reported in the news.

The ‘Amazon Alexa’, a voice operated device which is referred to as a virtual home assistant which has a variety of different functions to allow you to say a certain phrase and the device will respond accordingly, has apparently been listening in on private conversations from its customers, when the device has not been triggered to be listening, and sent the recorded conversation to one of the people in the customer’s contacts list.

This goes to show that not every new device on the market is perfect and if we ever are in range of one of these voice operated products we should be careful on what we say, because you never know if something could go wrong and the conversation being unknowingly recorded, and possibly sent, is not just a harmless one about hardwood floors as this couple from Portland, Oregon experienced.

 

0 Continue Reading →

World Password Day

pw

 

What is World Password Day?

World Password Day is an initiative that aims to promote better password habits among Internet users around the world. Initiated by Intel in 2013, the annual event – which takes place on the first Thursday of May each year – will be celebrated on May 3, 2018 this time around and is supported by more than 170 organisations, including Dell, Microsoft, Toshiba and Cloud53!

While passwords are a common form of authentication on the Internet – they’re, more often than not, the only line of defence between hackers and your personal information. Once again this year, World Password Day gives us an opportunity to reflect on what makes a password strong and how we can protect our online identity by taking our passwords to the next level.

What is Password Security?

Password security, though often overlooked, plays an extremely important role when it comes to protecting your identity on the Internet. After all, it keeps unauthorized users from breaking into your online accounts and stealing your personal information for their nefarious purposes like impersonating you to commit crimes in your name, for example.

What Can You Do On World Password Day?

You can become a part of the celebrations by resetting your old, weak passwords to long, un-crackable ones and reminding your friends, family, and colleagues to do the same. With identity theft and other cyber-crimes on the rise, setting robust passwords is crucial and here we’re going to show you exactly how to go about that.

How Hackers Can Steal Your Passwords?

Have you ever wondered how hackers go about cracking your passwords? Well, here are some of the most common ways through which they can steal your passwords, and ultimately, your personal information:

1. Brute-force Attack

One of the most common password cracking techniques out there, a brute-force attack involves checking all possible key combinations until the right one is found. Since hackers use complex algorithms to try multiple combinations at super-fast speeds, rest assured that your short passwords will be cracked in no time!

2. Password Sniffing Attack

A password sniffing attack is a technique used by hackers to collect your credentials on unencrypted connections. By using a combination of easily available tools on the Internet, they monitor all incoming and outgoing traffic on a network so they can intercept your usernames and passwords as they’re being transmitted.

3. Phishing Attack

Even though phishing is an old trick in the hacker’s playbook, it’s still going strong and doesn’t seem to be going away anytime soon. Typically, it entails sending an email to the victim by impersonating a legitimate entity and requesting that they provide sensitive information like usernames, passwords, and even credit card details.

4. Social Engineering Attack

A social engineering attack requires little technical knowledge and relies on human error, tricking otherwise unwary employees or users into performing certain actions or revealing confidential information such as passwords or bank account details.

5. Dictionary Attack

In a dictionary attack, a hacker tries hundreds – or sometimes even millions – of likely possibilities derived from a predefined list of words or dictionary in order to defeat an authentication mechanism like passwords.

6. Keystroke Logging

Keystroke logging, also known as keylogging, is a technique that involves the use of a program to record or log every keystroke so they can obtain confidential information like passwords without the knowledge of the unsuspecting user.

So how do I make a secure Password?

Now that you know the common password security mistakes you need to avoid, let’s discuss how to create strong passwords. The following are some password creation tips to prevent hackers from accessing your online accounts:

1. The longer Your Passwords, The Better

The passwords you decide to use should be at least 12 characters in length so that they’re difficult to break. The longer a password is, the more combinations a hacker would need to try in order to successfully crack it.

2. Aim for Complexity

Password length and complexity go hand-in-hand in the quest to creating proof-passwords, so make sure you include lower-case and upper-case letters along with numbers and symbols. Mix them up like you mix your cocktails on a Friday night!

3. Unpredictability is Key

Unpredictability is key when it comes to password strength. Avoid predictable words, passwords based on dictionary words, as well as any references to your personal life or popular TV shows, video games, and movies.

4. Unique is The Way Forward

We’ve already highlighted this before, but its importance can’t be emphasized enough: Only use one password for one account.

 

0 Continue Reading →

Remote Access Warning

remote-access-laptop-hacker-security-300x300

About a month and a half ago, there were some reports surfacing of some TeamViewer users being hijacked. This mostly surfaced around 30-05-2016 to 02-06-2016, although there are some reports dating back to mid-June. The logs note that most of these computers were accessed through TeamViewer, with IP Addresses originating from a Chinese VPN, using a method known as “Custom Password”. TeamViewer has refused to explain what method is used for that to appear in the logs. The computers that were hijacked, had the saved passwords stolen, then they opened Chrome/Internet Explorer to attempt to send coupons or vouchers to China through Amazon, PayPal, or abusing any of the saved  passwords while logged into their machines.

Only a few of these computers were accessed by simple dictionary attacks due to the default 4-number password, which could be accessed in 23 hours of brute forcing. Due to the nature of TeamViewer, this password only resets when the application is restarted. Which isn’t that often…

A decent number of the intrusions also appear to coincide with the 01-06-2016 Denial of Service Attack on TeamViewer’s Authentication servers. TeamViewer declines any knowledge of a security issue, and has held their stance at it being the user’s fault for the issues that have been experienced. TeamViewer’s legal team has forced some article publishers to alter the statements about TeamViewer to cover up.

Most of these reports are unverified in a sense – as they are posted on a potentially anonymous forum, claims that cannot be verified. However, they are in such a high volume that some potential truth can be gleaned from the info.

0 Continue Reading →

This as a Service (TaaS), What as a Service (WaaS)???

It seems in IT everything is as a Service (aaS) yet given the amount of questions we at Cloud53 receive about this element of managed services, clearly it is a much misunderstood way of doing things to those non IT people.

The diagram below should hopefully make this much simpler to understand using something as a Service that we all understand.

car as a service2

 

If interested in any IT services as a Service (aaS) then please do give Cloud53 a call

0 Continue Reading →

Distributed Denial of Service (DDoS)

ddos

Recently it seems that every week we hear of a major website being unavailable due to a DDoS attack but what is it and why is it becoming so common?

A DDoS attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic.

It appears that along with these attacks becoming more common, they are also becoming more serious in the sheer bandwidth that is being used. Speaking to a recent victim they saw over 80Gbps being used against their IP’s, very few providers could sustain that bandwidth. To put this into perspective in Q4 of 2013 the average DDoS attack was using an average of 2.14 Gbps.

In recent months major names have been attacked such as the BBC (reportedly over 600Gbps), Sony PlayStation network, TalkTalk, Carphone warehouse and many more but why?

It would seem that essentially the groups doing this wish to extort money from their victims, using blackmail with the threat that if they do not pay then attacks will continue. However could you trust a black mailer not to do it again after payment? This is why it is generally reported that companies do not pay, however it seems reasonable to assume that some companies do pay as these sort of attacks cost money to implement and so they must be worthwhile to the criminals?

The type of payment is the issue in these ransom situations as payment is always instructed to be made in bitcoins and so is totally untraceable (if you know what you are doing). It is also thought that money gained in this way often finds its way to support worldwide illegal activity.

You don’t have to be a large company to suffer a DDoS attack but the attackers do go to where they believe ransom money is available, however if you do become a victim of a DDoS attack and subsequent blackmail it is best to treat it as an exercise to bolster your security and potentially test your DR strategy, it is not advised to meet the demands of the cyber criminals.

0 Continue Reading →

Hacking – why does it keep happening?

computer-hacker
Obviously this week the big story has been TalkTalk who it would appear have been hacked and potentially allowed details of 4 million customers into the wrong hands. This is the third large cyber-attack which TalkTalk have received and it is not at present clear why TalkTalk are targeted or who did it but it is far from being the only company that keeps being hit!
Most, if not all, large companies will receive cyber-attacks every day, it is unfortunately the norm. This is the reason why large companies invest in heavily in cyber security but being ahead of the cyber criminals isn’t easy. Around 1 million new malicious programs are created on a daily basis according to security firm Symantec.
It is extremely unlikely that any large company has not received cyber-attacks, it is also very unlikely that any of these large companies haven’t suffered a breach of security due to these attacks at some point. It is only the clever companies that are aware of these breaches and learn from them. It is likely that many companies will not know they have been breached which is much more dangerous than being aware!
Can it be stopped? Very unlikely, unfortunately it is just a case of staying one step ahead of the hackers which in reality is extremely difficult and expensive.

0 Continue Reading →

All White for Winter?

snowMAIN_1788610b

We know the weather predictions are always a tad dramatic with phrases such as ‘Arctic Freeze’ and ‘El Nino’ but it is worth paying attention to the fact that your business could suffer because of the winter. At present weather predictions for this winter are suggesting the El Nino (named Modiki) weather Phenomenon and reportedly maybe the strongest since 1950. In this year heavy snowfall brought chaos to much of the country with temperatures in some areas being as low as -22C with around 50cm of snowfall, certainly worse than the ‘big freeze’ which we remember in 2009/10.

The ‘El Nino’ happens when ocean temperatures in the eastern Pacific, near South America, rise due to a change in the normal wind direction, creating knock-on effects across the globe due to the amount of heat released into the atmosphere. The polar jet stream tends to move further south, and brings wetter weather across the Atlantic, which causes heavy rainfall in warmer months (we have certainly had this), but can bring snow in the winter.

So is your business ready in case we do have a bad winter? Typically in the UK a bad winter means the public transport system grinds to a halt or at best is a very poor service. The reason for this, apart from the weather affecting equipment and roads, is due to Staff not being able to get into work and so we get into a vicious cycle!

If your staff cannot get into work whether it be due to public transport or the highways what contingencies do you have in place to allow your business to continue? Should it just be for a single day most businesses will be fine, albeit probably lose some revenue, however if the weather spell lasts a week or more then it could be much more serious.

Points to consider:

  • Remote access – Do you provide remote access whether it be via Remote desktop, Citrix, Outlook web access. Is this setup for all staff? Are they aware of the details? Do you have enough licences? Does your internet connection give sufficient bandwidth for inbound connections?
  • Telephony – do staff have desk phones at home? Can staff access the telephone system through soft phones (PC or smartphone apps). Can diverts be put on remotely?
  • Backup – if using onsite backups who will change the tapes/disks? How will the data get offsite for safe storage?
  • Meetings – do you have video conference services available to take meetings internally and externally given that travel is limited?
  • Communication – are staff aware of the business continuity plan? How they will access systems? How will staff communicate?
  • Suppliers – depending on your business your supplier’s business continuity plans maybe extremely important if you cannot receive deliveries of vital goods and services – they should be asked the question.

 

Whilst we have seen predictions previously for heatwaves, bad winters and even the end of the world eventually predictions do happen so it’s always best to be prepared. Please get in touch should you be interested in any advice on the above (excluding weather forecasts).

0 Continue Reading →

SPAM – what is it?

spam

Whilst we would rather have this as a fritter (us northerners) how did this term ever get into email? SPAM in terms of meat stands for Specially Processed American Meat but in email terminology it simply means ‘unsolicited email’

Spam as an email term does not actually stand for anything but was just a name that started and continued purely by chance. This came about in 1994 as part of a lawsuit in the US. A company had advertised its product on the usenet newsgroups (one of the first mass forums) and were flooded with complaints. Complaints made due to the misuse of the then scarce internet resources. Disk space and bandwidth was massively consumed by this single action, given the storage costs and modem dial up solutions back then you can imagine the issues. After this the name Spam simply caught on and is still with us today.

It is currently estimated that 70% of all emails sent are actually Spam and of this figure 90% can be attributed to a core of 200 Spam outfits.

Spam unfortunately is an overwhelming fact of life. Filtering however is available relatively cheaply to keep 99.9% of it out of your inbox, please contact Cloud53 should you need advice.

0 Continue Reading →

Backup, Business Continuity, Disaster Recovery – are they the same??

Burning_keyboard_medium

Recently after talking with clients we have realised that these terms all appear to mean the same thing to some of the business market out there and this is a dangerous assumption. Typically people only understand the differences after an incident and when it’s too late. Therefore we thought it may be useful to summarise what each is and what it means:

Backup –this typically happens once per day and overnight so therefore it is technically possible to lose around 23 hours’ worth of data. In addition a backup simply backs up data and restore may involve building a new server and then restoring the data to this server which if from tape could mean 24-48 hours before the server is back up and running as was. Therefore in this case the Recovery Point objective (RPO) is 23 hours and Recovery Time Objective (RTO) is 48 hours. With tape this is always assuming each backup is successful and that you have a suitable tape drive to read from.

Business Continuity – This is essentially how your business (as a whole) will recover from an incident. This incident may not affect IT although most incidents do. It maybe related to the scenario that the office is inaccessible due to a gas leak and therefore how do your staff work from another location or it could be a gas explosion within the building which destroys the IT infrastructure. BC is about the capability of the organisation to continue its business following a disruptive incident. BC is the big plan of which IT Disaster Recovery is a subset.

IT Disaster Recovery – is how you plan to recover from a disaster and this isn’t simply restore from backup as let’s not forget you might not have any media to restore from, you might not have an internet link, you may not have servers or tape drives! DR is about how you recover from the worst possible disaster and as quickly as possible. In the business world the only way to guarantee your IT infrastructure to be always available is to host it outside your business in a datacentre (with redundancy / replication) or to host internally but replicate to a remote datacentre using real-time replication, therefore in the event of a disaster your RPO is less than one minute and your RTO is also just minutes. With auto fail-over and the correct replication software this is easily achievable.

0 Continue Reading →

Welcome to Summer!

airon failed

So it seems we are approaching the time of year when things warm up which is great news if you’re not at work or maybe work in state of the art offices with aircon (that works) however it’s not necessarily  good news for servers, network kit and the like in areas without dedicated air-conditioning.

Typically once we hit real summer there is a rise in server and network failures as this kit is still in the small room or cupboard that it is all year round but with an added 10°C or 15°C to work in. The kit still produces the same heat itself but the heat isn’t dispelled as well as it is in the cooler months. Often this means that a router or some other network kit fails first as often this is situated above the servers and of course heat rises. Without am ambient temperature being maintained then due to any additional heat, the servers have to work harder, spinning the cooling fans more to try and combat the heat being produced by the disks and the CPU’s. It’s a vicious circle until either the room cools or a component fails unfortunately

Remember in the summer months to keep an eye on temperatures in these areas and allow extra ventilation / aircon if you can.

  • An average server generates 1360btu/hour which is about the same as a small radiator.
  • It is recommended that server rooms maintain a temperature of between 18°C and 24°C.
  • Typically the server CPU’s will run at around 45°C however anything past 60°C for long periods can be dangerous and result in failures.
  • Disks are more likely to fail the older they are and as such temperature changes may contribute to these disks failing sooner.
  • Humidity is just as important to IT kit as temperature.

 

The obvious solution is to look at hosting your servers externally – why not get in touch with Cloud53 to discuss? Apart from taking the worry away it should also reduce your on-going costs!

0 Continue Reading →