5 Million Gmail Usernames, Passwords Hacked! What to Do Now?


Gmail Hacker

The news that five million Gmail usernames and passwords were stolen alarmed many in the industry. If Google’s servers aren’t safe, whose are? But Google quickly followed up the news with an announcement that the information was taken from a website not belonging to Google. The company has searched its own systems for signs of a compromise and have found nothing.

What to Do Now

Since Gmail powers many workplace email accounts, it’s important that businesses first protect any email accounts that might contain company data. Even if one employee is using a Gmail account for work duties, that employee should take measures to ensure his account is protected. To be safe, business leaders should send instructions to all employees on safeguarding their Gmail accounts, even if they don’t use them for work purposes.

Protecting your Gmail account is easy. The first step is to change your password, which can be done by clicking the down arrow next to the gear in the top-right corner. Choose Settings, then Accounts and Import. Change Password is at the top. You’ll be prompted to enter your old password and your new one twice. Try to shoot for a “Strong” password rating. Once you’ve changed your password, you’ll be taken to another settings screen. If 2-Step Verification is disabled, click the link to set it up and go through the steps. You’ll be notified via phone call or text message every time someone tries to access your Gmail through an untrusted device.

User Security

To help their own systems remain secure, businesses should urge employees to use passwords that are difficult to guess. Administrators can set this up as a requirement on all applications and file servers, making each employee have a combination of letters, numbers, and special characters in every password.

Another trap business users fall into is that of using password keepers. This is a solution to the many passwords we’re all required to keep up with, letting users remember one strong password to access all sites and applications. While acknowledging the usefulness of such tools, it’s important that businesses explore the encryption being used by the particular password keeper being used. If your administrator is responsible for keeping up with everyone’s master password through a console, the security on the console should be investigated, as well.

The Gmail breach is yet another reminder of how vulnerable electronic systems are. If your business employs the best industry-standard software for security and encourages safe password polices, your users can stay safe during large-scale hacking attempts.

Should Your Business Accept Bitcoins?

You’ve probably heard of bitcoins.  But what are they, really?  It’s hard to explain so let’s watch this video.


There’s an old saying that everything is worth what its purchaser will pay.  Bitcoins are a great example of that.  They first started trading a few cents apiece.  As of May 23rd, 2013 they are trading at $126 to one bitcoin.

So the real question is: should your business accept them?  In my personal opinion, I’m going to have to say no.  Recently in the news, bitcoin exchanges have been shut down .  Also, because the volatile nature of bitcoins, you may end up worrying about the market rate rather than running your business.

On the other hand, most businesses that accept bitcoin see such transactions as a very small percentage of their total revenue.   However, the fact that bitcoins are untraceable currency from the ether (most currencies are) attracts less than upstanding citizens.

Is Cloud Accounting Right For You?

Everything seems to be going up into the cloud.  Is accounting in the cloud for you?  Should your books be accessible from anywhere?  Here are a few things you should know before answering those questions.

So Who Owns What?

Unlike desktop versions of software, cloud based products tend to be subscriptions based.  People still run their old versions of Quickbook and Word that ran on Windows 95.  This won’t be the case with cloud based software.  The advantage of this is that with cloud based software like Office 365, you can pick and chose what features you want.  Desktop software tend to come out in one format or a tiered system.  Now you can pick and chose what you pay for.

Where Is Your Data?

If you’re using a cloud based software, then your data is stored offsite.  It’s not on your local hard drive.  It’s some where out there, in the cloud.  So is it secure?  Well, you paying another company to store your data and give you access to it all the time.  This is the biggest crux that the cloud community has to deal with.  But think about your ATM.  You could have all your money stored locally, like in a shoe box under your bed.  Or you give it to your bank and they give you access to your money via tellers, ATMs, etc.

Who Is It for?

In my opinion, cloud based software is really for the medium guy.  If you’re a tiny business and you can count your daily sales on one hand, then this isn’t for you.  A simple double ledger spreadsheet in Excel would do you better.  If you’re a mega-corporation then you would build or higher your own accounting department and have an in-house system.  However, the medium business that is always on the go and in flux will have use for a cloud based accounting system.  As your business grows and changes the cloud is more apt to scale.  It’s going to be easier than making that tough choice to spend a whole lot of money on a software upgrade.

The Curious Case of the Call Center Fraud

As long as there has been money there has been people looking to making by means that are less than ethical.  Now, with all the technology people half a world away can can attempt to pick your pocket.

I happened to come across a new type of call center fraud.  Well, it’s actually a twist on an old trick.  Con-men calling you up at home in an attempt to sell you something you don’t need or to gain personal information is nothing new.

However, the twist is that they try to have you open up a backdoor for them into your personal computer.  They come under the guise of saying that they are calling from Windows Tech Support.

They then usually say that they’ve received reports that your PC is under assault by viruses, from the Internet no less.  After that, they direct you to a web to download some variant of remote access software, programs that let someone else directly control your computer from across the Internet.

There are plenty of legitimate reasons for doing this, like IT support.  But let it be known that IT support will never call you unless you them first.

To stay safe, best to never install software direct to you by someone you don’t know on the phone.  It may sound like common sense, but it can be hard to turn away someone who’s calm, polite, and pretending to help you.

In fact, many of these scammers can be so persistent and calm that there is a whole subculture that revolves around messing with them.  Click here for a laugh.  Trust me, I didn’t cold call you on the phone asking for your credit card number.

Staying Safe This Holiday Shopping Season

It’s that time of year again.  Whenever you walk into a big box store you hear that music playing, people are ringing bells outside, and you’re looking for gifts online.  Now, more than ever one must be careful when making purchases.  However, you can thwart these thieves and scam artists hoping to cash in on your holiday cheer by following a few simple rules.

1. When Purchasing always look for the SSL

SSL stands for Secure Socket Layer.  It’s security method that restricts other computers from accessing information during a transfer.  You can see if SSL is enabled by looking for a padlock symbol or by checking if the URL (address bar) is preceded by HTTPS:// which indicates a secure portal.  This isn’t a sure fire way, but it’s a start.

2. Never give out your credit or debit card numbers over e-mail

No reputable retailer asks for credit card information via e-mail.  If they’re worth their two cents then they’ll set-up a secure portal like the one mentioned above.  Honest retailers will also never ask for your social security number.  The more information someone is asking for, the more likely they are phisher, an online data miner looking to steal and sell personal information.

3. Above all else: Use common sense

The greatest defense against an online thief is common sense.  With the number of online retailers there are out there, the moment you sense something fishy just move on.  Look online for reviews of companies to make sure they are on the level.  The Better Business Bureau is an excellent resource.  If it looks too good to be true, it probably is.

Happy Holidays.

Don’t Get Caught in the Malnet!

The prefix mal comes from the Latin for bad.  Anything with mal in it is bad news, malcontents, malnutrition, Mal Reynolds.  Now there are malnets.  Malnets are complex systems of servers and domains that are continuously on the attack.

It is estimated that this year, the majority of all spam will come from these malnet systems.  For example, Rubol a known malnet was found to have 476 unique domain names.  That’s a lot of vectors of attack.  A malnet was found to be the culprit in the MySQL.com attack.

So what do you do?  How can you protect your businesses infrastructure against such an organized malware ecosystem?

Most malnets are actually nets, malicious traps.  Don’t fall into the trap.  Rubol’s 476 domain names were fronts, mainly offering deals or quick cash.  You might be thinking only a fool would fall for a something that’s too good to be true.  However, some of these sites disguise themselves as legitimate businesses offering good deals.

The next step is to really isolate your sensitive data from the Internet as much as possible.  The easiest way to do that is move customer data onto a removable storage device.

Keeping your security software up-to-date is also a boon to the safety of your data.  And last of all, when in doubt, don’t click on it.



Mountain Lion Arrives

The newest Apple operating system, OX Mountain Lion, is now available, and, while it doesn’t represent a huge departure from previous Macintosh systems, the consensus among reviewers is that the upgrade is well worth the $19.99 price tag.

One of the most significant new features from the predecessor Lion operating system is Gatekeeper, a security system designed to keep out malware. Aside from screening for known threats, it lets users choose their level of security by instructing the computer to open apps downloaded from the Mac App store only, from the app store and Apple-approved developers, or from anywhere.

Mountain Lion also takes a step closer to the iOS software found on iPhones and iPads. Like those mobile devices, computers with the new system will have access to iCloud functions, giving users easy access to the same apps, message services and games from all their devices. The OS also features a Notification Center that pulls updates from various apps together in one place.

Unlike Windows 8, Mountain Lion is more of an update than a whole new product. Still, PC World has an interesting list of features that the Windows system might be well advised to copy from it. That includes the Notification Center, access to text messages and voice dictation, and AirPlay Mirroring, which makes it easy to send video from one device to another.

In the spirit of the internet’s increasing dominance of all computing functions, Mountain Lion can only be purchased at the Mac App store and isn’t available on any physical media. Of course new Macs will come with the operating system installed.

Why IT Consulting?

For some business owners, the notion of outsourcing anything to an outside firm might seem a little scary. It’s attractive to have everyone who’s doing anything for your company working as a dedicated full-time employee.

But these days most businesses can benefit from advanced technologies like cloud computing, remote backup and systems that integrate computer and phone networks.  Often, you won’t even know what technological solutions make sense for them until you see them in action.

That’s where IT consulting comes in. An IT firm can look at the big picture and suggest what investments might make sense. Because they work with multiple clients, they have up-to-date expertise in what other companies are finding useful, which means you can benefit from the experiences of others.

Consulting firms also have a surprising cost benefit. If a company has its own internal IT department, a handful of employees probably have to do everything from overhauling the entire email system to setting up voicemail for a new hire. That means they have to be seriously overqualified—and overpaid—for some of their assignments. With an outside firm, you’re hiring a team that includes people with a variety of experience levels. Often it also means you can have several IT professionals on hand when you need them and none when you don’t.

Here’s another thing about outsourcing IT—it’s probably inevitable, at least for some things. More and more of us are using the cloud every day, even if that just means throwing a file into Dropbox or sharing something on Google Docs, and that means trusting our data to outside parties. IT consulting firms can help businesses do these kinds of things in ways that are more secure—and that also offer extra benefits like emergency backup.

IT firms can work with companies a variety of ways—from troubleshooting email problems to developing a cloud strategy for connecting remote offices. But you probably won’t know which solutions might make sense for your office until you start asking.

Online Attacks Rose 81% in 2011

The war between legitimate data users and criminals interested in exploiting their data escalated again in 2011, as the number of malicious attacks on computer systems rose 81 percent from the previous year. That’s according to web security vendor Symantec, which just released an annual report on the subject.

The company, which said it blocked more than 5.5 million attacks over the year, attributes the increase to more sophisticated malware, new threats to mobile devices and thieves’ exploitation of social networks to reach new victims.

One of the most serious types of online criminality is targeted attacks intended to steal customer data or high-value secrets. While the term “corporate espionage” may conjure up images of huge, sophisticated technology enterprises, the report found that half of all targeted attacks were launched against companies with no more than 2,500 employees. A full 18 percent of the targets had 250 workers or fewer. Symantec said that may reflect attempts to reach high-value targets through their vendors or partners.

The industries most likely to be targeted for attacks were government, manufacturing and finance, and the specific people most likely to be hit were company executives.

Data breaches exposed more than 232.4 million identities during 2011. Health care companies accounted for by far the largest number of breaches, 43 percent of the total, but breaches in computer software and information technology tended to be much more significant, with those two industries accounting for 85 percent of exposed identities.

The growth of bring-your-own-device policies creates a huge new area of concern for companies, which are now more likely to be vulnerable to whatever malware employees picks up by using their social networks or by downloading software for their personal use. Another trend that calls for increased caution is the growing use of cloud computing, which demands data encryption, security around how data can be accessed and attention to the credentials of all IT support firms involved in the system.

The news from 2011 wasn’t all bad, though. The report found that the amount of spam dropped, largely thanks to law enforcement action against Rustock, a worldwide network that had sent huge amounts of spam. The percentage of email that was spa fell from 88.5 percent to 75.1 percent in 2011.

Flashback Trojan Pierces Mac’s Aura of Invincibility

For years, Macintosh computer users have held up their machines as superior for a few reasons: better performance for designers and artsy types, a more intuitive and attractive user interface and—most significantly for many users—freedom from worry about viruses and malware.

Now, Flashback Trojan has changed all that. In early April, a Russian antivirus seller discovered that more than 500,000 Macs had been hit by the malware infection. When users visit certain websites, Flashback can exploit a vulnerability in some versions of Java to install itself on their computers. After that, it can get into the Safari web browser, monitor a user’s web activity and steal passwords and other information.

Macworld reports that Flashback is different from other malicious programs that have affected Macs in the past because it doesn’t require that a user install infected software on their machine themselves—it can climb on your computer the minute you visit an affected site.

Apple has responded with a software update for Macs running OS X Lion and Mac OS X v10.6 that remove Flashback and patch the flaw in Java. For older operating systems, the company advises users to disable Java. Apple says it is also fighting back against the sites that host the malware, “working with ISPs worldwide to disable this command and control network.”

Still, Apple has been criticized in some circles for reacting too slowly to the Trojan. In the past, the company’s freedom from serious malware attacks has been more because it gets less attention from cyber thieves than because of anything it’s done particularly well.

Macworld says the attack should be a bit of a wakeup call for Apple and probably points to a new interest in the company’s computers among destructive hackers. But it also says that Macs are still far less prone to infection than PCs, and if Apple introduces better security measures quickly, its users shouldn’t be forced to seek IT support to fend off a Trojan invasion very often.

Page 1 of 212

Subscribe To Our Monthly Newsletter

Thank you, your sign-up request was successful! Please check your e-mail inbox.
Given email address is already subscribed, thank you!
Please provide a valid email address.
Please complete the CAPTCHA.
Oops. Something went wrong. Please try again later.