Singlesource IT has been an integral partner in managing and implementing our technology needs. They not only provide exceptional service and responsiveness, they anticipate and prepare to help in guiding the direction of growth in our company. By assisting in making us more efficient and economical they ultimately help make us more profitable.”

Meyers + Associates Architecture, LLC.

Christopher Meyers, Principal Architect

 

 

Tuesday
Feb282017

Cloudbleed! Cloudflare’s Major Bug Is Leaking Your Data

Even if you haven’t heard of Cloudflare, you’ve probably used their services. Ever hail an Uber? Track your every step with a FitBit? Go looking for love on OkCupid? These companies, and a few million more, use Cloudflare for speed enhancement and additional security for websites and mobile apps.

Cloudflare is an interesting company. They’ve found a niche by acting like a hosting provider without doing any actual hosting. Instead, they have a network of mirrors around the globe, ready to serve up an optimized, SSL-enabled version of your website. The result is a faster, more secure experience for your customers – when everything goes according to plan.

Cloudbleed is a bug in Cloudflare’s code that was discovered on February 17th. This flaw created a “memory leak” – a situation in which recently stored data on a server would be sent along with new, legitimate requests for information. In other words, you might log on to Uber and find you’ve got someone else’s username and password on your screen too.

A memory leak can easily be exploited by hackers who can continually ping a server and then sift through the results for credit card numbers and other useful bits of data. To be fair, it doesn’t look like there was any malicious intent or criminal activity associated with Cloudbleed. However, data once leaked is data compromised forever. Even after the problem is fixed, there could still be sensitive information floating around the internet.

What to do?

If you’ve been using services that use Cloudflare, now is a great time to update those usernames and passwords. Also, keep an eye on credit cards accounts that you’ve tied to ecommerce sites. Look for anything suspicious on your next statement. A full list of compromised sites is hard to compile, but here are a few links that list the most popular affected services:

http://www.digitaltrends.com/computing/cloudbleed-what-you-can-do/

https://github.com/pirate/sites-using-cloudflare

If you own a website or app that uses Cloudflare, life is little more complex. First off, get in touch with Cloudflare to see if you were affected. If so, change your admin credentials and scour the web for information that might have been leaked – basically, start googling for your old private data. If you get any hits, you’re in trouble. At this point, you may need to bring in your web developer to re-write the way that your site authenticates user sessions, ensuring that old data won’t work for new visits to your site or mobile app.

Unsure about any of this? We’re here to work with you, double-check your data, and make sure that you and your customers are safe. Give us a call. Cyber security is a tricky business, and we’re committed to keeping you one step ahead of the next bug.

Thursday
Feb162017

A Battery Backup? What’s That For?

Thunder and lightning, construction down the block, housekeeping flipping switches ‘cause they thought everyone had gone home – we’ve all lost power at the office. It never happens at a good time, usually striking in the split second between polishing up a project and clicking “save”.

Fortunately, there’s a solution: Battery Backups, or as they’re known in the trade, Uninterruptable Power Supplies (UPS). You’ve probably seen them under somebody’s desk. They look like a power strip on steroids, often about the size of a shoe box, maybe with a few extra lights.

The box contains a battery that will kick on instantly when the power drops, giving you a chance to save your project and properly shut down your computer in the recommended glitch-preventing way.

The work-saving convenience of a battery backup is more than enough incentive to install one, but there are some very important technical reasons to use them too.

We don’t usually notice it, but the power coming into your building is dirtier than you think. It doesn’t always roll in smoothly, instead it comes in spikes and surges.  A UPS will work as high-end power strip to protect your equipment from the spikes, with the benefit of making up the slack if a brown-out, or dip in power occurs.

These peaks and valleys can be hard on your electronics. The use of a UPS has been proven to extend the life of sensitive devices like computers and networking equipment.

A UPS is also capable of gently shutting down your computer if you’re away when the power drops. Most come with software that can initiate a shutdown routine, just as you would if you were at your computer, protecting your system from hard drive damage and filesystem corruption.

When setting up your UPS, you should note that not all of the outlets provide full battery protection. Some provide surge protection only. With these options, you can plug your tower and critical components into the battery backup side, while still having ample surge-protection available for other accessories that shouldn’t be draining your battery during an emergency.

Already have one? It might be ready for a replacement. Manufacturers recommend testing and replacing a UPS every 3-5 years. If you’ve upgraded your system recently, do it a favor and plug it into a new battery backup. It’s only makes sense to protect your investment.

If you need help choosing a UPS, let us know. We can install, test, and configure the right backup for your computer, server, or other networking equipment. Don’t get caught in the dark! Give us a call today.

Thursday
Dec152016

A Billion Yahoo Users Hacked! Change Your Yahoo Password Now.

Yahoo just announced that they’ve been hacked. Again. This time the hackers snagged the login details of over a billion accounts. Yes, you read that right – that was billion with a “B.” How big is that? That’s one-in-seven of all of the humans on the planet big.

Here’s another way of looking at it: According to some sources, Yahoo only has 280 million active email users. How do we get to a billion? We have to assume that dang near every account ever set up on the system, past and present, has been compromised. And that includes you. And your kids. And maybe your dog.

The data breach reportedly includes not just passwords but real names, phone numbers, and user’s dates-of-birth.

This is bad news for Yahoo. They suffered a similar breach this fall, compounding stock-market woes, and a general lack of direction in the face of competition from Google, Facebook, Twitter, and other services that combine email, messaging, and content distribution.

So what should you do?

1. Change your password immediately, even if you already did a few months ago. Just change it again and make sure your new password is complex and hard to guess.

2. Turn on extra security features like two-step authentication. (This means that a second confirmation needs to take place – like responding to a text message – to make any changes to your account.) While anything can be spoofed, two-step authentication makes hacking exponentially harder to do.

3. Stay alert! Be on the lookout for suspicious activity. Your inbox might contain all of the details needed to gain access to ecommerce accounts that use your email address. Your account details may be just what spammers need to fool you into doing something foolish. Take a moment to review how you’ve been using your Yahoo account and consider what else might be affected. Give us a call if you need a second opinion or would like to move to a more secure email platform. We’re here to help. Yahoo might be struggling, but you don’t have to.

Thursday
Dec152016

“Locky” Ransomware – What You Need to Know

Locky is a new strain of ransomware, so-called because it renames all your important files so that they have the extension .locky.

Of course, it doesn’t just rename your files, it scrambles them first, and – as you probably know about ransomware – only the crooks have the decryption key.

Check out the full article here. Find out what you need to know.

Thursday
Dec082016

Automated Attacks Drive Ransomware Scourge

Ransomware is a threat that just won’t quit. A recent study put the corporate hit rate at close to 50%. Yes, you read that right – half of all businesses in the US & Canada have fallen victim to Ransomware infecting their users.

And here’s a frighteningly development: Now you don’t even have to been a geeked-out computer hacker to get into the game. Now anyone can buy automated Ransomware software for $39 off of the Dark Web. For the price of a few pizzas and a case of Mountain Dew, you too can be a cyber-criminal, no experience necessary.

If you’re new to the term, you can think of Ransomware as a combination of virus and hack. Ransomware is software that takes over the victim’s computer, encrypts the data, and then demands cash to go away. Welcome to the modern day, data-driven world of kidnapping.

It’s awful… and expensive. A typical Ransomware infection will demand $500 to $1000 to return the goods – assuming the hackers live up to their end of the deal. And that’s a big if.

Even if you get your files and system back in one piece, you’ve got to wonder what else they might have helped themselves to during the hack. Credit card numbers? Company secrets? Are you sure everything’s secure and they aren’t still listening in?

Ransomware’s #1 entry point is through email, hiding itself in seemingly innocent attachments. Always be sure to verify the source and intent of an email attachment before clicking on something you might regret. Hackers have gotten much better at making their spam look legit, but anything that looks a little bit off – misspellings, fuzzy logos, odd fonts, weird details – could be the tip-off you need. Think twice to avoid a big mistake.

Keep your system updated, backup your data. And if you’re not sure what to do next, give us a call. We’re here to help. Avoiding a Ransomware infection is much cheaper, and a lot quicker, than paying off the bad guys.