Tuesday, September 27, 2016

Yahoo hack: It's not just Verizon; AT&T customers should be worried too.

The massive hack that Yahoo disclosed last week is a headache for Verizon, the telecom giant set to take ownership of the company early next year.

Rival AT&T should be nervous too...

That's because many AT&T customers get the option to use a Yahoo Mail account to manage services like home broadband, wireless and pay-television services.

It's the outgrowth of a partnership from 15 years ago between Yahoo and AT&T (then called SBC Communications), bringing AT&T broadband customers to Yahoo's search engine and media services, including Yahoo Mail. At the time, critics hailed the deal as a landmark partnership that would better combat the growing power of AOL and Microsoft's MSN portal.

Today, AOL is part of Verizon, Microsoft's MSN is no more and AT&T likely isn't feeling so great about the deal.

Yahoo said Thursday that the hack compromised at least half a billion accounts containing user names, email addresses and passwords. That makes it the biggest attack ever. US Senator Mark Warner has asked the Securities and Exchange Commission to investigate the matter.                                    
The hack puts AT&T in an uncomfortable position. The company is still waiting for data from Yahoo on the specific customers who may have been affected, according to a person familiar with their dealings.

"We began investigating immediately and requested information from Yahoo necessary to determine which email accounts may have been compromised," the company said in a statement. "In the meantime, we are in the process of notifying potentially affected customers."

Chances are, a significant number of AT&T customers are affected.

AT&T was in the middle of breaking up with Yahoo before the attack, having announced in May that it would instead tap Synacor to handle its internet and mobile portal business.
The loss of the deal, worth an estimated $100 million a year, came at a time when chatter had heated up over potential suitors for Yahoo. AT&T was among the rumored bidders, but Verizon snagged the internet pioneer with a $4.8 billion offer.

For now, AT&T is offering little advice to its customers beyond the standard line: regularly change your passwords.

That, along with these other tips, is advice everyone should heed.

Monday, September 26, 2016

This is what you should do if your Yahoo account was hacked.

The company said on Thursday at least 500 million user accounts were affected by a massive data breach. The hack happened in 2014, when "state-sponsored actor" stole account information, including names, emails, passwords, telephone numbers and answers to some security questions.

So what should you do if you have a Yahoo account?

First and foremost, you'll want to change your password immediately. All Yahoo account holders should also change their security questions and answers.

If your account is one Yahoo suspects was compromised, you'll be prompted to enter a new password as soon as you log on. If you used the same password on other accounts, change those, too.

Here are other steps to take to secure your online accounts.

Change passwords often
Yahoo is asking anyone who hasn't changed their password since 2014 to update it. This is good advice for everyone: Passwords should be changed often. You won't always get a timely notice from a company that an account was compromised -- and sometimes it might not even know about a hack until much later. In this case, it took two years for the company to confirm the breach.

Never use the same password twice
If hackers get the password for one of your online accounts, they can try to use it to access your other accounts that take the same credentials.

Pick better passwords
Consider using a phrase instead of single words that are more easily guessed. Don't go for common phrases like cliches: Pick a combination of words that don't go together -- i.e. rather than "herecomesthesun," go for something like "waterfiresnowsunshine".

Avoid using common passwords like 1-2-3-4-5-6 or p-a-s-s-w-o-r-d, and include a mixture of numbers, letters and characters.

Use a password manager
Since strong unique passwords are a huge pain to memorize, try a password manager like 1Password or LastPass. These platforms generate and store passwords and security answers for every account you have, so you only have to remember a single master password.

Update those security questions
If you forget a password, using security questions is an easy way to gain access back into your own account -- its not like you'll ever forget your mom's maiden name. But some Yahoo security answers and questions were a part of the breach. The company has already disabled any unencrypted security answers on its accounts.

If you frequently use the same security questions and answers for other online accounts, you'll want to change those, as well. Attackers could use the information taken from Yahoo to obtain access to other online accounts that contain even more sensitive information.

Avoid choosing the obvious questions and don't provide answers that are easy to find online through Google searches or social media sites.

Be alert
The company is urging users to look through their Yahoo accounts (email, calendar, groups, etc.) for any signs of suspicious activity. Although it doesn't say what to look for, start by checking outgoing emails.

Be extra careful about clicking on links or opening downloads from unknown email addresses. If anyone emails asking for your password, it's a red flag -- even if it looks like it's coming from a legitimate place like Yahoo or a bank. Never share any account information or passwords over email.

Turn on two-factor authentication
On its own, a password isn't a strong line of defense. Adding a second type of authentication, like a one-time code sent over text message or generated by an app, can greatly secure your online accounts.

Yahoo is recommending people turn on its two-factor authentication tool: Yahoo Account Key. It even eliminates the need to memorize a Yahoo password.

If you use the Yahoo Android or iOS app, log in to your account, go to your profile and select Account Key. You can also set it up in a web browser. Each time you try to access your account, Yahoo will send a confirmation to your phone.

While it's certainly an extra step, make it a part of your daily routine. Next time there's a story about a massive data breach, you'll be glad you did.

Thursday, September 22, 2016

HP detonates its time bomb: printers stop accepting third party ink.

On September 13, owners of HP OfficeJet, OfficeJet Pro and OfficeJet Pro X began contacting third-party ink vendors by the thousand, reporting that their HP printers no longer accepted third-party ink.

The last HP printer firmware update was pushed in March 2016, and it appears that with that update (or possibly an earlier one), HP had set a time-bomb ticking in its customers' printers counting down to the date when they'd begin refusing to follow their owners' orders.

HP says that the March update's purpose was "to protect HP's innovations and intellectual property."

In 2003, Lexmark (then an IBM division) sued Static Controls, saying that the company had violated Section 1201 of the Digital Millennium Copyright Act by reverse-engineering its toner cartridges and refilling old ones that could successfully pass Lexmark's checks for valid, full cartridges.

Lexmark had an "I am empty" bit in their cartridges; when the cartridge ran out of toner, the bit flipped to "true." Even if you refilled your cartridge, your printer wouldn't use it, because it saw the cartridge as empty. Static Controls figured out how to flip that bit back to "false."

Lexmark invoked Section 1201 of the DMCA, which makes it a criminal and civil offense to bypass an "effective means of access control" for a copyrighted work. The DC Circuit court asked Lexmark which copyrighted work was being protected by its access control, and it argued that the checking routine itself was copyrighted, as well as the "Empty" bit. The court found that the DMCA could only be invoked where there was a copyrighted work apart from the access control, and that a single bit didn't qualify as a copyrightable work. Lexmark lost.

HP will likely raise similar arguments when, inevitably, its competitors start making cartridges that trick your printer into obeying you, rather than HP. But there's a potential difference between HP and Lexmark: namely that HP cartridges now have lots of copyrighted software, not just "I am empty" bits and access control systems.

This isn't just true of HP cartridges: software, and access controls that give manufacturers the legal right to reach into your home and boss you around via your gadgets, has proliferated into pacemakers, insulin pumps and implanted defibrillators; into thermostats, baby monitors, and home security systems; into cars and tractors; into voting machines and seismic dampers in skyscrapers.

One thing is for sure...if you buy ink through IES, you would not have noticed this change. We sell only certified HP branded products at a discount. Call or email us today for a quote! 781-816-9437 / estimates@iesadvisors.com

Wednesday, September 21, 2016

What to do with a wet iPhone 7.

Apple's newest smartphones, the iPhone 7 and 7 Plus, are water resistant - which means they're designed to withstand a bit of wetness but aren't meant for underwater use. They can handle being submerged under a meter of water for up to 30 minutes, but it's not officially recommended.

However, if you do get the smartphone wet by "accident," or can't resist a tiny splash test, Apple has some new advice on exactly what to do to minimize the chance of damage. Best of all, no rice is involved!

First, don't get it wet on purpose. Apple's warranty still doesn't cover water damage, and there's always a chance the phone could take in liquid. Yes, Apple will know if water was the cause of death. Buried inside the phone is a liquid contact indicator - a small sticker that changes colors if it comes into contact with water.

If it does get damp, unplug any cables and do not attempt to charge it or plug anything into the Lightning connector for at least five hours. You want the phone to be completely dry before introducing electricity. Refrain from opening the SIM tray as well, since that can give water a way into the inner workings of your iPhone.

To dry the device, wipe off the outside with a soft cloth. Stand it up and gently tap it on your hand to shake out any water that's pooled inside the Lightning port. Do not try and dry the port by probing it with a wadded up bit of paper or a Q-tip.

Next, leave it out someplace with good airflow. Don't try and speed up the process with a hair dryer. Placing it in rice won't make the process go faster, and the grain can actually damage the port. A cool fan pointed at the Lightning port is ok, but beyond that it's just a matter of patience.

The device is rated iP67, so it's built to keep out both dust and water. The 6 refers to its level of dust protection and means the phone is totally protected from dust. The 7 is how waterproof it is, out of a possible rating of 8. Be especially careful around salt water, which is more corrosive and can cause much more damage than freshwater.

Thursday, September 15, 2016

The Pokemon Go ransomware virus is out to catch’em all!

A Pokemon Go-themed ransomware virus has appeared on Windows computers, tablets and phones. The ransomware is the latest in a series of malicious applications that have popped up in the wake of the global Pokemon Go obsession.

This particular piece of malware is known as POGO Tear and it’s based on open source ransomware code called Hidden Tear. POGO Tear encrypts the files on victims’ computers, changes the extension to “.locked” and then demands a ransom on a screen emblazoned with famed character Pikachu’s picture.

POGO Tear is currently coded to display its ransom message in Arabic only as shown below. The text informs users that their data has been encrypted and instructs them to contact blackhat20152015@gmail.com to decrypt their files. It also thanks them for their generosity.

What’s interesting about this malware is that it incorporates several features not usually found in other ransomware viruses. POGO Tear creates an administrative user account called Hack3r on the victim’s machine and then hides it from the logon screen so the user can’t tell it’s there.

It also creates a network share on the victim’s computer and copies itself to all available network drives. The ransomware automatically executes when Windows starts.

If your computers have been infected with ransomware or any other viurus, call IES today at 781-816-9437. The longer you wait, the worse the situation will be!

Wednesday, September 14, 2016

Apple's iOS 10 update is causing major headaches for some users.

Apple users who were quick to download its latest iOS 10 software yesterday were subject to a major bug that left devices temporarily useless.

Not long after the company rolled out its new mobile operating system, some users complained it "bricked" their iPhones and iPads. Bricking refers to an issue that blocks access to your phone with a black screen.

Users who experienced a failed update were required to plug devices into computers and connect to iTunes to restore the system.

While the iOS issues are unexpected, we always suggest holding off updating new mobile software until Apple works out first iteration kinks. Early adopters tend to find out about software bugs the hard way.

The restoration process should reinstate the device's most recent backup. If you haven't updated to iOS 10 and want to do so, be sure to back it up first to prevent data loss. To backup a device via iTunes, connect it via a USB cable to iTunes, tap on the device name and click "Back Up Now."

The company's Twitter account is also fielding hundreds of complaints addressing the bricking issue.

Although you may want to wait to install iOS 10 for now, the new software has a lot to offer: There's a greater emphasis on photos and messaging, an improved Maps interface, and it finally allows you to remove default apps like Stocks or Find My Friends.

IMPORTANT NOTE: We always like to inform people that upgrading your iPhone / iPad an entire iOS level puts you more at risk for your device dying sooner. The components in a device are made for the operating system that is installed in them. (Example: iPhone 6 came with a 9.x operating system. It is ok to update that phone to any 9.x OS, but when you upgrade to iOS 10.x, you may start to notice problems such as slow speeds, random crashes, etc).

Tuesday, September 13, 2016

Hi Adblock Plus...lets talk about the word irony.

Adblock Plus is launching a new service that puts more ads on your screen. Yes, you read that correctly. The #1 ad blocker is now selling ads.

Rather than stripping all ads from the internet forever, Adblock Plus is hoping to replace the bad ads — anything it deems too big, too ugly, or too intrusive — with good ads, ones that are smaller, subtler, and theoretically much less annoying.

It’ll begin doing that through an ad marketplace, which will allow blogs and other website operators to pick out so-called “acceptable” ads and place them on their pages. If a visitor using Adblock Plus comes to the page, they’ll be shown those “acceptable ads,” instead of whatever ads the site would normally run.

“It allows you to treat the two different ecosystems completely differently and monetize each one,” says Ben Williams, Adblock Plus’ operations and communications director. “And crucially, monetize the ad blockers on on their own terms.”

The marketplace is a extension of the Acceptable Ads program that Adblock Plus has been running since 2011. Since then, the ad blocker has defaulted to “whitelisting” approved ads, so that they show up even when users have the blocker turned on. But the program has been fairly limited in scope, since publishers and ad networks need to specifically work with (and pay) Adblock Plus to have their ads deemed acceptable. It’s a time-consuming process, Williams emphasized, which limits how many websites can sign up to display ads to would-be blockers.Adblock Plus hopes that, through this new marketplace, there’ll be a big expansion in the usage of Acceptable Ads. Because they’re already picked out and ready to go, any publisher will be able to sign up, plug some code into their website, and start running whitelisted ads. None of the ads are able to track visitors from site to site, and they’ll all be limited to certain dimensions and page locations, as defined by Adblock Plus’ guidelines.

The program is meant to be friendly to publishers — it is, after all, letting them display some ads instead of none whatsoever. But there’s still obvious reason for publishers to be unhappy. Acceptable ads are likely to be less valuable than the ads a publisher could otherwise display, limiting what a website can earn. And in setting up its own marketplace, Adblock Plus continues to position itself as a gatekeeper charging a toll to get through a gate of its own making.

Publishers will get to keep 80 percent of all ad revenue from marketplace ads, with the remaining 20 percent being divided between various other parties involved with serving the ads. Adblock Plus will receive 6 percent of total revenue.

The ad marketplace is launching in beta today and is supposed to launch in full later this year. At the same time, Adblock Plus is working toward setting up a committee of publishers, privacy advocates, and advertisers to figure out the future of what its Acceptable Ad guidelines should look like. That too is supposed to get nailed down sometime later this year, with committee meetings beginning next year.

Source: The Verge

Friday, September 9, 2016

Computer system outages can cost some serious money...just ask Delta.

The numbers are in - and it's amazing how much a five hour system outage can cost!

The problem occurred when the company lost power at its operations center in Atlanta early on the morning of August 8, causing computers needed to book in passengers and fly jets to be down for nearly five hours.

The airline eventually canceled about 1,000 flights on the day of the outage and ground an additional 1,000 flights over the following two days. It also agreed to give affected customers refunds and vouchers for future travel.

The cost of the outage was disclosed in a presentation Delta made to investors Wednesday to the tune of $150 million. The losses came out of pre-tax profits, but the airline did not provide a break down of the various costs.

Delta is not the only airline to experience these kinds of computer problems recently.

British Airways was hit with its own computer problems on Tuesday. Southwest had to deal with a computer outage in July that resulted in canceled flights over three days.

Southwest said in an investor presentation on Wednesday that the outage hurt its quarterly revenue. The airline didn't place a precise dollar figure, but it did give ratios that would work out to at least a $177 million hit to passenger revenue.

Despite the news about the cost of the outages, and information from both airlines that fares continue to be lower than they were a year ago, airline stocks are up broadly as a group in trading Wednesday. The data on fares showed less of a decline than many investors had feared.

Clearly system outages cost some serious money. If you want to protect your business' important computer systems, call IES today at 781-816-9437 or email contactus@iesadvisors.com. We can help you prevent a costly outage.

Thursday, September 8, 2016

Case study: free wifi for apartment building tenants.

The Fenmore is a 205 unit apartment complex located just steps from the home of the Boston Red Sox: Fenway Park. Built around 1912, The Fenmore originally boasted such amenities as an office staff who would receive packages or call one a carriage for a trip to the shops in Copley Square, maids who would change the linen, and a housekeeping service which would tidy up by using the latest in centralized vacuum systems.

But a century later, the residents were looking for a much more modern amenity: wireless Internet.

When initially exploring the idea of installing a system, they were presented with a number of challenges. The biggest issue was the construction itself. Typical for the time period, the seven buildings that make up the Fenmore were built with brick and mortar, horsehair plaster and wire lathe, making the required cabling extremely difficult. 

That’s where IES came in....using newly developed technology, IES was able to create a building wide network for all the residents to use. It’s easy to manage, easy to deploy, and it’s incredibly cost effective. The board of directors understood the value immediately.

Over a period of two weeks, 83 strategically placed access points were installed with 6,000 feet of cat5 wiring running through seven 24 port switches. After the initial installation, the system was then setup in the cloud for management and troubleshooting purposes. Additionally, the cloud made it easy set bandwidth limits, monitor traffic, control access with a community wide password, create a custom splash page, and much more.

The project was a huge success from day one. Everyone at the Fenmore has since cancelled their own Internet service and are now enjoying free wireless throughout the property. Best of all, the residents as a whole are saving over $6,000 a month by not having an Internet bill.

When issues do arise, IES is able to provide Fenmore residents with remote support and network maintenance. The network is easy to maintain and when downed nodes do need to be replaced, it’s fast and the cost is very low.

If you are interested in creating a powerful, custom branded network, give IES a call at 781-816-9437 or email estimates@iesadvisors.com. This technology is not only perfect for apartment buildings or condo associations, but why not add your brand to your vacation home, business, store front, restaurant, or hotel? The marketing abilities using this technologies are endless.