The KRACK ATTACK

10-17-17

This latest attack, or hack, is more ‘device’ related than network related, so it is important that all devices be updated as well as networks.
This Vulnerability can allow and attacker to use a ‘Man in the Middle’ type connection to gain access to all your information sent to and from a website (login information) as well as possibly gain access to your device as well, to view information on the device and possibly install items (ransomware) on your device.
Check with your device manufacturer to get a security update or patch to protect against this new found vulnerability.

This attack is not limited to recovering login credentials (i.e. e-mail addresses and passwords). In general, any data or information that the victim transmits can be decrypted.
Additionally, depending on the device being used and the network setup, it is also possible to decrypt data sent towards the victim (e.g. the content of a website). Although websites or apps may use HTTPS as an additional layer of protection, we warn that this extra protection can (still) be bypassed in a worrying number of situations. For example, HTTPS was previously bypassed in non-browser software, in Apple’s iOS and OS X, in Android apps, in Android apps again, in banking apps, and even in VPN apps.

Currently, at the writing of this, neither does ANDROID nor APPLE have a stable release of OS to combat or protect you against this attack.
Windows 10 Operating Systems patch for this was released back on the 10th of October.

Queen City Business network is already verifying the security settings for their clients most are on windows 10 and their network items already updated. 

We would love to hear discussion and feed back on this latest located loophole. 

What are your thoughts?

What were your experiences?

…and, as always, feel free to contact us for help!

Information above and more detailed information can be found here

How To Tell If A Charity Is A Scam

While there are legitimate charities and fundraising efforts, there are also reports of scam artists creating fake charities to con you out of your money and information.

The Federal Trade Commission has good advice on warning signs that could indicate a bogus charity.

Here is a TOP TEN List of the best tips we’ve found for detecting and avoiding scam charities.

1.) Beware pushy telemarketers: If you’re solicited for a donation, ask if the caller is a paid fundraiser, who they work for, and the percentage of your donation that will go to the charity and to the fundraiser.

2.) Ask for written information: This includes its full name, address, and telephone number.

3.) Call the charity: Find out if the organization is aware of the solicitation and has authorized the use of its name.

4.) Be wary of charities that spring up overnight:
They may make a compelling case for your money, but as a practical matter, they probably don’t have the infrastructure to get your donation to the affected area or people.

5.) Trust your gut and check your records:
Callers may try to trick you by thanking you for a pledge you didn’t make. If you don’t remember making the donation or don’t have a record of your pledge, resist the pressure to give.

6.) Be cautious of “look-alike” websites and charities: Fraudulent websites might look a lot like an authentic organization, but may have slightly different URLs. Some organizations may also use names that closely resemble well-established charities.

7.) Protect yourself: Never give your Social Security number or other personal information in response to a charitable solicitation, and don’t hand out your credit card information to an unfamiliar organization.

8.) Do your research on social network fundraising: If you’re are planning to donate through a social network solicitation, find out what percentage is going to the charity, whether you will be charged a fee, or if a percentage of your donation will be paid to the platform website.

9.) Watch out for similar sounding names:
Some phony charities use names that closely resemble those of respected, legitimate organizations. If you notice a small difference from the name of the charity you intend to deal with, call the organization you know to check it out.

10.) Be wary of charities eager to collect cash:
If they say they are sending a courier or offering overnight delivery service to collect your donation immediately, you have to wonder whether the charity is legitimate.

Two more to good things to know….

Know the difference between “tax exempt” and “tax deductible”:
Tax exempt means the organization doesn’t have to pay taxes. Tax deductible means you can deduct your contribution on your federal income tax return.

Contact the office that regulates charitable organizations and charitable solicitations in your state: The National Association of State Charity Officials has contact information for regulators in each state available on its website.
Your state office also can verify how much of your donation goes to the charity, and how much goes to fundraising and man­agement expenses.
You also can check out charities with the Better Business Bureau’s Wise Giving Alliance and GuideStar.

Yet Another Ransomware

Yet Another Ransomware

DMA-Locker-LOGOAnother ransomware found in the wild called DMA Locker.Seems these are popular and gaining in frequency of appearance.  The ability for these infections to extort money quickly is more effective than one may think. How much would you pay to get your data back?  Ransomware remains Continue reading

Adobe FLASH Type Confusion Vulnerability

Ransomware-MalwareOver the weekend a new Ransomeware type attack was discovered to leverage vulnerabilities in adobe Flash player.  There are still MANY sites on the web that use this player. Game sites Video Streaming Sites, Etc.  Flash has over one billion users, so odds are you are affected by this update.

Be certain not only your flash player is up-to-date but your Anti-virus, Malware detection, and (for those of you lucky enough) your UTM/Router software, and you can prevent this attack before it starts or in case of the UTM before it even enters your network.
Continue reading

Microsoft’s HoloLens…Game Changer or Another Headset Fad?

Microsoft’s HoloLens…Game Changer or Another Headset Fad?

 

Microsoft's HoloLens...Game Changer or Another Headset Fad?

My Thoughts...

IF IT WORKS AS ADVERTISED… TOTAL Game Changer. Microsoft’s HoloLens. I feel this has the capacity to take computing to the next level (Finally. Microsoft has been in a downward spiral ever since the ‘old knowledge’ left {whole additional blog}).Continue reading

Upgrade to Windows 10 for free… Or NOT.??

First I want to point out that we support Small Business Computer Networks. Depending on your situation and environment this may play out differently, but for a person with a business to run who may not have the Computer Support or Network Support that they need, here are my thoughts.Continue reading