The utility of virtual assistants like Amazon's Alexa and Google Home are undeniable. They're just genuinely handy devices to have around.
Unfortunately, they're also prone to abuse and exploits by hackers and unsavory developers. They can be used to spy on and even steal sensitive information from unsuspecting users.
This is not new in and of itself. Security researchers around the world have, at various points over the last couple of years, sounded the alarm about weaknesses and exploits. To the credit of both companies, any time this has happened, both Amazon and Google have responded promptly, plugging gaps and shoring up the security of their devices.
Unfortunately, every few months or so, new exploits are discovered. The two companies are essentially playing Whack-A-Mole with security flaws, which appear to have no end.
Recently, security experts published two videos, one for Alexa and one for Google Home. Each demonstrated a simple back-end exploit that anyone with a DevKit could employ. The exploits revolve around inserting a question character (U+D801, dot, space) to various locations in the code. Then they introduce a long pause during which the assistant remains active and listening.
To give you an idea of how this could be exploited, one of the example videos shows a horoscope app triggering an error, but the presence of the special character introduces a long pause during which the app is still active.
During the long pause, the app asks the user for their Amazon/Google password while faking a convincing looking update message from Amazon or Google itself. Given the long pause, few users associate the poisoned horoscope app with the password request. It seems like it's coming from the device itself.
It's both sneaky and troublesome, and worst of all, even when both companies move to address this issue. By this time next month if history is a guide, there will be others. We're not saying not to use them, but when you do, be very mindful.
Call SpartanTec, Inc. now and let our team set up an effective IT strategy to protect your devices and network from all kinds of online threats and exploits.
Are a small to medium size business that is in need of better security for your computer systems and client data? Maybe you have been searching for a local IT company that can provide the support you need. The first search term you may think of is probably not Managed IT Services. Managed services, is by far one of the most poorly developed search terms on earth. Although managed services is used mostly in the technology arena, the name does not effectively represent managed services, what they have become and why you need to select a provider of managed services for your business.
The Types Of Managed Services
Generally speaking, managed services are provided by an IT service provider or what they refer to as managed service provider (MSP). However, that does not always need to be the case. There are power MSPs, waste MSPs, as well as supply chain MSPs. But in most cases, the term refers to computer security and other Information Technology (IT) projects. If you want to better understand what a MSP does, it makes a lot of sense to understand how the MSP model came about.
The History of Managed IT Services
Before a Fortune 500 list, many small businesses, had IT equipment such as switches, routers, and servers that would periodically go down and need maintenance. If Ford’s production line were to shut down due to a router linked to one of their suppliers, they could not get the parts in a timely manner (often referred to as Just In Time Inventory). Imagine what that will cost in terms of dollars, productivity, and time. There’s also no means to determine if something was broken or was about to break, you learned that the internet was down when the production line ceased to function. Businesses (and the government) soon determined there had to be a better way.
Network Monitoring & Management and SNMP
Now, there’s SNMP or Simple Network Management Protocol. Developers and manufacturers seeing this require built in SNMP into their software and hardware which permitted a few users to easily and quickly control a lot of devices rather than relying on internal organization support to scale. The idea of Network Monitoring and Management came to be. Technicians can see all the log files from every router in a single location and check errors before a device instantly stopped. This solved the problem with scale, however, the issues still remained. Reliability. Things still malfunctioned with SNMP. The Break/Fix or Things Break/We fix it model was every common and it had to be improved.
What’s Wrong With The Break/Fix Model?
Developing automobiles is the primary business of Ford and not to manage internet connections between different locations. Despite the ability to scale, firms realized that they required to outsource to professionals, however, they also required a method to control the costs and lower the outages. On one hand, having a dedicated team for things that may break a couple of times would be expensive and on the other hand, an outage of just one day could blow the budget for the whole year. Additionally, even if they spend all of this money to redo the network with SNMP, they lacked the expertise to manage it properly.
Service Level Agreements Come Into Play
Companies required a way for the IT Managed services provider to feel the burden when something malfunctioned and that’s when the idea of “Service Level Agreements,” came to be. Ford need to spend money to have these intricate networks set up, however, the MSP will be responsible for servicing it, monitor it, and in case of an outage, fix it within the period specified in the contract, because if not, the service provider will be liable for the outage, hence, the term, managed services. Other services were included as time went by, such as Backup and Disaster Recovery, Server Management, Help Desk, Network Security, and more. It went beyond more monitoring. It became a bunch of bundled services that are managed by a service provider. It is easy to translate that specific model to power outages, subpar water quality, or a problem in the supply chain and how the manage services term makes a lot of sense.
SpartanTec, Inc. is your local Managed IT Services provider. We work with small to medium size businesses in North and South Carolina to ensure your computer systems are functioning and safe from outside intrusion.
Call us today or complete out Contact Us form to schedule a time for an in-depth review of your systems.
Blog
What You Need To Know About Managed IT Services
Posted by spartansue On October 31, 2019
Share
IT Support
Are a small to medium size business that is in need of better security for your computer systems and client data? Maybe you have been searching for a local IT company that can provide the support you need. The first search term you may think of is probably not Managed IT Services. Managed services, is by far one of the most poorly developed search terms on earth. Although managed services is used mostly in the technology arena, the name does not effectively represent managed services, what they have become and why you need to select a provider of managed services for your business.
The Types Of Managed Services
Generally speaking, managed services are provided by an IT service provider or what they refer to as managed service provider (MSP). However, that does not always need to be the case. There are power MSPs, waste MSPs, as well as supply chain MSPs. But in most cases, the term refers to computer security and other Information Technology (IT) projects. If you want to better understand what a MSP does, it makes a lot of sense to understand how the MSP model came about.
The History of Managed IT Services
Before a Fortune 500 list, many small businesses, had IT equipment such as switches, routers, and servers that would periodically go down and need maintenance. If Ford’s production line were to shut down due to a router linked to one of their suppliers, they could not get the parts in a timely manner (often referred to as Just In Time Inventory). Imagine what that will cost in terms of dollars, productivity, and time. There’s also no means to determine if something was broken or was about to break, you learned that the internet was down when the production line ceased to function. Businesses (and the government) soon determined there had to be a better way.
Network Monitoring & Management and SNMP
Now, there’s SNMP or Simple Network Management Protocol. Developers and manufacturers seeing this require built in SNMP into their software and hardware which permitted a few users to easily and quickly control a lot of devices rather than relying on internal organization support to scale. The idea of Network Monitoring and Management came to be. Technicians can see all the log files from every router in a single location and check errors before a device instantly stopped. This solved the problem with scale, however, the issues still remained. Reliability. Things still malfunctioned with SNMP. The Break/Fix or Things Break/We fix it model was every common and it had to be improved.
What’s Wrong With The Break/Fix Model?
Developing automobiles is the primary business of Ford and not to manage internet connections between different locations. Despite the ability to scale, firms realized that they required to outsource to professionals, however, they also required a method to control the costs and lower the outages. On one hand, having a dedicated team for things that may break a couple of times would be expensive and on the other hand, an outage of just one day could blow the budget for the whole year. Additionally, even if they spend all of this money to redo the network with SNMP, they lacked the expertise to manage it properly.
Service Level Agreements Come Into Play
Companies required a way for the IT Managed services provider to feel the burden when something malfunctioned and that’s when the idea of “Service Level Agreements,” came to be. Ford need to spend money to have these intricate networks set up, however, the MSP will be responsible for servicing it, monitor it, and in case of an outage, fix it within the period specified in the contract, because if not, the service provider will be liable for the outage, hence, the term, managed services. Other services were included as time went by, such as Backup and Disaster Recovery, Server Management, Help Desk, Network Security, and more. It went beyond more monitoring. It became a bunch of bundled services that are managed by a service provider. It is easy to translate that specific model to power outages, subpar water quality, or a problem in the supply chain and how the manage services term makes a lot of sense.
SpartanTec, Inc. is your local Managed IT Services provider. We work with small to medium size businesses in North and South Carolina to ensure your computer systems are functioning and safe from outside intrusion.
Call us today or complete out Contact Us form to schedule a time for an in-depth review of your systems.
What You Need To Know When Hiring A New IT Consulting Company
Imagine this. You’ve been grounded a state of uncertainty when it comes to IT. During the evening and on weekends, a tech savvy friend helps you with your technological solutions. Or maybe you have your office manager does whatever he can to keep your technology working.
After some time, you finally realize that you require an IT consulting company to help diagnose issues and fix major problems. However, that IT provider has other accounts to deal with and not always there to help you whenever you have a request. You and your staff end up idle while the downtime negatively impacts your revenue and productivity.
You need to find a new IT partner. But how can you protect your company from the chaos and make sure that the change will run smoothly? How will you know if the new provider is going to keep your units running and your staff productive while the switch is taking place? Perhaps it is much better to just stick with your current lacklustre IT provider you know rather than risk all that you have now for a new company.
Over time, proactive IT services will cost a lot less than break/fix or reactive services. SpartanTec, Inc. understands that having a new IT provider could be a stressful process. It’s not as easy as changing your accountant. Your new IT company must bring about the same level of trust.
What Your New IT Consulting Firm Should Do?
Determine the high risk parts that need immediate attention. In case you backup drive has been working for several years but only creating backups for local directories, not all of the data, this crucial need have to addressed first to guarantee business continuity as well as stability of all systems.
Offer Proactive Monitory Of Your Systems 24/7
Does your new IT consulting in Myrtle Beach specialize in a mix of preventative and proactive maintenance as well as 24/7 monitoring? Do they have access to a Network Operations Center that uses the knowledge and expertise of more than 200 technicians? In case you have an emergency, such resources must be available to fix any issue in a timely manner.
Implement Services That Suit Your Needs and Budget
Proactive IT consulting companies offer long term value compared to break/fix or reactive services. However, that does not mean that you do not have any budgetary constraints. Your IT provider should be able to understand them and determine the right course of action.
Create Long Term Plans Of Action For Software, Hardware, and Support Upgrades
No IT firm should suggest services your company does not need. They must, on the other hand, work closely with you to determine areas where upgrades and managed IT services are necessary so that your business runs smoothly.
Listen
This should flow from every point mentioned earlier. An IT consulting firm must serve as your trusted advisor that understands your business goals, listens to your concerns, asks you questions about your technology needs, and concentrates on ways to improve your company’s profitability and productivity. When you make a decision to upgrade your existing IT situation, your new IT provider must also work closely with your previous IT team to get all the needed information and make your IT transition as soon as possible.
Call SpartanTec, Inc. if you are looking for a reliable, trustworthy, and experienced IT consulting company that can help make sure that your technology works the way it should.
A team of six researchers from Ruhr-University Bouchum and Munster University, in Germany have discovered a critical flaw in the way that popular PDF viewers display data.
This makes it possible for an attacker to exfiltrate data from encrypted PDF files.
The researchers tested twenty-seven different desktop and web-based PDF viewer apps ranging from the ubiquitous Adobe Reader, to Foxit, and even the viewers built into both Chrome and Firefox. They found that every single one of them were vulnerable to the new attacks they engineered. The researchers developed two major lines of attacks with a few variants based on each type.
They had this to say about their findings:
"Our attacks allow the recovery of the entire plaintext of encrypted documents by using exfiltration channels, which are based on standard-compliant PDF properties...our evaluation shows that among 27 widely used PDF viewers, all of them are vulnerable to at least one of these attacks. These alarming results naturally raise the question of the root causes for practical decryption exfiltration attacks. We identified two of them.
First, many data formats allow to encrypt only parts of the content. This encryption flexibility is difficult to handle and allows an attacker to include their own content, which can lead to exfiltration channels.
Second, when it comes to encryption, AES-CBC--or encryption without integrity protection in general--is still widely supported. Even the latest PDF 2.0 specification released in 2017 still relies on it. This must be fixed in future PDF specifications."
This is an alarming discovery although these attacks have not yet been seen in the wild. Now that the word is out, it's just a matter of time. Worse, there's no fix on the horizon, which means that the PDFs you may be relying on to help keep your data secure, simply aren't.
Given that even encrypted PDF files could now be accessed by hackers, you need to be more vigilant in keeping your files secure. Call SpartanTec, Inc. and let our team help you protect your data and sensitive personal and business information.
It’s the time of the year when people rush to travel. With the busy travel season drawing near, it is crucial for travelers to be very careful.
Whether you travel just for the love of it or you have to because of your line of work, traveling especially when going abroad, presents a distinctive cyber security threat. Business travellers are vulnerable since they commonly take with them sensitive business and personal data, on different devices like tablets, laptops, and smartphones. Security isn’t something that can be provided to you by a single machine. You require a security suite that can help safeguard all of your devices, including your iPad, Android smartphone, Mac, and Windows PC.
Does that mean you cannot travel anymore? Of course not! Here are some of the most effective cybersecurity tips when you are traveling abroad.
Lock Down Your Devices
Laptops, tablets, and smartphones have security settings that will allow you to lock your device with a fingerprint ID or a pin. You must do this on all of your devices. Also, while you are traveling, don’t forget to change the PIN numbers. In case you misplaced any of your devices, your PIN will be your first line of defence against potential security breaches.
Public Wi-Fi Isn’t Always Safe
The regulations and laws that monitor cyber security in other nations are not the same as the ones implemented in the United States. It is undeniable that free Wi-Fi access could be appealing not only for leisure travellers but for business travellers as well. However, it also poses security risks. Don’t use unencrypted Wi-Fi networks, if you are at the hotel, ask about their security protocols before connecting to their Wi-Fi. You have to be extra cautious when using the internet at cafes and if possible, don’t use personal accounts or access sensitive data while you are connected to a public Wi-Fi.
Disable Auto-Connect
Most smartphones in the United States have a feature that lets a device to connect to Wi-Fi networks automatically as you go through them throughout the your daily activities. Although it is a nice feature when utilized at home, it is not a feature that you have to use when traveling abroad. Before you go traveling, you need to change this setting so that your laptop and smartphone need to be manually connected every time you want to access the internet.
Minimize Location Sharing
It is very common for business and leisure travellers to post on their social media accounts whenever they visit a new place. This main problem with this kind of excessive sharing is that it makes your home vulnerable. By posting that you are not at home, you are telling criminals that you are not home or in your hotel room. It is best to limit the information that you post online especially when it comes to your specific whereabouts.
Install Anti-Virus Software
The most effective and easiest to secure your personal information and company information while traveling is by installing an anti-virus protection. Apart from that, you need to update the program regularly whenever newer versions are available.
Update Your Operating System
Just like the anti-virus that you need to install in your devices, the operating system must also be kept up to date. This is applicable not only on your laptops or desktops but also on the apps of your phone.
Update Your Passwords
In case you are scheduled to travel, you have to change all of your passwords that you use regularly. If you need to create a PIN for a security box or safe in a hotel room, be sure that it is unique and not something that you use regularly.
Call SpartanTec, Inc. if you need the expert assistance of IT experts in securing your personal and business information.
Being more of a nuisance than anything, adware doesn't see as many innovations as other forms of malware. Once in a while, an adware developer surprises the security researchers.
That happened recently when two researchers working for enSilo discovered an innovation in an adware strain, known as DealPly.
As Adi Zeligson and Rotem Kerner indicated in a recent blog post, DealPly has some interesting features bolted on, which make it much more adept than most other forms of adware at avoiding detection by antivirus programs.
The adware is typically installed on a target's machine by being bundled with a legitimate app. Once it's installed, it will add itself to the Windows Task Scheduler and run every hour. Each time it runs, it will contact its command and control server and request instructions.
Here's where things get interesting. DealPly was designed modularly and makes use of Virtual Machine Detection and Machine Fingerprinting techniques.
Microsoft SmartScreen is one of two major systems used to verify the risk of files and web addresses. It's updated regularly with newly blacklisted sites. Naturally, malware authors find this to be a problem because it only gives them a limited window of time before their code and malicious URLs wind up on the list.
DealPlay, however, contains code that seems to be based on a reverse-engineering of Microsoft SmartScreen. When it contacts its command and control server, it requests a list of hashes and URLs to query using the SmartScreen reputation server. Once it has its list of queries to make, it will send a JSON request to the SmartScreen API to see if the server will respond with any of the following:
Essentially, this query allows DealPly to know whether it has been blacklisted. If so, the software enters an idled state until it can be updated. This allows DealPly's developers a something close to real-time mechanism to know when they need to update their code, allowing them to stay ahead of the curve. Very clever. Very clever indeed, and troubling to IT staff everywhere. We can expect this technique to be copied by other malware developers, worldwide.
Call SpartanTec, Inc. and let our team of IT experts check your business' vulnerability to the most common online threats. We can help you protect your business from data breaches.
If you own an Android device, there's a new threat to be at least moderately concerned about. It takes the form of a new ransomware family that spreads from one victim to the next with text messages that contain poisoned links to every contact on an infected device.
The ESET research team that found the software had this to say about it:
"Due to narrow targeting and flaws in both execution of the campaign and implementation of its encryption, the impact of this new ransomware is limited.
If your system is infected, the first thing it will do is raid your contacts list and send SMS text messages to everyone on it. Anybody who clicks on the link in the SMS message will also be infected.
After sending a flurry of messages, the malware will turn its attention to your device itself. It will then set about the task of encrypting most of the files on your device. Fortunately, the people behind this new threat prove themselves to be new to the game."
ESET continues:
"After the ransomware sends out this batch of malicious SMSes, it encrypts most user files on the device and requests a ransom. Due to flawed encryption, it is possible to decrypt the affected files without any assistance from the attacker."
All in all, this issue is only of minor concern. It's annoying, and certainly time consuming to restore your files. However, it's not an especially dangerous malware strain - yet, and that's the problem.
Whomever is behind this new threat certainly has the right idea, even if they lack the technical chops to pull it off. Skills, however, can be learned and honed. As a first try, this effort is disturbing because it's clever. The moment the people who wrote the code get the technical skills to pair with that cleverness, they're going to be genuinely dangerous.
Do you want to know if your business and client information are secured and protected? Call SpartanTec, Inc. now for more information. Let our team of IT experts perform a complete and thorough review of your network, employee practices, and safety measures and determine if it is enough to protect you from the most common online threats today.
