Recent Blog Posts
The contraption used to hack garage doors is built from a discontinued Mattel toy from 2007: the IM ME. The IM ME is a supposedly secure wireless instant messaging system that works similar to a mobile phone. It was meant to be a kid-friendly, secure alternative to a mobile phone for texting. The IM ME stores an address book for other users of IM ME, and used an Internet connection to communicate with each other. If you look at it now, you wouldn’t be surprised to hear that it?s no longer supported and that it has no place in today?s computing world. Smartphones are largely more efficient and dynamic as communication tools. Just last year, it was discovered that the IM ME could be turned into a device that can hack into any garage door that?s using an unsecured fixed code transmitted from a remote, rather than one which uses a ?rolling code? that changes with every button press. This flaw was discovered by Samy Kamkar, an independent developer and technology consultant, who then proceeded to exploit the flaw to demonstrate its danger. He built the device using the IM ME as a base model, then added a simple antennae and open-source hardware attachment. Kamkar, calling his device OpenSesame, explains that his device works differently from what are called ?code grabbers.? An ordinary code grabber will snatch the code from the garage door button when it?s pressed, and reuse it to open the door at a later time. This requires the hacker to be present when the button is pressed (similar code grabbers also exist for automobile key fobs, which is a pretty scary concept on its own). OpenSesame can accomplish this same goal without being near the user, which makes it much more dangerous. The most dangerous part of this hacking experiment is the fact that any hacker can walk up to a vulnerable garage door and have it open in around eight seconds. As reported by WIRED: Using a straightforward cracking technique, it still would have taken Kamkar?s program 29 minutes to try every possible code. But Kamkar improved his attack by taking out wait periods between code guesses, removing redundant transmissions, and finally using a clever optimization that transmitted overlapped codes, what?s known as a De Bruijn sequence. With all those tweaks, he was able to reduce the attack time from 1,771 seconds to a mere eight seconds. If you?re curious about how Kamkar?s device works, you can watch this video to see the device in action. Furthermore, if you want to see if your own garage door is vulnerable, you can view this video where he goes into detail about which doors are vulnerable, and why. This more than proves the fact that hackers engage in some dangerous and unpredictable acts, and that the Internet of Things continues to be a major reason for this. With so many more devices connecting to the Internet and communicating with each other with near-field communications and Bluetooth, the situation could very quickly turn into a nightmare scenario for your business. If your network isn?t prepared to handle the dangers and threats that come from unregulated Internet of Things devices, it?s a very real possibility that your organization could suffer a data breach or worse. It?s your responsibility to ensure […]
The problem is that both a lack of electricity and Internet connectivity can lead to downtime, which is a well-known culprit for breaking budgets. Without electricity, your building’s technology cannot function, and without the Internet, your cloud-connected systems will be inaccessible. In both cases, productivity ceases, and you?re left without access to mission critical files. Your organization should be prepared to deal with these worst-case scenarios, which means you should have contingencies put into place to prevent downtime from sudden power or Internet outages. So, how can you bounce back from a power outage or an Internet connection problem? For starters, don?t immediately send your employees home. You only want to do this if you?re absolutely sure that there isn?t any work that needs to get done in the office. If you think that the Internet or power outage won?t last very long, you can probably get around wasting time by using this chance to take care of often-forgotten in-house tasks. Here are some ideas for helping you through your outage: Hold Staff MeetingsHave you ever canceled a staff meeting last minute due to an unforeseen phone call? If you don?t need technology to hold a staff meeting, there?s no better time than during an outage. If you can?t do anything anyway, you might as well talk about important initiatives, team building, or consistent issues within the workplace that need to be addressed. Think of it as a really convenient inconvenience! Organize and Clean Your OfficeThere?s a saying in the service industry that applies here: if you have time to lean, you have time to clean. Instead of having your staff sitting around waiting for services to be restored, you can have them tidy up the office and clean up their own personal workplaces. If your team needs an excuse to stay in the office to make financial obligations, you can put them to work. Catch Up On Employee EvaluationsIf you haven?t had time to catch up on employee evaluations, and you have some time to spare in between trying to fix the outage, you can take some time to tell your employees how they?re doing and what can be improved upon. Critically evaluate your employees so that they know how to improve their work performance. By the time you?ve finished, you?ll have a better idea of how your team is doing, and what you can do to make it better. If All Else Fails, Send Your Team HomeDowntime isn?t easy to overcome, and sometimes the only option that you have is to send your team home for the day. Even if this doesn?t feel like an option, and you have important work that needs to get done, there?s always the option of letting them work remotely, should they be equipped with the technology to do so. Either way, the more time that your team wastes sitting around waiting for the outage to be resolved, the more time and revenue that?s wasted. While making the best of downtime might be your only option, at White Mountain IT Services, we consider downtime to be an emergency. If your network or a critical part of your IT infrastructure goes down, leaving your employees high and dry, our technicians go into emergency mode. If your business wants to learn more about how to prevent downtime, give […]
According to a 2015 study from CompTIA, employee errors are at the root of roughly 52% of corporate security breaches. Employee errors that compromise your cyber security include the following:? Careless Internet browsing and email use; for example, thoughtlessly downloading email attachments.? An inclination to take online communications and websites at face value and quickly trust them.? A failure to protect sensitive data; this includes sharing passwords, transferring confidential files over insecure connections, and neglecting to apply encryption.? A lack of awareness about cyber security threats.? Ignorance or negligence regarding your company’s cyber security policies. Any of these behaviors can expose you to a devastating cyber attack. For example, a quickness to trust people at face value can lead your company to fall victim to a successful phishing attack. Phishing is a common cyber crime that involves tricking someone into disclosing sensitive information. Recently, for instance, cyber criminals obtained employee tax records from a variety of organizations. One method involved sending an email supposedly from the company’s CEO and requesting the information. Rather than double-checking the authenticity of the request, and remaining suspicious about a demand to send tax forms over email, employees complied. Any organization, large or small, can fall victim to these attacks. Cyber criminals attempt to exploit every vulnerability in a company’s IT configuration. And they can often count on human error to give them openings for an attack. What can you do about these kinds of employee errors?To begin with, your company needs to come up with a comprehensive cyber security plan that includes clear policies governing employee behavior in various IT scenarios. Whether it’s transmitting files or using only approved applications for work, your employees should have guidelines and standards to follow. However, as important as it is to devise comprehensive cyber security policies, those policies won’t make much of a difference if employees neglect them. Their neglect will undermine any efforts you make to secure your data and network. For example, a recent article from Business Cloud News reports that “employee negligence and indifference” weaken security when companies rely on cloud-based programs. How can you combat employee neglect? First, you must enforce your policies. If employees assume that their poor cyber habits won’t result in lost privileges or other consequences, they won’t have as much motivation to follow policies. At the same time, you shouldn’t make them so afraid of punitive action that they fail to quickly report errors that compromise security and require a rapid response. Having your employees undergo cyber training is an important step. Training should emphasize how cyber security is critical for a company’s success and that employees can apply it at home to make their personal computing safer as well. Good training will lead to a deeper understanding of cyber security risks and the need to question online communications, protect data, and collaborate in efforts to keep your company secure. Management should also model good cyber security habits to employees; when company executives don’t appear to care about cyber security, employees won’t concern themselves with it either. The key is to promote an overall culture in your company that stresses the importance of cyber security. Instead of leaving security solutions entirely in the hands of your IT personnel, make everyone a part of the solution. To further help your […]
The end of life event for SQL Server 2005 took place on April 12th, which means that if you haven?t upgraded yet to a more recent version, then you really, really need to. Let?s face it, 10 years is a long time to run any software without updates, much less SQL Server. You?ll want to upgrade to a version that?s supported by Microsoft?s security patches and updates. By going with the latest versions like SQL Server 2014 or Azure SQL Database, your data will be protected for years to come. White Mountain IT Services can assist you with such an upgrade so that you won?t experience any surprises with a lack of compatibility of your mission critical apps. Running into an error like this can severely hinder operations. Additionally, upgrading your SQL Server may require apps to be reconfigured and upgraded, which is much more challenging than simply plugging in a new version of SQL Server and walking away. Tim Hegedus, senior manager of the analyst team with Miro Consulting, explains to CIO, ?The biggest risk stems from continuing to use the product when there is any kind of uncontrolled or external access to that database. Any security breach can be damaging not just monetarily but also reputationally.” Additionally, organizations that work with sensitive data need to understand that using unsupported software like SQL Server 2005 (or any other unsupported software) can open themselves up to some hefty fines. Some of these violations can result in fines amounting to thousands of dollars, per record. For businesses looking to upgrade, now may be an opportune time to try out Microsoft’s Azure offering. An Azure SQL VM is a legitimate option to consider, especially if you?re wanting to move away from having to buy and maintain a new server unit, install a bunch of software, and move all of your data. Depending on your needs, there are many other options, and White Mountain IT Services can help you weigh the pros and cons of each solution. For help upgrading away from SQL Server 2005, or any other unsupported software that may be putting your company at risk, give our professional IT technicians a call at (603) 889-0800.
Notification When a Server Goes DownRemote network monitoring software can tell you when a server has gone down. Manually checking the status of each server is time-consuming, while waiting for user complaints only ensures that you find out about a downed server hours after failure takes place. Remote network monitoring software continuously checks the status of your servers and notifies you if something goes awry. Notification When Disk Space Runs LowRemote network monitoring software can notify you when a system is low on disk space. Systems can run low on disk space because anomalous activity has caused logs to fill the disk or because your applications or users have begun to fill the disk with their material. A full disk can cause your server to fail in unexpected ways. Remote network monitoring can notify you when a disk starts to fill so that you can take the appropriate corrective action. Automated LAN DiscoveryRemote network monitoring software can automatically detect when new computers have been added to your network. It can send alerts when it detects a new device; this can make you aware when an authorized user adds their own personal computer to your network or an unauthorized person attaches a device that might compromise your network. Easy and Fast DeploymentThe right network monitoring software can be deployed easily and quickly. It does not require installation of system monitoring software or require long training cycles. Comprehensive ReportsRemote network monitoring software can provide comprehensive reports on the status of your systems. As the network administrator, you can customize these reports to focus on the items that you find most important. You can also schedule them to be sent periodically and automatically. Reports can be sent to email and exported to HTML, MS Word or Excel formats. Event Log MonitoringRemote network monitoring software can watch your servers’ event logs for incidents that are important to you. It can notify you when changes happen or when system-specific software detects an incident and writes it to the event log. This helps you to address problems before they lead to downtime. Alert on FIle Changes and ViolationsRemote network monitoring software can let you know when critical files have been changed, or when someone has tried to access a file that they shouldn’t. This can help you to detect viruses or intrusions within your network. Notification When Traveling Users ConnectRemote network monitoring software can let you know when off-site users connect to your systems. Odd patterns in off-site user connections can indicate a security breach or that a user’s credentials have been compromised. Remote network monitoring helps you to detect these types of issues. Remote network monitoring makes it easier for you to manage, administer and secure more systems more easily. It provides notifications when a system goes down, when a computer is low on disk space, or when specified events have been written to a log. Instead of fixing a server when users complain, you can address root causes before they become big problems. If you are interested in remote monitoring for your network, please contact us.