• Posted on March 27, 2017 2:45 pm
    Joseph Forbes
    1

    The Cyber Division of the U.S. Federal Bureau of Investigation (FBI) has issued an alert to warn the healthcare industry that malicious actors are actively targeting File Transfer Protocol (FTP) servers that allow anonymous access. According to the law enforcement agency, attackers have targeted the FTP servers of medical and dental facilities in an effort to obtain access to protected health information (PHI) and personally identifiable information (PII), and use it to intimidate, blackmail and harass business owners. “The FBI recommends medical and dental healthcare entities request their respective IT services personnel to check networks for FTP servers running in anonymous mode. If businesses have a legitimate use for operating a FTP server in anonymous mode, administrators should ensure sensitive PHI or PII is not stored on the server,” the FBI said. The agency cited research conducted in 2015 by the University of Michigan, which showed that more than one million FTP servers had been configured for anonymous access. These servers allow users to authenticate with only a username, such as “anonymous” or “ftp,” and either a generic password or no password at all. The FBI pointed out that vulnerable FTP servers can also be abused to store malicious tools or to launch cyberattacks. “In general, any misconfigured or unsecured server operating on a business network on which sensitive data is stored or processed exposes the business to data theft and compromise by cyber criminals who can use the data for criminal purposes such as blackmail, identity theft, or financial fraud,” the FBI warned. In 2015, IBM named healthcare as the most attacked industry, with more than 100 million records compromised, after in the previous year this sector did not even make it to the top five. An IBM report for 2016 showed that the volume of compromised records was smaller, but the number of data breaches increased, causing operational, reputational and financial damage to healthcare organizations. A report published recently by Fortinet showed the top threats targeting healthcare companies in the last quarter of 2016, including malware, ransomware, IPS events, exploit kits and botnets.

    Blog Entry, DATA, Hacking
  • Posted on March 26, 2017 12:00 pm
    Joseph Forbes
    No comments

    This list describes common causes of slow Internet connections in homes. A poorly performing connection can be caused by broadband router configuration errors, wireless interference, or any of several other technical issues with your home network. Use these tips to not only diagnose but also fix the causes of slow Internet connections. Many of them apply to wireless hotspot connections, too. 1 Check Your Broadband Router Settings stefanamer/iStock As the centerpiece of a network, a broadband router can be responsible for slow Internet connections if configured improperly. For example, the MTU setting of your router will lead to performance issues if set too high or too low. Ensure your router's settings are all consistent with the manufacturer's and your Internet Service Provider (ISP) recommendations. Carefully record any changes you make to your router's configuration so that you can undo them later if necessary. 2 Avoid Wireless Signal Interference United States Radio Spectrum - Frequency Allocations. www.ntia.doc.gov Wi-Fi and other types of wireless connections may perform poorly due to signal interference, which requires computers to continually resend messages to overcome signal issues. Household appliances and even your neighbors' wireless networks can interfere with your computers. To avoid slow Internet connections due to signal interference, reposition your router for better performance and change your Wi-Fi channel number. 3 Beware of Worms... Internet Worms An Internet worm is a malicious software program that spreads from device to device through computer networks. If any of your computers are infected by an Internet worm, they may begin spontaneously generating network traffic without your knowledge, causing your Internet connection to appear slow. Keep up-to-date antivirus software running to catch and remove these worms from your devices. 4 Stop Network Applications Running in the Background Some software applications you install on a computer run as so-called background processes - hidden behind other apps or minimized to the system tray - quietly consuming network resources. Unlike worms, these applications are designed to do useful work and not the kind a person wishes to remove from their device normally. Games and programs that work with videos in particular can heavily utilize your network and cause connections to appear slow. It's easy to forget these applications are running. Always check computers for any programs running in the background when troubleshooting a slow network. 5 Isolate and Repair Faulty Network Equipment When routers, modems or cables malfunction, they won't properly support network traffic at full speeds. Certain technical glitches in network equipment negatively affect performance even though connections themselves can sometimes still be made. To troubleshoot potentially faulty equipment, temporarily re-arrange and re-configure your gear while experimenting with different configurations. Systematically try bypassing the router, swapping cables, and tests with multiple devices to isolate the slow performance to a specific component of the system. Then decide if it can somehow be upgraded or repaired... or if it needs to be replaced. 6 Work with Your Internet Service Provider (ISP) if Necessary Command Prompt - Ping - Unresponsive IP Address. Bradley Mitchell / About.com Internet speed ultimately depends on the service provider. Your ISP may change their network's configuration or suffer technical difficulties that inadvertently cause your Internet connection to run slowly. ISPs may also intentionally install filters or controls on the network that can lower your performance. Don't hesitate to contact your service provider if you suspect they are responsible for a slow Internet connection.

    Blog Entry, DATA, Internet
  • Posted on March 19, 2017 11:16 am
    Joseph Forbes
    No comments

    Websites getting blacklisted is a very extensive problem faced by businesses. When it happens, web masters panic and the vendors face an interruption in their daily business as they struggle to assist their concerned consumers to clean their websites and return online. It can happen due to a variety of reasons. Even Google may blacklist a website, and on an average, it's been estimated that about 10,000+ websites get blacklisted on a daily basis.​ Getting to Know about the Mishap Many businesses cannot afford to install costly monitoring programs or employ security experts and often take time to realize that their site has been blacklisted. Almost 50% of the business owners are warned about the compromised site by a search engine, browser or other alert when they try to visit their own site. Time is the biggest enemy of blacklisted websites as every minute that the site remains blocked is precious and leads to revenue losses due to the bad impact on its marketing activities and eventually sales and loss of the organization’s reputation. Be Prepared to Deal with the Problem It might take several hours or even days to get rid of the malware and protect a website based on the infection’s severity; it also depends on whether or not the website is secured by an effective and frequent backup regimen. The foremost part of the fix is eradication of the malware and restoration of the website. Even after this process, the web masters have to request Google to review the site before getting the block removed. Dealing with Black-listed Websites Web hosts find it to be a nightmare to handle blacklisted client websites, straining their operations and possibly weakening their credibility. Clients generally fail to understand the reason behind the blacklisting of their site and tend to unjustly put the blame on their host. Smart hosting vendors should extend assistance to their customers and help them get over the trouble at the earliest. Hosts that provide robust tools to solve the problem of their clients will finally instil a sense of loyalty and confidence in them. Vendors that lack these tools may waste considerable resources on remediation and in the process, even lose their valuable clients. Blacklist remediation will not be an extensive ordeal if the affected site owners have smart automatic backup regimen in place as they can restore the functionality and files of the affected site easily with the right tools. To help their clients, hosting vendors should be aware of the following remediation steps so that it can be implemented efficiently and quickly as soon as a client finds out that his website has been blacklisted. Look for Malware Check for malware by running efficient antivirus programs on all the computers used by an admin for logging into the website. Also, scrutinize the server logs for any activity by the admin whose computer is infected. Change the logins and passwords for all accounts, including those of database access, FTP, CMS accounts, and system administrator. Ensure that strong passwords are set. A sophisticated hosting provider should let their customers to make these changes easily on a dashboard interface. Let customers know how important it’s to install the latest editions of Operating Systems, apps, blogging platform, CMS, and plug-ins. Delete any new or modified file that has been added to the server after detection of the problem and execute a complete system restore. The restoration can be completed through a single click if you provide a cloud-oriented auto backup and disaster recovery services to your clients. If not, the clients will have to find the latest clean editions of each modified file and manually download them. Request Google to Review the Site and Remove the Blacklist This is the best way for hosting vendors to handle the remediation as soon as possible; just ensure that the tools required for getting a customer’s website back online are ready with you always.

    Blog Entry, DATA, Internet
  • Posted on January 26, 2017 11:55 am
    Joseph Forbes
    No comments

    Keeping track of passwords can seem like a hassle. Most of us have multiple sites we visit which require password logins. So many, in fact, that it's tempting to use the same username/password combo for all of them. Don't. Otherwise, it takes only the compromise of a single site's credentials to have a toppling domino affect on the security of all your online assets. Fortunately, there is a fairly straightforward way to have different passwords for each site you use but still make the passwords easy enough to remember. Creating Unique Passwords Before you begin creating strong passwords, you need to consider the use of those passwords. The intent is to create strong passwords unique to each account, but easy enough to memorize. To do this, first begin by splitting the sites you frequently login to into categories. For example, your category list might read as follows: social networking sites auction sites ecommerce sites email accounts banking sites forums A word of note here about forums. Never use the same password for a site's forum as you would for logging into the site itself. Generally speaking, the security on forums is not as strong as it is (or should be) for the regular site and thus the forum becomes the weakest link in your security. This is why, in the example above, forums are split into a separate category. Now that you have your categories, under each appropriate category, list the sites to which you must log in. For example, if you have a Hotmail, gmail, and Yahoo account, list these under the category 'email accounts'. After you've completed the list, you're ready to begin creating the strong, unique, and easy-to-remember passwords for each. Creating Strong Passwords A strong password should be 14 characters. Each character less than that makes it a little easier to compromise. If a site absolutely won't allow a password that long, then adapt these instructions accordingly. Using the 14 character password rule, use the first 8 characters as the common portion to all passwords, the next 3 to customize by category, and the last 3 to customize by site. So the end result ends up like this: common(8)|category(3)|site(3) Following this simple rule, when you change your passwords in the future - which, remember, you should do often - you'll only need to change the first common 8 characters of each. One of the commonly recommended means of remembering a password is to first create a passphrase, modify it to the character limit, then begin swapping characters for symbols. So to do that: Come up with an 8 letter passphrase that is easy to remember. Take the first letter of each word to form the password. Substitute some of the letters in the word with keyboard symbols and caps (symbols are better than caps). Tack on a three letter abbreviation for the category, also replacing one of the letters with a symbol. Tack on a site specific three letter abbreviation, again replacing a single letter with a symbol. As an example: In step 1 we might use the pass phrase: my favorite uncle was an air force pilot Using the first letters of each word, we end up with: mfuwaafp Then we swap some of those characters with symbols and caps: Mf{w&A5p Then we tack on the category, (i.e. ema for email, and swap out one character of ema: e#a Finally, we add the site abbreviation (i.e. gma for gmail) and swap out one character: gm% We now have a password for our gmail account of Mf{w&A5pe#agm% Repeat for each email site, so perhaps you end up with: Mf{w&A5pe#agm% Mf{w&A5pe#aY%h Mf{w&A5pe#aH0t Now repeat these steps for the additional categories and sites within those categories. While this may look hard to remember, here's a tip to simplify - decide in advance what symbol you will equate with each letter. Be sure to check out these other tips for remembering passwords. You may be surprised to learn that some of the oldest advice may just be the wrong advice.

    Blog Entry, DATA, Internet
  • Posted on January 13, 2017 12:48 pm
    Joseph Forbes
    No comments

    So, you just bought a shiny new wireless router. Maybe you got it as a gift, or you just decided it was time to upgrade to a new one. Whatever the case may be, there are a few things you should do to make it more secure as soon as you get it out of the box. Here Are Some Tips on How to Secure Your Brand New Wireless Router: 1. Set a Strong Router Admin Password As soon as your prompted by your new router's setup routine, make sure you change your router's admin password and make it a strong one. Using the default password is a horrible idea because hackers and pretty much anyone else can look it up on the router manufacturer's website or on a site that lists default password information. 2. Upgrade Your Router's Firmware When you bought your new router, chances are, it may have been sitting in a warehouse for months, then on a store shelf for quite some time. During this time the manufacturer may have found some bugs or vulnerabilities in the firmware (software/OS that it built into the router). They may have also added new features and other upgrades that may improve the security or functionality of the router. In order to make sure that you have the latest and greatest version of the router's firmware, you'll need to check your router's firmware version to see if it is current or if there is a newer version available. Follow the manufacturer's instructions on how to check the firmware version and how to perform a firmware upgrade. 3. Turn on WPA2 Wireless Encryption When you set up your new router, you may be prompted to choose a form of wireless encryption. You should avoid the outdated WEP encryption, as well as the original WPA. You should opt for WPA2 (or whatever the most current form of wireless encryption is). Choosing WPA2 will help protect you from wireless hacking attempts. Check out our article on how to enable wireless encryption for full details. 4. Set a Strong SSID (Wireless Network Name) and Pre-Shared Key (Wireless Network Password) A strong wireless network name (SSID) and a strong wireless password is just as important as a strong router admin password. What is a strong network name you ask? A strong network name is a name that is not a default set by the manufacturer and is also not something that is commonly found on a list of most common wireless network names. If you use a common network name, you may be leaving yourself open to Rainbow Table-based encryption attacks that might allow hackers to crack your wireless network password. A strong wireless network password is also a crucial part of your wireless network's security. Check out our article on how to change your wireless network's password for details on why you need to make this password a complex one. 5. Turn on Your Router's Firewall And Configure it Odds are pretty good that your new wireless router features a built-in firewall. You should take advantage of this feature and enable and configure it to protect your network. Make sure to test your firewall to ensure that it's working after you have set it up. 6. Enable Your Router's 'Stealth Mode' (if available) Some Router's have a 'Stealth Mode' that helps to make your router, and the network devices behind it, less conspicuous to hackers on the Internet. Stealth mode helps to hide the status of open ports by not responding to requests sent by hackers to check for the presence of open ports that might be vulnerable to attacks. 7. Disable Your Router's 'Admin Via Wireless' Feature To help prevent hackers from doing a 'drive by' wireless attack where they pull up nearby and attempt to gain access to your router's admin console, disable the "Admin via Wireless" option on your router. Turning this off makes your router only accept administration via one of the Ethernet ports, meaning that unless you have a physical connection to the router then you can't administer it.

    Blog Entry, Internet, Security
  • Posted on January 9, 2017 11:11 am
    Joseph Forbes
    No comments

    How your online habits leave you and your computer at risk Keeping safe online takes more than just installing a few security programs. To protect both you and your computer, here are the top ten bad habits you need to avoid. Browsing the Web with javascript enabled by default Today's attackers are more likely to host their malicious files on the web. They may even update those files constantly using automated tools that repackage the binary in an attempt to bypass signature-based scanners. Whether through social engineering or through website exploit, the choice of browser will be of little help. All browsers are equally susceptible to Web-based malware and this includes Chrome, Firefox, Opera, and the much-maligned Internet Explorer. Disabling Javascript on all but the most trusted sites will go a long ways towards safer web browsing. Using Adobe Reader/Acrobat with default settings Adobe Reader comes pre-installed on most computers. And even if you never use it, just the mere presence can leave your computer at risk. Vulnerabilities in Adobe Reader and Adobe Acrobat are the number one most common infection vector, bar none. Making sure you stay up-to-date with the latest version of Adobe products is imperative, but not foolproof. To use Adobe Reader (and Acrobat) safely, you need to make a few tweaks to its settings. Clicking unsolicited links in email or IM Malicious or fraudulent links in email and IM are a significant vector for both malware and social engineering attacks. Reading email in plain text can help identify potentially malicious or fraudulent links. Your best bet: avoid clicking any link in an email or IM that is received unexpectedly - particularly if you do not know the sender. Clicking on popups that claim your computer is infected Rogue scanners are a category of scam software sometimes referred to as scareware. Rogue scanners masquerade as antivirus, antispyware, or other security software, claiming the user's system is infected in order to trick them into paying for a full version. Avoiding infection is easy - don't fall for the bogus claims.   Logging in to an account from a link received in email, IM, or social networking Never, ever login to an account after being directed there via a link received in an email, IM, or social networking message (i.e. Facebook). If you do follow a link that instructs you to login afterwards, close the page, then open a new page and visit the site using a previously bookmarked or known good link.   Not applying security patches for ALL programs Chances are, there are dozens of security vulnerabilities waiting to be exploited on your system. And it's not just Windows patches you need to be concerned with. Adobe Flash, Acrobat Reader, Apple Quicktime, Sun Java and a bevy of other third-party apps typically host security vulnerabilities waiting to be exploited. The free Secunia Software Inspector helps you quickly discover which programs need patching - and where to get it.   Assuming your antivirus provides 100% protection So you have antivirus installed and are keeping it up-to-date. That's a great start. But don't believe everything your antivirus does (or rather doesn't) tell you. Even the most current antivirus can easily miss new malware - and attackers routinely release tens of thousands of new malware variants each month. Hence the importance of following all the tips provided on this page.   Not using antivirus software Many (probably infected) users mistakenly believe they can avoid malware simply by being 'smart'. They labor under the dangerous misconception that somehow malware always asks permission before it installs itself. The vast majority of today's malware is delivered silently, via the Web, by exploiting vulnerabilities in software. Antivirus software is must-have protection. Of course, out-of-date antivirus is almost as bad as no antivirus software at all. Make sure your antivirus software is configured to automatically check for updates as frequently as the program will allow or a minimum of once per day. Not using a firewall on your computer Not using a firewall is akin to leaving your front door wide open on a busy street. There are several free firewall options available today - including the built-in firewall in Windows XP and Vista. Be sure to choose a firewall that offers both inbound and (as importantly) outbound protection.   Falling for phishing or other social engineering scams Just as the Internet makes it easier for legitimate pursuits, it also makes it easier for scammers, con artists, and other online miscreants to carry out their virtual crimes - impacting our real life finances, security, and peace of mind. Scammers often use sad sounding stories or promises of quick riches to hook us into being willing victims to their crimes. Exercising common sense is one of the best ways to avoid online scams. For extra help, consider installing one of the free anti-phishing toolbars

    Blog Entry, Hacking, Internet
  • Posted on January 5, 2017 10:12 am
    Joseph Forbes
    No comments

    The problem begins with Microsoft's attempt to update things for Operating Systems (Like Windows 7), to be compatible with the newer Windows Update methods.   Since the release of Windows 8 & 10, including the 8.1, and 10 AU updates, Windows 7 has fallen behind in the care and love from Microsoft.  However sometime in July some patches were applied that broke the Windows Update process for Older Windows 7 systems.   This really affected people with clean/new installs of Windows 7, that haven't had all the updates applied since June/July 2016. I've had this problem with virtual machines I've recently setup that had clean installations of Windows 7, but Service Pack 1, is pretty far behind.  I haven't done my "due diligence" in slipstream Windows Updates into my Install ISO. After awhile, I found out that letting the Windows 7 machines just idle (tax at 100% CPU & RAM) for three days, until finally Windows Update shows a list of available updates to apply.  Then once more, having to apply those updates, and do it again to finish up with any updates that were not discovered beforehand. Step 1. Make sure you have KB 3078601, 3109094, 3138612, 3145739, and 3164033 installed You only have to do this once. To see if you're missing any of them, you can check the Windows Updates installed updates list (Start, Control Panel, under Windows Update click View installed updates). But it’s probably easier to download all of them and try to install them. If one is already installed, the installer will tell you -- no harm done. Step 1a. Make sure you know if you have a 32-bit (so-called “x86”) or 64-bit (“x64”) version of Windows 7. If you’re not sure, click Start, right-click Computer, choose Properties, and look under System type. Step 1b. Use any browser to go to each patch download site: KB 3078601  x64 x32 KB 3109094  x64  x32 KB 3138612  x64  x32 KB 3145739  x64  x32 KB 3164033  x64  x32 Step 1c. On each of those sites, Click Download. You’ll get an MSU file. In Chrome and IE, by default, you see an offer to either Open or Save the file. Save it. In Firefox, by default, the file downloads. These Microsoft servers are notorious for freezing -- sometimes the download won’t start, sometimes it won’t finish. If that happens to you, try reloading the page (click the circle-arrow near the address bar). You can also switch browsers. In any case, if you experience oddities while trying to download you aren’t the only one. Step 1d. Turn off Windows Update. The least confusing way to do that is to click Start > Control Panel > System and Security > Administrative Tools. Double-click on Services. Scroll down the list of Services and click once on Windows Update. Then, in the upper-left corner, click the link marked Stop. Step 1e. Double-click to run each of the five downloaded files. If the installer says you already have the patch, smile and go on to the next. Running those five updates will get you set up for the one significant update you need to run each month. Unless something weird changes (hey, this is Windows), you never need to go through Step 1 again. Step 2. Find this month’s favored patch and install it Unfortunately, the patch itself changes from month to month -- or at least, it has changed in every month since March. Here’s how to finish the job: Step 2a. Go to wu.krelay.de/en and find the latest magical patch. It’s listed at the top of the first table on the wu.krelay.de/en site. In July, the magic patch was KB 3168965. No doubt there will be a new one in August and another in September -- for however long we have to struggle with slow Win7 updates. Step 2b. Armed with the knowledge about whether your Windows 7 installation is 32- or 64-bit, use the links in that first table with any browser to download the correct patch. Step 2c. Save the patch but don’t install it. Step 2d. Make sure the Windows Update service is stopped. See Step 1d above. Step 2e. Double-click to run the downloaded patch. Step 2f. Reboot, as instructed after the patch is installed. (The Windows Update service will restart itself.) Then click on Start, Control Panel, and under Windows Update click Check for updates. If all went well, the check should take a few short minutes. My thanks -- and deep admiration -- to Dalai, ch100, and EP.

    Blog Entry, HAPPINESS, Patches
  • Posted on January 3, 2017 12:00 pm
    Joseph Forbes
    No comments

    Keeping track of passwords can seem like a hassle. Most of us have multiple sites we visit which require password logins. So many, in fact, that it's tempting to use the same username/password combo for all of them. Don't. Otherwise, it takes only the compromise of a single site's credentials to have a toppling domino effect on the security of all your online assets. Fortunately, there is a fairly straightforward way to have different passwords for each site you use but still make the passwords easy enough to remember. Creating Unique Passwords Before you begin creating strong passwords, you need to consider the use of those passwords. The intent is to create strong passwords unique to each account, but easy enough to memorize. To do this, first begin by splitting the sites you frequently login to into categories. For example, your category list might read as follows: social networking sites auction sites ecommerce sites email accounts banking sites forums A word of note here about forums. Never use the same password for a site's forum as you would for logging into the site itself. Generally speaking, the security on forums is not as strong as it is (or should be) for the regular site and thus the forum becomes the weakest link in their security. This is why, in the example above, forums are split into a separate category. Now that you have your categories, under each appropriate category, list the sites to which you must log in.  For example, if you have a Hotmail, Gmail, and Yahoo account, list these under the category 'email accounts'. After you've completed the list, you're ready to begin creating the strong, unique, and easy-to-remember passwords for each. Creating Strong Passwords A strong password should be 14 characters. Each character less than that makes it a little easier to compromise. If a site absolutely won't allow a password that long, then adapt these instructions accordingly. Using the 14 character password rule, use the first 8 characters as the common portion to all passwords, the next 3 to customize by category, and the last 3 to customize by site.  So the end result ends up like this: common(8)|category(3)|site(3) Following this simple rule, when you change your passwords in the future - which, remember, you should do often - you'll only need to change the first common 8 characters of each. One of the commonly recommended means of remembering a password is to first create a passphrase, modify it to the character limit, then begin swapping characters for symbols. So to do that: Come up with an 8 letter passphrase that is easy to remember. Take the first letter of each word to form the password. Substitute some of the letters in the word with keyboard symbols and caps (symbols are better than caps). Tack on a three letter abbreviation for the category, also replacing one of the letters with a symbol. Tack on a site specific three letter abbreviation, again replacing a single letter with a symbol. As an example: In step 1 we might use the pass phrase: my favorite uncle was an air force pilot Using the first letters of each word, we end up with: mfuwaafp Then we swap some of those characters with symbols and caps: Mf{w&A5p Then we tack on the category, (i.e. ema for email, and swap out one character of ema: e#a Finally, we add the site abbreviation (i.e. gma for gmail) and swap out one character: gm% We now have a password for our gmail account of Mf{w&A5pe#agm% Repeat for each email site, so perhaps you end up with: Mf{w&A5pe#agm% Mf{w&A5pe#aY%h Mf{w&A5pe#aH0t Now repeat these steps for the additional categories and sites within those categories. While this may look hard to remember, here's a tip to simplify - decide in advance what symbol you will equate with each letter.

    Blog Entry, Data Recovery, Hacking
  • Posted on January 2, 2017 4:16 pm
    Joseph Forbes
    No comments

    Hackers have been hacking wireless networks for a long time, but they don't even need to hack your wireless if you never changed your wireless router's admin password from its default value. If you never changed the admin password on your router after you set it up the first time, then all the hacker needs to do is look up the default password and log in. There are lists on the internet that provide hackers with the default admin passwords for most commercially available routers on the market today. Just Google: "Default Router Password List" and you'll find several sites that provide the default passwords for just about every major brand of wireless router available. Other sources of default admin passwords include downloadable PDF manuals available in the support section of most router manufacturer websites. If you're like many people, when you first setup your router you plugged it in, followed a couple of steps on a quick setup card, and everything just started working. End of Story You may have not gone back to change the admin password after you used it to setup the router. Here are the general steps you will need to follow in order to change and/or reset the password on your wireless router: If you have completely lost the password that you set and need to set the router back to its factory default password, perform the following steps: Below are general instructions only. Directions vary by make and model of router. Please consult your router's operating manual before performing any kind of reset procedure, and always follow proper safety precautions indicated in your router's documentation. PLEASE NOTE: The first step in this process will wipe out all of your router's configuration settings and set them back to their out-of-the-box factory defaults. You will have to change all your routers settings such as your wireless network SSID, password, encryption settings, etc, after performing this step. 1. Press and hold the reset button on the back of your wireless router You will probably have to hold the reset button from 10 to 30 seconds depending on your brand of router. If you hold it for too short a time it will simply reset the router but won't revert back to its factory default settings. On some routers you may have to use a pin or thumbtack to press the button if it is recessed inside the router. 2. Connect a computer to one of your router's Ethernet ports (but not the one that says WAN) Most router's have a web browser-accessible administrator page that you must log in to in order to access the router's configuration settings. Some routers disable administration via wireless, so you will need to ensure that you are connected to the router via an Ethernet cable before attempting to access the router's configuration page. 3. In the browser address bar, enter the IP address of your router's administration interface Most routers have what is called a non-routable internal IP address such as 192.168.1.1 or 10.0.0.1. This is an internal address that cannot be accessed from the internet. Here are the standard admin interface addresses used by some of the more popular wireless router manufactures. You may have to consult your specific router's manual for the correct address. The following list is some of the default IP addresses based on my research and may not be accurate for your specific make or model: Linksys - 192.168.1.1 or 192.168.0.1 DLink - 192.168.0.1 or 10.0.0.1 Apple - 10.0.1.1 ASUS - 192.168.1.1 Buffalo - 192.168.11.1 Netgear - 192.168.0.1 or 192.168.0.227 4. Enter the default administrator login name (usually "admin") followed by the default administrator password. You can locate the the default admin name and password for your specific router by checking the manufacturer's website or by Googling "Default Admin Password" followed by your router's brand name and model. 5. Click on the "Admin" page from your router's configuration page and create a strong password Be sure you enter a strong complex password for your router's admin password. If you ever lose this password you will have to repeat the steps above. If you didn't lose you router password but just don't know how to change it, you can skip steps 1 and 2 and enter the admin user name and password that you have into step 4. This will allow you to change your wireless router's password without wiping out all your other router's settings.

    Blog Entry, Hacking, Hardware
  • Posted on December 28, 2016 8:53 am
    Joseph Forbes
    No comments

    If you were anywhere near the internet in the U.S. on Friday (Nov 2016), you probably noticed a bunch of your favorite websites were down for much of the day. Now experts are saying it’s all because thousands of devices – like DVRs and web-connected cameras – were hacked. Once the hackers had control over these devices, they manipulated them into sending an overwhelming number of requests to a company that serves up the websites for Netflix, Google, Spotify and Twitter. When the traffic became too much to handle, the sites crashed. It was an old-school attack – often called a distributed denial of service attack, or DDoS – powered by the new web of devices called the internet of things or IoT. Security experts have been warning for a few years that internet-connected devices are susceptible to hacking. They just didn’t know exactly what hackers might do once they broke into your connected television, refrigerator or thermometer, for example. (Other than some disturbing hacks on baby monitors, that is.) Now we have our answer, and it’s worse than what the experts imagined. Focusing on security cameras and DVRs that record footage in businesses outside of the U.S., hackers created an army of devices to take down large chunks of the internet. It’s not all the device manufacturers’ fault. Websites and services will have to adapt and do more to prevent attacks like these from being so effective if we want to keep the internet up and running. Here’s a primer on why the devices are so easy to hack, and how hackers turned them into a zombie army that attacked the internet. How internet-connected devices are easily taken over DVRs and security camera are connected to the internet. That’s on purpose, of course. This feature lets users access them remotely, along with anyone else they need to let in. It’s what lets users check in on security cameras when no one’s at home or at a business, and what lets manufacturers update device software without making a house call. But this feature is also kind of a bug. Devices in the so-called internet of things are stupid-easy to connect to remotely by just about anyone, not just those with whom you want to share access. If something is connected to the internet, it has an IP address. If something has an IP address, it can be found on search engines like Google and Shodan, a searchable registry of IP addresses with information about the connected device. Hackers can find hundreds or thousands of hackable DVRs and cameras just by entering some search terms. Then, they try to break in... How hackers can break into your devices Internet-connected devices often come with default passwords. Think you’re the only one whose username and password are “admin” and “admin”? Many, if not most, device makers don’t require you to set a unique username and password, so many people end up sticking with the defaults. Hackers can find a list of vulnerable DVRs on search engines and try out that default password. If you never changed it, they’re in. But even if you do change those defaults, hackers have other options. Advanced methods utilizing services called SSH and telnet let hackers force their way into your device, since changing the password on your device’s web app does not necessarily change the password coded into the device. So while the camera was storing security video to prevent crime, hackers were quietly brute-forcing their way into the DVR and adding it to their army of attack soldiers. So how did a camera take down Twitter? To take over the cameras, hackers inserted Mirai, malicious software that lets bad guys use at least 100,000 devices as soldiers in its zombie army. That’s according to Flashpoint, a cybersecurity company that has been tracking the proliferation of Mirai across the internet of things since it was first used in a massive attack in September. The technical name for this zombie army is a botnet, and hackers have been making them out of computers for a very long time. Now that hackers can make botnets out of the internet of things, they have a more powerful tool to carry out attacks like the one that happened Friday. They used the botnet to send tons and tons of junk requests to Dyn, a company that manages web traffic for all the websites that were affected. Dyn couldn’t sort out the good requests from the bad, and as a result internet users in many parts of the US were cut off from a number of websites. Now you know how an army of DVRs and cameras kept you off Reddit for most of Friday. We still don’t know who the hackers are and what they’ll do next. It also remains to be seen how websites will change their habits to prevent outages like the ones we saw Friday. As for the manufacturers of internet-connected devices, there has been an interesting development. On Monday, connected-camera manufacturer Xiongmai said it will issue a recall of its devices caught up in the botnet army that attacked Dyn on Friday, according to Reuters. If more companies follow suit, it might give manufacturers more reason to lock down cybersecurity on their devices before putting them up for sale.

    Blog Entry, Cloud Apps, DATA
  • Posted on December 27, 2016 12:05 pm
    Joseph Forbes
    No comments

    It usually goes something like this: YOU: "So I'm having this problem with my..." TECH SUPPORT: "Did you restart it?" YOU: "..." Few things cause more eye rolls than being told to restart something, be it your computer, smartphone, television, or whatever other technology we're talking about. Most of us are used to hearing it by now. The majority of people who I help out have already restarted their computer (or whatnot) before they even talk to me, and the others tend to slap their foreheads with their hands, shocked that they've forgotten this technology panacea. Other people almost seem to take offense when they hear it, like they've been somehow insulted with this too-simple-to-be-helpful advice. But guess what? It actually works! I'd estimate that more than half of the technology problems I see from my clients and readers are fixable with a simple reboot. Why Restarting Something Works So Well Now that the this-actually-works part is out of the way, it begs the question: why does it work? Let's start by talking about what happens when you're computer is running: You open programs, you close programs, maybe you even install and uninstall software or apps. Sometimes programs like your Internet browser are open for hours, or even days, at a time. Lots of other things stop and start too - things you never see yourself. Are you picturing that time lapse montage of your computer usage in your head right now? It's a bit crazy, I know. We use our computers a lot, especially over the course of several days or more. What you might not realize is that a lot of what you, and your operating system does, is leave behind a kind of footprint, usually in the form of background processes you don't really need running anymore, or programs that didn't quite close all the way. These "leftovers" hog your system resources, usually your RAM. If too much of that goes on, you start to get problems, like a sluggish system, programs that won't open anymore, error messages... you name it. When you reboot your computer, every single program and process ends as the power leaves your computer during the restart process. Once your computer starts back up, you have a clean slate of sorts again and, more often than not, a faster, better working computer. Important: Restarting your computer is the same as rebooting it or powering it off and then on manually. Restarting is not the same as resetting, which is a much bigger process and usually means erasing everything and returning it to "factory defaults." See How Do I Restart My Computer? if you're not sure how to restart your Windows PC properly. If you actually are interested in resetting your computer, keep reading... I talk about that more in the last section. Restarting Works on Other Devices Too This same logic applies to other devices that you don't call a computer, but in reality actually are. Devices like your television, smartphone, modem, router, DVR, home security system, digital camera, (etc., etc.) all have tiny operating systems and software that run in to the same issues that your full blown PC sometimes does. Rebooting those devices is usually as easy as removing power for several seconds and then returning it. In other words: unplug it and then plug it back in. See How to Restart Anything if you need some device-specific help with this one. Frequent Restarting is Probably a Sign of a Bigger Problem Needing to restart your computer, on occasion, is perfectly normal, especially if you're doing the kind of work that requires a lot of interaction with the operating system, like updating drivers,installing updates, reinstalling software, etc. Beyond that, however, you might be experiencing issues that a restart is only temporarily fixing for you. A piece of hardware may be failing, important Windows files may be corrupt, or you may have a malware infection. In those cases, follow any troubleshooting that makes sense for the exact problem. System File Checker with the scannow switch is often a good thing to try and of course a full system malware scan is almost always in order. Like I mentioned above, resetting typically means a true reset, often returning the device back to the same state as the day you took whatever-it-is out of the box. This option is also available as a last resort for Windows - it's called "Reset This PC."

    Blog Entry, Hardware, Technical Support
  • Posted on December 22, 2016 12:02 pm
    Joseph Forbes
    No comments

    In the early days of computers, storage was calculated in megabytes and most systems relied on floppy drives. With the rise of hard drives, people could store more data but it ws not very portable. CDs brought digital audio but also the means to provide high capacity portable storage that made it easy to share large amount of data and easy to install applications. DVDs expanded on that by bringing movies and TV shows and capacities well beyond what hard drives could even store. Now through a number of factors, finding a PC that includes any sort of optical drive is becoming very difficult. Rise of Smaller Mobile Computers Let's face it, optical discs are still quite large. At nearly five inches in diameter, the discs are big when compared to the size of modern laptops and now tablets. Even though the optical drives have been greatly reduced in size, more and more laptops have dropped the technology to conserve on space. Even though a large number of ultraportable computers have in the past dropped the drive in order to allow for thinner and lighter systems, the original MacBook Air showed just how thin a modern laptop could be without the drive. Now with the rise of tablets for computing, there is even less space to try and incorporate these large drives into the systems. Even if you are not talking about the size of the mobile computer, the space used up by an optical drive can be used for more practical things. After all, that space could be better used for the battery which can extend the overall running time of the system. If the system is designed for performance, it could store a new solid state drive in addition to a hard drive for added performance. Maybe the computer could use a better graphics solution that would be useful for graphics work or even gaming. Capacity Has Not Matched Other Technologies When CD drives first hit the market, they offered a huge storage capacity that rivaled traditional magnetic media of the day. After all, 650 megabytes of storage was well beyond what most hard drives were at the time. DVD expanded this capacity even further with 4.7 gigabytes of storage on the recordable formats. Blu-ray with its narrower optical beam can almost achieve 200 gigabytes but more practical consumer applications are generally much lower at 25 gigabytes. While the growth rate of these capacities is good, it is nowhere near the exponential growth that hard drives achieved. Optical storage is still stuck in the gigabytes while most hard drives are pushing even more terabytes. Using the CD, DVD and Blu-ray for storing data is just not worth it anymore. Terabyte drives are generally found for under a hundred dollars and offer faster access to your data. In fact, many people have more storage in their computers today than they are likely to use over the lifetime of the system. Solid state drives have also seen tremendous gains over the years. The flash memory used in these drives is the same that was found in the USB flash drives that made floppy technology obsolete. An 16GB USB flash drive can be found for under $10 yet stores more data than a dual layer DVD can. The SSD drives used within computers are still fairly expensive for their capacities but they are getting more and more practical every year such that they will likely replace hard drives in many computers thanks to their durability and low power consumption. Rise of Non-Physical Media With the rise of smartphones and their use as digital music players, the need for physical media distribution has slowly eroded. As more and more people started to listening to their music on these players and then their smartphones, they did not generally need a CD player other than to take their existing music collection and rip it into the MP3 format to listen on the new media players. Eventually, the ability to purchase the tracks through the iTunes store, Amazon MP3 store and other media outlets, the once ubiquitous physical media format has increasingly become irrelevant to the industry. Now that same problem that happened to CDs is also happening to the video industry. DVD sales made up a huge portion of the movie industries revenues. Over the years, sales of the discs have declined greatly. Some of this is likely from the ability to stream movies and TVs from services such as Netflix or Hulu. In addition, more and more movies can be purchased in a digital format from stores like iTunes and Amazon just like they can with music. This is extremely convenient especially for those people that want to use a tablet for watching video while traveling. Even the high definition Blu-ray media has failed to catch on compared to previous DVD sales. Even software which always used to be purchased on disc and then installed has moved into the digital distribution channels. Digital distribution for software is not a new idea as it was done years before the internet through shareware and bulletin board systems. Eventually, services such as Steam for PC games rose up and made it easy for consumers to purchase and download programs to use on their computers. The success of this model and that of iTunes lead many companies to start offering digital software distribution for computers. Tablets have taken this even further with their app stores built into the operating systems. Heck, even most modern PCs do not come with physical installation media anymore. Instead, they rely on a separate recovery partition and backups that are made by the consumer after the purchase of the system. Windows Lacks DVD Playback Natively Probably the biggest factor that will lead to the demise of the optical drive in PCs is Microsoft dropping support for DVD playback. In one of their developer blogs, they state that the base versions of the Windows 8 operating system will not include the software necessary for playing back DVD videos. This decision carried over to the latest Windows 10. This is a major development as it was a standard feature in previous versions of the operating system. Now, users will either have to purchase the Media Center pack for the OS or will need a separate playback software on top of the OS. The primary reason for this move has to do with costs. Apparently, Microsoft says that companies licensing the software were concerned about the overall cost of the software to be installed on the PCs. By removing the DVD playback software, the associated license fees for the video playback codecs can also be removed thus reducing the overall cost of the software. Of course, it will just be one more reason that consumers will likely abandon the hardware as it will be useless without the added software expense. HD Formats, DRM and compatibility Finally, the last nail in the coffin for optical media is the whole format wars and piracy concerns that have been plaguing the high definition formats. Originally, it was the battle between HD-DVD and Blu-ray that made adoption of the new format problematic as consumers waited for the format wars to be worked out. Blu-ray was the eventual winner of the two formats but it has not caught on hugely with consumers and much of this has to do with the DRM schema present and the difficulties of working with it. The Blu-ray specification has gone through multiple revision since it was first released. Many of the changes to the format have to do with piracy concerns from the studios. In order to prevent perfect digital copies from eating into sales, changes keep being introduced to make it more secure from being copies. This change has resulted in some newer discs from not being able to be played in older players. Thankfully computers have all the decoding done by software rather than hardware. This makes them more adaptable but it requires constant upgrading of the player software to ensure functionality with upcoming discs. The problem is that security requirements can change which may result in some older hardware or software from being able to view the videos. The end result is that it can be a major headache for the consumers who wish to have the new optical formats in their computers. In fact, users of the Apple software have it even worse as the company refuses to support the technology within the Mac OS X software. This makes the Blu-ray format all but irrelevant for the platform. Conclusions Now optical storage is not going to completely disappear from computers any time soon. It is just very clear that their primary usage is changing and is not a requirement for computers like they once were. Instead of being used for storing data, loading software or watching movies, the drives will likely be there to convert the physical media into the digital files for playback on computers and mobile devices. It is almost certain that the drives will be completely removed from most mobile computers in the near future. There is little use for the drives when it is so much easier to view them off a digital file than the disc. Desktops will still pack them for a while as the technology is so inexpensive to include and there are not the space issue of mobile computers. Of course, the market for external peripheral optical drives will survive for a while for anyone that still wants to have the capability that will be dropped from their future computers.

    Blog Entry, DATA, EDUCATION