30th Dec 2014 | General Information, Security and Safety
This is a short one – I’ve recently phoned my bank and my insurance companies. It’s not because I live a high flying lifestyle, but because I live in the modern world and you can’t do everything on the internet.
What are the security questions they ask? Mother’s maiden name, blood type (or is that only HMRC?) and BIRTHDAY.
These are all supposed to be items of information easily known to you, but more difficult for a potential thief/scammer/fraudster to know. Yet lots of people advertise this information on their publicly available Facebook profile. Perhaps they want lots of presents? Even if you hide the information on a social media site, there has been more than one data leak. (Have you ever had a friend who doesn’t password protect their computer and has had it stolen? The thief of that computer then has your information!)
So, my advice is, put an incorrect birth date on social media sites. Perhaps have it in the same month (so that you don’t get lots of surprise gifts at the wrong time of the year) unless you like having two sets of presents…
But at least you won’t receive the NASTY surprise of having your bank account emptied!
8th Aug 2014 | Event Bridge, Eventbrite, Salesforce, Security and Safety
You could say that it has been a good week, but that would be a lie. It has been a fantastic week! Bear with me… I will get to that security flaw.
I have to start with Salesforce – Cloud Genius Ltd now has registered partner status. This will let us give you even better service and give you sneak peeks at new features. It will also enhance our ability to offer training environments.
As you may have read before, we have been developing an Eventbrite -> Salesforce connector. Why? when there are others? Well this one has features that are unavailable in the others (and unlikely to be, because of their nature) and ours does not have the usage/limit costs associated with the others. We have finally come up with a name for the product (Event Bridge) and are in the process of developing a website that will tell you all about its features, pricing and why you could really do with using it. We are also in the process of re-vamping the CG website. (Yes, I know it is looking ‘tired’, but if you go to an electrician’s home and turn on the light the kettle boils.)
In the process of developing Event Bridge we discovered a subtle security flaw in Eventbrite. Talk about rapid reaction – within hours they had deployed a fix. I always say that you can just a company not in the good times, but in the bad. On that score, Eventbrite has certainly come up trumps. Even better, Cloud Genius will now appear on their security Hall of Fame… so we managed to help make the internet a safer place. (I always like it when a small company in Wales helps out a multi-national.)
So, that’s it for this week. Just off to get my super-hero uniform re-tailored.
15th Apr 2014 | Defeating spam, General Information, Salesforce, Security and Safety, Web Hosting, Websites
Some of you may have heard about a massive flaw in the security of the internet.
This is really serious and everyone should be aware of the implications.
Heartbleed is the sort of flaw that gives systems admins huge nightmares.
On vulnerable websites there is a significant possibility that your passwords have been revealed to hackers making use of the bug. Worse than that, if a site has been compromised there is no evidence!
It would be good practice to change all the passwords you use on the internet. Now.
…unless you have evidence that the services you use are not part of the problem.
At Cloud Genius, we have performed a full review of the services we use.
- Services to back up websites/update plug-ins. For clients that subscribe to this services one was not vulnerable, the other service has been secured and we have taken steps necessary to prevent any problems. No action required on your part.
- Website hosting – our provider has informed us that they are vulnerable. Until they update all their systems you may wish to change the password on your account at https://webhost.cloud-genius.com. Once their patching process is complete you should change your password again on the account. We will endeavour to let you know when this is.
- Paypal – our understanding is that Paypal is not affected.
- Teamviewer – our remote control solution of choice is not affected.
- Salesforce – To the best of our knowledge is not affected.
- LastPass – our password management software of choice is not affected. (And helped a lot in fixing services that were affected.)
Here is a list of other networks that were affected – these include people like Google, Yahoo and many others.
https://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
This is really serious. Make sure you are not caught out!
One positive – LastPass was able to scan all the services we use, list the affected services and make password changing a doodle! Highly recommended… and much more secure than any other system we have come across.
23rd Jan 2014 | Security and Safety
Remote support: It’s like magic the first time you see it. An IT support person takes over your computer and starts moving your cursor around your screen, even though they are in a different continent.
Here at Cloud Genius we have been comparing different solutions. Finally, we have picked a winner. We have to support people using Macs, PCs and Linux. The product we have chosen does all this admirably. (One of the contenders was particularly bad on Mac to Mac connections.)
Notable:
- It is good with all sorts of computer to computer connection.
- It allows computer to computer audio without the use of the phone or Skype.
- Very fast connection times
On every other feature it seemed to be equal or better than all the rivals. All the connections are encrypted with state of the art encryption. The client can end the ‘call’ at any time. If necessary roles can be reversed to show the support technician’s screen.
It even does video/audio/screen conferencing!
Anyway, you need concern yourself no further – just know that you will get the best remote support from Cloud Genius.
The winner? TeamViewer.com
17th Dec 2013 | Salesforce, Security and Safety
It’s a big, bad world out there. There are people who would claim to be things that they were not! (And I don’t mean claims like Sir Bruce Forsythe being entertaining on Strictly Come Dancing.) With Salesforce, until now, you had no way to find out if your Salesforce consultant was qualified or not.
Shock! Horror!
Salesforce has now brought in Certificate Verification. You can find it at:
https://certification.salesforce.com/verification
Of course, I am quite proud to have held my certification since 2011. The details are here:
https://certification.salesforce.com/verification?&fullname=John%20Dray
You can check up anyone, using either their full name, or their email address.
This should help you avoid dealing with people who are other than they claim to be.
Wishing you safe IT,
John
7th Oct 2013 | Defeating spam, General Information, Security and Safety
I am writing about this particular scam because it is so plausible. (First, this does not originate from Microsoft, just people purporting to be from Microsoft.)
I have received a phone call. The person on the other end of the phone informs me that I have a problem with my computer. This is causing issues and may cause my computer to be blocked from the internet. Now, as someone who knows the capabilities of malware, this is not beyond the realms of possibility. The main slip-up was that they told me how to access Windows control panel. I did play along for a while before revealing that I do not use Windows.
Here is an article from someone who played along for a little longer before revealing his hand. He was blocked from the internet, because they deleted his network driver!
[ss_screenshot width=’300′ site=’https://blog.malwarebytes.org/intelligence/2013/04/phone-scammers-call-the-wrong-guy-get-mad-and-trash-pc/’ align=’right’]
My expectation was that they would install a Trojan… I had not expected them to be so ‘hands-on’. Other scammers may try other ways to affect your computer. In the most recent call, I asked them who they were calling from – the line went dead.
Do you have experience of this type of scam? Let me know, as I am thinking of writing a tutorial, if enough people are interested.
By the way, the linked blog is from Malwarebytes. I have used their anti-malware software with Windows to great effect.
Thanks