fbpx
Open post

LTE Flaw Invites Hackers

data security concept: computer, tablet, phone with combination lock on wooden table

LTE (Long Term Evolution)

Recently there has been talk of hackers finding a way in which they can see through your eyes when it comes to your cell phone and websites your browsing.  But how is this accomplished? Through a recently discovered flaw in the Long Term Evolution (LTE) Network.

What is LTE?

LTE is 4G technology that has helped improve the telecommunication experiences by providing speed, efficiency and intelligence. What it does is provide things like more bandwidth, better quality and profile specific services in a manner that isn’t overly expensive. LTE is also the key to creating the “internet of things” which is basically what has been happening over the past couple of years, through the interaction of the internet with technology like toasters, fridges and other home appliances, even cars or  other technologies.
LTE is the opportunity for our internet-interactive devices to evolve with our needs over time and is currently prominent in our smart phones.

How Have Hackers Abused LTE Functionality?

Thanks to a nasty form of attack known as aLTEr, the second layer of LTE which is the data link layer, becomes a joyride for hijackers to preview what is shown on someone else’s screen and gain sensitive information.
aLTEr has the capabilities to redirect your network requests once hijacked via DNS spoofing, bringing you to think your at a secure site location, but actually using a malicious LTE relay. Now as scary as this may seem, it won’t be all that relevant for singular everyday people because to achieve such a hijacking, it would require about $4000 worth of equipment and is limited to a 1-mile radius.
For a visual explanation, click this link to preview a demonstration of the aLTEr attack at work.

Data Link Layer Explained

The data link layer protects data through an encryption process and organizes how users access resources on the network, this in turn also helps to correct transmission errors along the way. The data link layer is located on top of the physical channel which maintains continuous transmission of the data between client and cell tower.

How does aLTEr work?

The manner in which aLTEr functions, is by abusing a design flaw LTE, which means a patch cannot solve this.
aLTEr creates a cell tower which acts as the user it’s attacking. This fake tower takes requests from the user and forwards them to the real cell tower, but in the process modifies some key data points. A user can modify the DNS server requests that are sent to the cell tower, even if they are encrypted. This is possible if you know the original DNS server, which allows you to change which one it requests with a new DNS server target. The reason this can be successful is because this all goes down between the user and the cell tower, masking the alterations from sight of either side.
This means that you can create your own DNS server that points to a web address of another IP.

Practicality

Yes and no. The aforementioned $4000 requirement for the equipment to accomplish such a task is something that would hinder most people. But aside from the price hurdle, there is also such an intense limitation on the radius capabilities that the target would have to be extremely specific, further making this a difficult task to accomplish.
However, the test previewed in the link is a very strongly controlled situation, meaning the capabilities and functionality in a real-world scenario may result in something more or less conductive. Since this is a design flaw, there cannot be a patch to fix such a vulnerability, and the only other option would be to overhaul the LTE protocol, which is also not an option at this point.

So how do you protect yourself?

The easiest and most effective way to protect yourself is to check if the site your using is secure. When using Google Chrome, in the upper left hand side at the beginning of your web address, it will be a green “secure” or red “Not Secure” sign, and if it is red, you may be vulnerable to outside harm. Always ensure the websites your on have a secure label at the top, indicating the certificate of the site is not expired and you are not vulnerable to outside intent.

Don’t Risk It, Secure It

Thanks to a recently enabled update for Google Chrome, it is even easier to understand if a site is secure or not. Take caution when you see a site is not secure and do not risk your personal information on the web to be a victim.

Keep up to date on your technology and it’s vulnerabilities and solutions with RE2Tech. We make I.T. easy!

Have you taken precautions? Is your sensitive information at risk?
Give us a call or send us an email for all your I.T needs! We at Re2tech make I.T. happen!
Phone: 952-223-4422
Open post

Why SSL is So Important on July 2018

People with social media icons

SSL

In the past couple of months there has been a lot of talk about the need for SSL (Secure Sockets Layer) on websites before this coming July of 2018. The talk however is growing more and more the closer we get to July and there are some hosts panicking in the face of the oncoming date.

Why July is so important

This coming July is no different to anyone aside from website hosts due to the set release of Google’s Chrome 68, which boasts a promise of a more secure web browsing experience by letting users know if the website they are on is safe or not. This isn’t necessarily something new from Google Chrome, however the manner in which they decide on the security of a website is getting an alteration. One of these determining factors will be a websites incorporation of SSL certificates.

So before going any further, we should explain what an SSL certificate is.

As mentioned before, SSL stands for Secure Sockets Layer, which if introduced to a website will produce a certificate marking that the website is secure and safe to use. This is often seen when using PayPal at online checkouts on the left side of the address bar. The SSL certificates are small data files that digitally bind a cryptographic key to an organization’s details. When this is installed on a web browser, like Google Chrome, the padlock is activated and the https protocol is activated, securing the connection between the host and end user, helping to give confidence to users about browsing a site and giving reinforcement to the legitimacy of businesses.

Come July 1st, Google will release its Chrome 68, marking another leap forward in secure internet interactions. Once released, Chrome will all the pages that do not include an SSL certificate as “Not Secure”, potentially hurting visitor traffic and business itself.

Opportunities

Along side the release of Chrome 68 will also be the new opportunities for website owners and businesses. There are still a plethora of website owners that are not aware of the impending Google Chrome update, resulting in potentially becoming the new secure website in your field of business. Your competitions traffic may look for somewhere else in the same market that has SSL certification and that somewhere else could be your business! Take the opportunity that is at hand and incorporate your website with an SSL certificate, become a leading example in online security in your field of business!Not only is SSL a more secure option but thanks to the most recent update in SSL certificates, there is now fully automated issuance and deployment available in the WHMCS 7.2 and later updates, making the incorporation of security even easier, combined with the instant activation, SSL seems like a no-brainer.

How have we come to this point?

Google and Mozilla, the two most prominent and popular web browsers have made it their goals to increase SSL usage for a greater security confidence on the internet.

To achieve this they have thus far implemented the marking of sites with forms and input fields on pages that had HTTP as not secure.

With Chrome 68 they will be upgrading this functionality by marking all sites using HTTP as “not secure”.

However there are more advantages to HTTPS than just increased security confidence, HTTPS also is faster, more performant, and naturally secure than HTTP, and has also been known to help with SEO rankings and provide the ability to use HTTP/2 for even greater speed increases.

Don’t Risk It, Switch It

Online security is becoming more and more desired by all forms of users due to the constant barrage of online dangers in the media. Give your customers the security they desire in online interactions. Confidence through security should be your first priority.

Keep up to date on your technology and it’s vulnerabilities and solutions with RE2Tech. We make I.T. easy!

Have you taken precautions? Is your sensitive information at risk?

Give us a call or send us an email for all your I.T needs! We at Re2tech make I.T. happen!

Phone: 952-223-4422

helpdesk@re2tech.com

Open post
VPN, virtual private network

VPNFilter Malware worse than we thought

Arrested computer hacker and cyber criminal with handcuffs, close up of hands

 

Recently we created an article giving a detailed explanation on a current threat facing over 500,000 devices, known as the VPNFilter malware.This malware had become a prominent issue fast and had been tied to an origin in Russia. Initially it was thought that resetting your homes router and modem would address the problem, but as more investigations ensued, it was realized we were wrong…

VPNFilter Malware

Two weeks ago it was reported that more than 500,000 consumer-grade routers in 54 countries were infected with malware and that this malware gave way to the possibility of many nefarious purposes.Recently however, Cisco’s researchers from Talos security have come across additional understandings of the inner workings of this malware. The researchers have claimed that the malware runs on a much broader base of models, many being from previously unaffected manufacturers. This bodes a stronger threat than initially perceived.

New Tricks

The VPNFilter has been found to be able to perform actions such as man-in-the-middle attack’s on incoming web traffic. This module of the malware can use the ssler module to inject dangerous payloads into traffic as it passes through infected routers. Not only that, but the module can actually modify the content that is delivered by websites and further, tailor payloads to exploit specific devices attached to the infected routers.

The ssler module is also designed to capture sensitive data passed between endpoints  and the outside internet. It accomplishes this by inspecting web URLs for specific signs that will allow for the transmission of passwords and other sensitive data so it can be copied and sent to the servers of the attackers.

In order to bypass the TLS encryption that is made to prevent these very such attacks, the ssler module attempts to downgrade HTTPS connecitons into plaintext HTTP traffic. By doing this they can get around stronger security that might be in place, and also strips away the data compression provided by the gzip application so that the plain text traffic is easier to modify.

Loss of traffic control

Cisco describes the potential danger in this newly evolved form of malware that the attackers are using, as significantly more dangerous than first expected, due to its use of the routers themselves as an attacking platform.

The malware could potentially make users see incorrect information, for example, while a user is on their online banking, checking over their accounts, things may look normal, but in the background their account is actually being siphoned, and there is no visual indication of such activity. This malware has the potential to PGP keys and things of that sort, they can manipulate anything going in and out of the device.

The newly infected

Cisco’s Talos said that VPNFilter also has a much wider audience in terms of the devices that are affected. Previously there had been many exceptions to the long list of potential “at risk” router models, but now it seems there are many, many, many more in danger.

The following is a list of updated models that can be affected or have known to be affected by this malware:

Asus Devices:

RT-AC66U (new)

RT-N10 (new)

RT-N10E (new)

RT-N10U (new)

RT-N56U (new)

RT-N66U (new)

D-Link Devices:

DES-1210-08P (new)

DIR-300 (new)

DIR-300A (new)

DSR-250N (new)

DSR-500N (new)

DSR-1000 (new)

DSR-1000N (new)

Huawei Devices:

HG8245 (new)

Linksys Devices:

E1200

E2500

E3000 (new)

E3200 (new)

E4200 (new)

RV082 (new)

WRVS4400N

Mikrotik Devices:

CCR1009 (new)

CCR1016

CCR1036

CCR1072

CRS109 (new)

CRS112 (new)

CRS125 (new)

RB411 (new)

RB450 (new)

RB750 (new)

RB911 (new)

RB921 (new)

RB941 (new)

RB951 (new)

RB952 (new)

RB960 (new)

RB962 (new)

RB1100 (new)

RB1200 (new)

RB2011 (new)

RB3011 (new)

RB Groove (new)

RB Omnitik (new)

STX5 (new)

Netgear Devices:

DG834 (new)

DGN1000 (new)

DGN2200

DGN3500 (new)

FVS318N (new)

MBRN3000 (new)

R6400

R7000

R8000

WNR1000

WNR2000

WNR2200 (new)

WNR4000 (new)

WNDR3700 (new)

WNDR4000 (new)

WNDR4300 (new)

WNDR4300-TN (new)

UTM50 (new)

QNAP Devices:

TS251

TS439 Pro

Other QNAP NAS devices running QTS software

TP-Link Devices:

R600VPN

TL-WR741ND (new)

TL-WR841N (new)

Ubiquiti Devices:

NSM2 (new)

PBE M5 (new)

Upvel Devices:

Unknown Models* (new)

ZTE Devices:

ZXHN H108N (new)

 

As you can see, there is an extensive list of known infected routers. Many of these are very common in households today and should be looked over thoroughly to see if yours is listed. If yours is listed, it is recommended that you reboot your device or if possible restore to factory defaults, then flash the firmware with the latest available, if possible without even using the internet.

The malware affects known problems in routers, and the known flaws have been patched by their producers, so in order to ensure your device does not get infected, it is best to avoid exposing admin interfaces or services on the internet. Call your local I.T. service providers for help in any of these areas.

Keep up to date on your technology and it’s vulnerabilities and solutions with RE2Tech. We make I.T. easy!

Have you taken precautions? Is your sensitive information at risk?

Give us a call or send us an email for all your I.T needs! We at Re2tech make I.T. happen!

Phone: 952-223-4422

helpdesk@re2tech.com

Open post

Analysis of VPNFilter botnet

EL5

As we move forward in our technological advancements, there will be a concurring rise in damage that results from technological attacks. The more interconnected we become, the more vulnerable we are when a new form of threat arises.

VPNFilter demonstrates how cybercriminals advance with the new technology and integrate degrees of portability by building code to target different forms of architecture.

VPNFilter chooses an architecture that is never thought about, and the least suspected. The little box sitting on your shelf that only gains attention when your internet drops for a moment, is the current danger generator.

VPN Filter

The Origins

For the past several months, Cisco TALOS has been working in tandem with public and private-sector threat intelligence partners and law enforcement, in pursuit of a highly active and sophisticated modular malware system that is now known as “VPNFilter”. Through this pursuit, it has become known that the VPNFilter is a widespread problem that interacts with another known malware known as “BlackEnergy” which is a malware that has caused alot of destruction and stress in the past in Ukraine.

The Current Status

As far as we know thus far, there been a recorded  500,000+ routers and network storage devices infected by the malicious components of VPNFilter.

Thanks to the release of research on the VPNFilter by the Cyber Threat Alliance, SophosLabs researchers gained early access to malware samples that had been collected by Cisco TALOS. With this, followed an update to the protection data that is essential in repelling and preventing VPNFilter from gaining ground. There has also been a mapping of a 3 stage attack that VPNFilter botnet follows. The following will describe those three stages of attacks.

 

1st stage of attack

The first stage of attack takes place as a compiled x86 ELF executable.

0e0094d9bd396a6594da8e21911a3982c

d737b445f591581560d766755097d92

This executable was submitted first to VirusTotal on June 12th, 2017 from a user in Taiwan, and with it, it was discovered that the file has a name

C:\users\chli\Documents\qsync.php

Right now there is speculation that the file was fetched from a remotely hosted script called “qsync.php”, using a Windows system. Thus far it is not clear how the sample was used to compromise devices.

When the executable is run, it implants a schedule that executes it periodically, and to accomplish this, it modifies the crontab (cron table) file.

The cron fromat has five time and date fields: minute, hour, day of month, month, day of week.

If there is a specified valaue such as */step, execution takes place at every interval of step through the unrestricted range.

By appending the scheduled execute argument */5**** to the crontab, the implant then executes every 5 minutes:

fd = open_file(“/etc/config/crontab”, “a”); _fd = fd; if (fd) { format_sys_write(fd, “*/5 * * * * %s\n”, (int)&fname); fd = close(_fd); }

the implant keeps its critical strings encrypted. This is accomplished by relying on a modified RC4 algorithm. A normal RC4 algorithm initializes routinely calculates an index into the state table, using the key. Then, 2 bytes in the state table are swapped in place, the first byte being pointed by the incremented index i, and the second byte- by the newly calculated index index2, this is shown below.

#define swap_byte(a, b) {swapByte = a; a = b; b = swapByte;}

for (i = 0; i < 256; i++)state[i] = i;

key_index = 0;

index2 = 0;

for (i = 0; i < 256; i++)

{index2 = (key[key_index] + state[i] + index2) & 0xFF;swap_byte(state[i], state[index2]) if (++key_index == key_size)key_index = 0;}

The implant however, initializes the state table in a different manner. Instead of permutating the state table through swapping the bytes, it applies XOR to the state table, using the same RC4 key.

This form of RC4 initialization is known to be used by BlackEnergy

for (i = 0; i < 256; i++)state[i] = i;

key_index = 0;

for (i = 0; i < 256; i++)

{state[i] ^= key[key_index];if(++key_index == key_size)key_index = 0;}

The RC4 key is a 4-character string hard-coded as %^:d. The rest of the RC4 implementation is identical to the standard algorithm.

There are a total of 12 encrypted strings within the body implant. Each string is stored as something that takes 1 byte, followed with the encrypted string.

When each string is decrypted, they become the following:

  • /var/run/client.crt
  • /var/run/client.key
  • /var/run/client_ca.crt
  • 0.3.9qa
  • /var/run/msvf.pid
  • http[://]toknowall.com/manage/content/update.php
  • /var/vpnfilter
  • /update/test
  • http[://]photobucket.com/user/nikkireed11/library
  • http[://]photobucket.com/user/kmila302/library
  • http[://]photobucket.com/user/lisabraun87/library
  • http[://]photobucket.com/user/katyperry45/library

 

As seen above, the first three strings are the filenames where the plant saves 3 client certificates, hard coded within its own body. The client-side SSL certificates are used for authentication requests to the C2 server, over HTTPS (port 443)

The version number 0.3.9qa is saved into the file /var/run/msvf.pid

The /var/vpnfilter is used as a temporary filename for the downloaded files.

Hard coded Photobucket URLs are relied on by the implants or the implants rely on Toknowall C2 website to fetch the images.  The images serve a purpose of extracting a 2nd stage server IP from the EXIF metadata.

Once that is accomplished, a payload module is fetched from the 2nd stage server through the URL path /update/test. The download module is then saved as /var/vpnfilter, which assigned execution permission with the chmod(511) command, and then finally, executed with sys_execve(). 

 

2nd stage of attack: Backdoor trojan

The second stage of attack involves a payload fetched by the implant

8a20dc9538d639623878a3d3d18d88da8b635ea52e5e2d0c2cce4a8c5a703db1

Which is a backdoor trojan compiled as x86 ELF executable.

Just like the 1st stage implant, it has it’s critical strings encrypted using the same method. The RC4 however is different this time:

g&*kdj$dg0_@@7’x

The decrypted strings expose backdoor commands, IP addresses of C2, and some other configuration parameters.

The backdoor is able to accept and execute the following remote commands:

  • download – download remote file, save it as /var/tmp/vpn.tmp
  • reboot – terminate current process with sys_exit() system call
  • restart – reboot the device with sys_reboot() system call;
  • delay – appears to invoke delayed reboot
  • copy – read local file contents
  • exec – execute command or another plugin, using sys_execve()system call with the following shells:
  • /bin/sh
  • /bin/ash
  • /bin/bash
  • /bin/shell
  • kill – terminate process(es) with the sys_kill() system call, delete own files and directories, such as:
  • /var/run/tord
  • /var/run/
  • /var/run/vpn.pid
  • /var/tmp/vpn.tmp
  • etc.
  • pxs – set C2 proxy, i.e. the module contains 2 hard-coded proxies in it:
  • 217.12.202.40
  • 91.121.109.209
  • port – set proxy port
  • tr, mds, tor, me – set other configuration parameters

The backdoor relies on a user agent string randomly selected from a list of 9 strings:

user_agent = user_agents[PRNG() % 9];

The user_agents table consists of the following:

  • Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:52.0) Gecko/20100101 Firefox/52.0
  • Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0
  • curl/7.47.0
  • Wget/1.17.1 (linux-gnu)
  • git/2.7.4
  • Google Chrome/64.0.3282.140 Windows
  • Google Chrome/64.0.3282.140 Linux
  • Lynx/2.8.8pre.4 libwww-FM/2.14
  • python-requests/2.18.4

Through a SSL connection, the backdoor communicates with its proxies just like the implant, and relying on client-side SSL certificates.

With the attempt at parsing socket info from /proc/net/tcp the module tries to determine the presence of TOR. For each enumerated socket descriptor, it then attempts to find a descriptor of a

socket that has open connection on port 9050, that is used by TOR.

With a TOR module installed as a 3rd stage plugin, the communication takes place via the following .onion domains:

  • 6b57dcnonk2edf5a.onion/bin32/update.php
  • tljmmy4vmkqbdof4.onion/bin32/update.php

backdoor modules are almost identical in their functionality when built for different platforms. The strings are encrypted using the same key.

There is a subtle difference that exists in the internal platform ID parameters. An example is the x86 module uses IDs:

  • pDJOSERi686QNAPX86 or pPRXi686QNAPX86
  • i686

The ARM CPU may have parameters set for backdoor built modules like the following:

  • pDJOSERarmv5lQNAP_ARM
  • armv5l

A variation compiled for MIPS:

  • pDJOSERmipsDGN2200V4
  • mips

 

3rd Stage of Attack: Plugin

A 3rd stage plugin

afd281639e26a717aead65b1886f98d6d6c258736016023b4e59de30b7348719

is a TOR client. As yet another x86 ELF executable, it shares the same known open-source TOR client implementations.

Another 3rd stage plugin has been found to be built for MIPS architecture

f8286e29faa67ec765ae0244862f6b7914fcdde10423f96595cb84ad5cc6b344

The plugin represents itself a sniffer that looks for several interesting traffic patters such as

  • /tmUnblock.cgi – a vulnerable CGI script in some Cisco/Linksys router firmware; this executable is linked to several exploits and malicious executables, such as Moon Worm, a malicious Bitcoin miner that has infected Linksys routers in the pas
  • *modbus*\n%s:%uh->%s:%hu – a packet used in Modbus, a standard communication protocol, commonly used for connecting industrial electronic devices, such as PL
  • Basic Og== – part of HTTP authentication packet, that means“Empty username and empty password”

 

Other related patterns to HTTP authentication packets:

  • Password required
  • Authorization: Basic
  • User=
  • user=
  • Name=
  • name=
  • Usr=
  • usr=
  • Login=
  • login=
  • Pass=
  • pass=
  • Password=
  • password=
  • Passwd=
  • passwd=

 

the intercepted data is stacked into the files, formatted as:

 

%DIR%/rep_%NUMBER%.bin

The %Dir% is a working directory, such as /var/run/vpnfilterw.

 

Keep up to date on your technology and it’s vulnerabilities and solutions with RE2Tech. We make I.T. easy!

Have you taken precautions with your router?

Give us a call or send us an email for all your I.T needs! We at Re2tech make I.T. happen!

Phone: 952-223-4422

helpdesk@re2tech.com

Open post
EU General Data Protection Regulation

GDPR Rolls Out

GDPR Is Active

The 25th has arrived in the EU and that means that the GDPR is released and active, as well as already drawing up some paper work for lawsuits against companies that are not readily complying with the new regulations.

The GDPR is all about “privacy by default” meaning that a product or service that is to be used by the public is to have its settings set to the strictest levels right off the bat, without any effort on the end users part. This is to restrict and protect users data from the get go, instead of relying on them to traverse the settings menus and change it themselves.

The new form of data protection is a response to many problems that have become too widespread to deal with, with the rise of technological involvement for people of all backgrounds and computer experience.

As the new regulations get under way, many companies have scrambled to conform to these new rules so as not to risk the large penalties that follow confliction with the regulations. These fines can be up to 4% of global annual sales per instance of conflict for the larger companies, while for the smaller companies a smaller but still severe price.

A survey around the EU recorded that 85% of firms said they were not ready for the new regulations to come into effect, and one in four stated they would not be ready till the end of the year.

To avoid penalties some companies have decided to halt their services until they are ready to comply, while other plant to mitigate the damage as much as possible but still pay for some of the violations.

Large Companies Beware

Some of the most prominent companies today like Google, Facebook, Instagram, Whatsapp and the like are all bracing for the incoming lawsuits that are already being prepared by privacy advocates.

The large businesses can still operate using data from their users, but only under the conditions that consent was given, and that the companies can prove they have a lawful basis for doing so. The main priority is to respect the customers wishes about their information, even in cases where customers wish for a company to delete their data from the company servers, they must abide.

If a company fails to prove they have been handling data correctly they will face the penalties, along the same lines, if their data that had been consented and proven to be used in a lawful manner but breached by an outside source, they will be required to report the incident within 72 hours, or be fined.

The EU is clapping down on big tech companies, stripping them of their rule bending methods and attaching heavy fines to boot.

Some companies however are not in a position to comply with the new regulations and as a response have cut ties with European customers and services to avoid any possible repercussions. Mainly this refers to smaller companies who just don’t have the resources to abide by the new rules, but some companies who do have the means, don’t align with the new rules and prefer to just continue onward without them so they cut ties.

Some think that eventually bigger companies will decide “it’s not worth it” to continue maintaining the necessary effort for GDPR and will pull out of EU as well. This will cause quit a unique shift for the EU market and only time will tell what occurs.

Keep up to date on your technology and it’s vulnerabilities and solutions with RE2Tech. We make I.T. easy!

What do you think about the GDPR?

Give us a call or send us an email for all your I.T needs! We at Re2tech make I.T. happen!

Phone: 952-223-4422

helpdesk@re2tech.com

Open post

The Cost Of GDPR

March 25th halting the march of some companies

As the GDPR marches forward there has been alot of talk about it’s affects on the smaller companies that don’t have the capabilities to rework their entire infrastructure of their products and systems.

Europe’s new data protection law has seen many companies decide to call it quits due to their inability to conform.

The cost to comply with the new law has forced many companies into some tight corners, and some to even close down shop for good. An online game producer, a small social network and mobile marketing firm have been the victims thus far.

Thanks to the EU’s General Data Protection Regulation, the new laws will affect everyone involved with EU customers and their data, which means even small time companies just getting started outside of the EU.

The tech giants like Google and Facebook have been affected by these new regulations, however they have been able to comply thanks to their resources and already large stature.

A chief marketing officer at Verve, has stated that the mobile marketer would shutter its operations in Europe because these new regulations don’t align favorable with their particular business model, signifying the potential shift in availability of specific products in Europe from May 25th and onward.

While the new rules were developed to help consumers have more control over their data, there is also the side effect of closing smaller businesses down that were formed before these new regulations came into play.

Small companies get smaller and larger companies stay on top

With the GDPR companies will need consent from their consumers to process their personal information and will no longer be able to store this information indefinitely and they must comply with any customers who want their data deleted from the servers. This will help prevent the desire for hackers to breach servers for sensitive information, while also mitigating the risk if they still are breached. Companies must also now report such activity within 72 hours of knowing the event has occurred.

While companies still will be interacting with data when given consent, they must also now prove that the data is necessary to have and show they are properly handling the data. This verification will increase the need for monitoring and documentation, giving way to an increase in data protection officers.

The Conceded 

Uber Entertainment which makes online games, is shutting down its game called Super Monday Night Combat on May 23rd due to their inability to comply with the new regulations.

The company has stated that it would cost too much to rewrite the game and migrate it onto a different platform. The current design was built in 2009, making it difficult to go back and delete data from user accounts, so they see it best to shut down than risk that large penalty.

Gravity Interactive, the maker of Ragnarok and Dragon Saga games chose to go a different approach to the problem and has decided that it will block Europeans from accessing it’s games. While this will be easier said than done, it will be an interesting plan to watch unfold.

Czech internet company known as Seznam.cz said they will shutter its social networks for classmates because of the impending regulations. Their platform which has roughly 20,000 daily active users, would have to change completely in order to comply with the new rules.

Word of who the GDPR will affect is still en route for some companies and we should expect similar responses from other smaller companies soon.

Do you think the GDPR accounted for such problems for smaller companies? Will small companies be able to form after the GDPR has taken effect?

Let us know what you think!

Keep up to date on your technology and it’s vulnerabilities and solutions with RE2Tech. We make I.T. easy!

What do you think about the GDPR?

Give us a call or send us an email for all your I.T needs! We at Re2tech make I.T. happen!

Phone: 952-223-4422

helpdesk@re2tech.com

Open post
EU General Data Protection Regulation

GDPR Inbound

What is the GDPR and who does it affect?

As of late there has been quit alot of mention about the “GDPR” across business, technology and government articles, mentioning how the GDPR will turn the tech world and all things consumer information on it’s head.

But what does that actually mean? It’s important to know what the GDPR is and how it will affect us on the daily, moving forward.

So, the basics, what is GDPR and what does it stand for? 

GDPR stands for The General Data Protection Regulation, and is an answer that has been in the making for seven years and will come into effect across the European Union on May 25th.

This new data privacy law give people stronger voices and control over their personal data and forces companies to make sure the data they collect, process and store is safe from outside hands.

This regulation was conceived with the hopes that companies will change the way they think about data, so that it is perceived more valuable and treated in such a way. The stem idea is “privacy by default”.

Who is affected by the GDPR?

Any form of organization that stores or uses data on people involved in the European Union is affected by these regulations, no matter where they are based.

This means even if your company doesn’t have direct relations with Europe, but you support a business that has customers inside the EU, you will also be subject to these new rules.

A good example would be a call center that handles customer services for companies that sells products in Europe, or a website that tracks browsing history, both would be affected by the GDPR regulations.

Now it may seem pretty simple on the surface, however it has large impacts seeing as data is everything these days. The cost to comply with these new regulations is quit significant, so much that it is estimated that Fortune Global 500 companies spent roughly 7.8$ billion to prepare for the new rules.

 

 

So what’s it all mean?

So what does this mean for our data and companies that collect it?

Well companies can still collect data on consumers, however they now need to prove that they have a “lawful basis” for such actions.

This could come in the form of a contract or legal obligation that allows them do collect the data.

Another way around this would be to gain consent from each customer to store and process personal data. These requests need to be clear and concise so there is no room for ambiguity or confusion.

Another form of acceptable data collection would come in the form of public interest/safety, for example the police gathering information on a wanted or suspected criminal.

And of course along those same lines, hospitals may request and collect personal data for the purpose of saving lives, especially when a patient is unconscious and unable to obtain the necessary medical information from the person directly.

What do companies have to do in order to comply with these new regulations? 

Businesses will have to pay for stronger security of personal data and won’t be able to hold personal data indefinitely anymore. Due to these new regulations there will be a significantly stronger backlash on the leaking of personal data, which we saw a lot of this past year.

Along with restrictions on retaining personal data, now anybody has the power to ask for their personal information to be deleted from a company’s servers. The only exception to this would come in the form of law enforcement purposes, or if a service is requested that requires the data to accomplish.

Businesses will now be required to inform of any security breaches within a 72 hour window if discovering the breach. This was a huge issue in 2017 when businesses tried to go as long as they could without informing their customers of a breach involving personal data.

Companies will now also at times have to prove that their use of data is properly handled, meaning increased monitoring and documentation and possibly hiring data protection officers.

Why is this happening? 

The GDPR was formed to expand and evolve the rules that were placed in 1995 when the internet really started to boom, and data started to really flow. We have been using rules and regulations that were outdated and inapplicable  in some instances, causing confusion and problems, and on some occasions abuse if data.

The European Union has stated that the new rules are necessary to protect consumers in an era of large scale cyber attacks and data leaks.

So what happens if a company does not comply with the new rules?

Huge financial penalties.

European regulators are able to fine companies up to 4% of annual global sales, which could spell billions for bug tech firms. Penalties for smaller firms would have a cap of $23.5 million.

Keep up to date on your technology and it’s vulnerabilities and solutions with RE2Tech. We make I.T. easy!

What do you think about the GDPR?

Give us a call or send us an email for all your I.T needs! We at Re2tech make I.T. happen!

Phone: 952-223-4422

helpdesk@re2tech.com

Open post

Sprint Merging With T-Mobile

The Rumors Are True

For a while now, many people including myself thought that Sprint and T-Mobile were so similar that they were the same company. Without ever taking the time to actually examine this, we now don’t have to because its about to be the truth.

Sunday April 29th, it was made official that Sprint and T-Mobile would merge in an all-stock transaction. As for the overseer of the resulting company, this will be handled ny T-Mobiles current employee John Legere as CEO and the headquarters will be at the location of T-Mobiles current base of operations in Bellevue, Washington.  Mentioned on a side note however is that the current headquarters of Sprint will also act as another headquarters for the “New T-Mobile” in Overland Park, Kansas.

So what will this merger result as? Well the two companies have made a statement that they plan to spend around $40 billion towards this new company in the first three years of it’s life. This amount is more than 46% of spending than T-Mobile and Sprint combined in the last three years. In terms of the perks of this new company, they have stated that they will be offering 5G nationwide coverage across spectrum including T-Mobiles 600 MHz spectrum and Sprint’s 2.5 GHz spectrum.

The companies stated that they expect an increase in speeds by about 15x faster on average nationwide by 2024 and many customers to expect up to 100x faster speeds in comparison to the early 4G capabilities.

Not only does the new company offer potentially better services if everything goes off without a hitch, but there is also the increase in demands for hires because of the merge, resulting in about 200,000 people that will be needed to function the new company, in order to achieve regulatory approval. There was also talk that jobs will be created by building out a network and retail footprint in areas that are generally rural regions.

It is expected that this merger will close a large gap for Sprint and T-Mobile, resulting in coat tailing At&T and Verizon in total customers, and potentially opening new possibilities of overtaking the challenging companies.

What do you think about the merger? About time? Too soon? Why oh why? Let us know!

Keep up to date on your technology and it’s vulnerabilities and solutions with RE2Tech. We make I.T. easy!

give us a call or send us an email and let’s take a look at your system and its defenses!

Phone: 952-223-4422

helpdesk@re2tech.com

 

Open post

Coding and technology: Chance the Rapper showing our young how to get ahead

Take a Chance with technology

This past December , Chance the Rapper, the Chicago based Rapper known for his dedication to the younger generations and their success, made a visit to some unsuspecting youth.

The famous rapper made a visit to Adam Clayton Powell Paideia Acadamy with a goal in mind. Chance wanted to express the possibilities technology held for the younger generations and how learning coding and other forms of technical skills will be invaluable to achieving ones future.

Chance walked into a room full of 5th graders working diligently on their coding skills. As soon as Chance made his appearance the classroom boomed into awe’s, screams and tears. Chance has made it a point that coding has been a way for him to get into the industry and that the upcoming generations should also take advantage of the opportunities before them.

Chance stated that showing up, and actualizing yourself and ideas for people can be life changing, and that he hopes that showing up to this class will inspire the 5th graders to achieve what Chance has achieved, and more. Apparently Kanye west had visited Chance’s school when he was younger and that this event had a profound effect on chance and his ambitions.

During Chance’s visit to the Adam Clayton Powell Paideia Acadamy, Google announced a $1.5 million donation to Chicago Public Schools and SocialWorks which would be used for computer science education across the Chicago Public Schools.

Google.org’s principal Justin Steele was helping to direct the efforts and stated that it was exciting to see so many people interested in coding. That coding will not only provide the students with the ability to create content but also the platform and the tech involved.

It is truly amazing what can occur when the people pool their efforts and direct their passion.

 

Keep up to date on your technology and it’s vulnerabilities and solutions with RE2Tech. We make I.T. easy!

Have you taken precautions? Is your sensitive information at risk?

Give us a call or send us an email for all your I.T needs! We at Re2tech make I.T. happen!

Phone: 952-223-4422

helpdesk@re2tech.com

 

Open post

Windows provides what Intel cannot

Big news hits the computer, updates sent out recently for Windows 10 are solving big problems caused by Intel’s patch.

Back on January 2nd, there was an announcement that Intel CPUs were having some serious problems in regards to its security vulnerabilities and that these issues stemmed from features of the CPU that was essential for performance. This issue was named Spectre. However there was another issue Intel users faced, and that was named Meltdown, which was essentially because a patch for Spectre would result in a slowing of the processors. That is exactly what the “solution” did.

Intel noted that the patch did indeed slow down processors, and saw that benchmark results were as significant as a 25%  drop in performance. The problems didn’t stop there.

Problems arose in the patch that was supposed to help. The patch resulted in some processors booting more often than they should, and generally without much any warning at all. Last week Intel announced a solution to the reboot issues, but it only affected some older processors.

So, that brings us to the current time. Intel has admitted that it’s latest patch for Spectre was basically worse than the bug it was made to fix. As a response, Windows has realeased an out-of-band patch for Windows 10, Windows 8.1 and Windows 7. This patch will disable the fix for Spectre variant 2. If you are experiencing the problem, you will need to manually download the update, as it is not automatic yet. You can find the link here.

Microsoft’s latest windows program update should stop the rebooting until Intel gets their game together and provides a proper update.

Check out the link and get your computer back in a somewhat working manner, then keep an eye out for the proper patch! It’s amazing how much heat Intel has been accumulating lately. Hopefully the future bodes a different story.

Keep up to date on your technology and it’s vulnerabilities and solutions with RE2Tech. We make I.T. easy!

Have you taken precautions? Is your sensitive information at risk?

Give us a call or send us an email for all your I.T needs! We at Re2tech make I.T. happen!

Phone: 952-223-4422

helpdesk@re2tech.com

Posts navigation

1 2 3 4 5
Scroll to top