fbpx
Open post

WPA2 protocol leaves all access points vulnerable! Including yours!

Recently, some online researchers have discovered a fatal flaw in the WPA2 protocol. This flaw can affect anyone and everyone that is involved with Wi-Fi access.

This flaw allows potential attackers to manipulate vulnerable information such as passwords, e-mails, and other encrypted data, whilst intercepting that information they may also leave ransomware or other malicious content into a website a client is visiting.

The point of weakness is called KRACK, short for Key Reinstallation Attacks. Supposedly the research has been kept under wraps and was designated for disclosure on Monday at 8am.

This point of weakness affects the core WPA2 protocol itself and is highly effective against devices running Android and Linux as well as OpenBSD. To a less extreme measure. it also affects macOS, Windows, and MediaTek Linksys, along with other types of devices. It’s believed that attackers can exploit the flaw to decrypt a cache of data that is normally secured by the ubiquitous Wi-Fi encryption protocol.

The vulnerability allows potential access to credit card numbers, passwords, chat messages, emails, photos among many other possibilities. All modern Wi-Fi protected networks.

The attack functions by forcing the phone/device to reinstall an all-zero encryption key, rather than a real key.  Some may think that visiting only HTTPS-protected pages would solve the issue, however the risk remains due to many sites possibly being improperly configured allowing the forceful action of dropping encrypted HTTPS traffic and instead transmitting unencrypted HTTP data.

Patches have started to be developed for devices at the most risk currently. Thus far Linux patches have been developed but there is no word when they will be released. Some however not all Wi-Fi access points have patches available right now.

There will be an official address on November 1st at the ACM conference on Computer and Communications Security in Dallas. Its believed the address will also be available on krackattack.com’s site.

This could become one of the biggest threats to large corporations and government Wi-Fi networks.

Its advised to abstain from Wi-Fi use until patches are available and instead use a wired connection.

contact use with any questions/concerns about your vulnerability 

Open post

TransUnion, rival of Equifax having the same breach issues!

Apparently Equifax isn’t the only one having issues with the security of their website.  TransUnion’s website has been leading unsuspecting costumers to a false Flash update as well.

A researcher from AV provider Malwarebytes has stated that transunioncentroamerica.com is sending visitors to fraudulent update pages and other forms of malicious sites. Just like Equifax, TransUnion seems to be at the mercy of Adware and Malware. If the false Flash update is clicked on it can lead to infecting computers with an unpatched browser or browser plugins.

TransUnion has since addressed the issue and declared the issue is resolved on the specific site, while investigations of their other sites are in the process.

It is believed the reason this issue has come to rise is the fireclick.js JavaScript that has been in use by both Equifax and TransUnion. Fireclick.jk pulls content from a long chain of pages starting with those hosted by akamai.com, sitestates.com, and ostats.net. Depending on the visitors’ IP address, browsers generally wind up visiting pages that deliver false updates and the like. It is presumed that ostats.net is where the issues arise, however no confirmation of that has been achieved yet.

Give us a call at Re2tech and lets talk about the level of security your network has and the technology you could be using to enhance your safety!

Open post

Equifax leads to disaster once again

Equifax, which recently had a security breach now has another.

In May, Equifax lost customer’s SSN, names and loads of other personal information to a security breach. Getting much scrutiny, they worked on getting the issue under control and had stated that it was solved. However it appears they were wrong.

A malware researcher ran across a bogus Adobe Flash update while going through the Equifax website. This occurred Wednesday  and Thursday for several hours. If clicked on, a visitors computer would become infected with adware. This adware is only detected by 3 of 65 antivirus providers.

Generally for malware like this, it only shows up once for each visitor and not even all visitors, more so a cluster at a time to prevent widespread detection. However the adware on the Equifax site was persistent in comparison to most other adware’s. You could run across the bogus flash update on multiple occasions increasing the risk of of it being clicked on and taken seriously. If clicked you will begin downloading ‘MediadownloadIron.exe’.

It’s suspected that the issue is stemming from a third-party that Equifax has been working with, which could mean the fault isn’t on Equifax’s end but the third-parties end. This could also pose a problem for other websites, so it’s important to keep an open eye.

Equifax needs some help it seems! Maybe they should call Re2tech? Well if they don’t, you can! Give us a call today and let us ensure your online security! Let’s not follow suit with Equifax. 

Open post

T-mobile the next big company to have leaked customer information!

Recently reported by a security researcher, a T-mobile bug on their website exposed its customers personal information.

Due to a major flaw on T-mobiles website, hackers apparently had an easy access option to millions of customers’ personal information with only their phone number. Supposedly the bug was fixed on Friday once the security researcher brought the issue to T-mobiles attention.

The types of information that may have been breached is a customers e-mail address, account numbers, and phone’s IMSI, which is a unique identifier that is assigned to every device. However it’s important to note that there is no evidence that the information was used in any malicious manner.

Potential problems can however arise from the use of someones IMSI number which could allow someone to track the phones location and/or intercept calls, text messages and metadata. Generally these IMSI numbers are used by law enforcement to track cell-phones that belong to persons of interest or help locate missing persons.

Here we are again with possible problems with online security. Another reason to ensure your cyber security and effectiveness.

Give us a call at Re2tech today and let us ensure the validity of your network! Also if your a T-mobile user, just keep a more watchful eye on the functionality of your calls/messages. 

Open post

Disqus breach. Hackers: 10 low security standards: 0

Here we are again folks, another article of a large breach in security, leaving multiple thousands in a state of possible vulnerability.

It was discovered that back in 2012, the same year Engadget used Disqus for comments,  hackers had claimed data from Disqus’ servers. A snapshot of usernames and the emails associated, dating back to 2007, as well as sign-up dates, and last login info and users of the 17.55mm text had been captured. Adding onto that, it seems that 1/3 of the passwords were also breached from those affected accounts, despite being hashed (SHA1)

Disqus learned of the hacking this past Thursday after Troy Hunt of Have I Been Pwned notified disqus that it had obtained a copy of the site’s disclosed information.

Apparently Hunt has also come across breaches for Bit.ly and Kickstarter, while stating he has three more to go.

If you have an account with any of above mentioned sites it would be wise to check on your vulnerable information and ensure all your things are accounted for.

Dont wait until your information is discovered by Have I Been Pwned, act now and give us a call about beefing up your security system! 

Open post

Whole Foods credit card breach

Recently discovered by the Whole Foods company was the possibility that nine of its Bay Area locations had their credit card information exposed to hackers.

Customers who bought groceries at 56 stores through the country were unaffected by the breach.  However those who frequent the in-store table-service restaurants and taprooms at those locations may have had a breach in their credit card information. The main registers of the store were unaffected.

The breach in security was made public last week, along with the nationwide locations that were affected. The link to the site that shows affected stores is here.

Two San Francisco locations, three in the South Bay, and other parts of the Bay Area. Currently it is unclear how many customers were affected by the breach.

Open post

Yahoos 2013 hack affected everyone!

Yahoo’s most known and infamous hack in history, is worse than initially thought.

According to Verizon, who acquired yahoo in June, its now known that all 3 billion users were affected at the time of the hack. No one got away. This is a huge upset in comparison to the initial damage report of 1 billion, that was disclosed years ago.

The hacked information was most all sensitive and private information of the users. Phone numbers, birth dates, security questions and answers, and “hashed”, also known as scrambled, passwords. After the recent investigation of Verizon while transitioning Yahoo, it was noted that the scramble function for Yahoo user’s passwords was very outdated and easily unscrambled, so account passwords were likely breached.

Yahoo is sending emails to those accounts previously thought of as unaffected by the hack back in 2013.

Four years later and we have discovered that a hack that was already known to be one of the worst in history, is now back in the limelight because it was actually much worse than initially reported. This is a prime example that, despite thinking we have all we need to know on a situation, it can come back and bite us in the butt again. This reason alone should be proof enough that cyber security is something to take seriously, and provide the right amount of attention in order to lessen the likelihood that it occurs to you or your company!

Give us at Re2tech a call today and let us help you set up a strong network, and educate on the necessary precautions and management of a network. 

Open post

Not sure if your company has some loopholes in its cyber security? Let us test it for you!

Recently with the more and more hacking news coverage, people are becoming increasingly worries about their cyber security. With reason to be worried, there are businesses hiring ethical hackers to test their systems and discover any loopholes that may be present.

In India, there is a new platform startup that’s become increasingly popular. An ethical hacker, or in other words, a hacker who tests the networks of businesses/companies, has been getting more and more attention. The basis is that there are a lot of loopholes in cyber security, but if you don’t know what to look for, there’s no way of knowing it’s there.

This startup was started by two young men who thought businesses should be aware of their vulnerabilities. At first people were skeptical about trusting self proclaimed “hackers” but were later happy about their decision to go through the process. The two young men have become somewhat famous in India for their service to businesses and even home networks.

The idea that cyber-security  is not necessary or something to worry about, is being overwritten by the recent activity of malicious hackers. The Equifax breach was a tough blow to stomach, however it has helped people become more aware of the possible vulnerabilities that lay in front of them.

We at Re2tech may not be hackers, but we are better! We are I.T.! We have a more elaborate skill set and understanding of cyber security and networking. We can provide you with a strong sense of security when it comes to your business or home network, helping you move along with your day not worrying about your data that is essential in your everyday life!

Give us a call today and lets ensure your network is above standards! We will ensure to close any loopholes we find, and trust us, we know what to look for! Don’t wait until you are already a victim, its better to make plans that anticipate, rather than plans that react! Lucky for you we do both! 

Open post

What is Cloud technololgy?

Most often, when someone mentions the ‘cloud’, there is often someone who is too embarrassed to ask ‘what’ the cloud is.

Cloud technology has taken the world by storm (no pun intended) in most all areas these days, the cloud is involved in the information storage/management. Businesses to college campus’ to home networks.

So what is the cloud?

The cloud refers to technology that runs software and services on the internet, rather than locally, on your computer. Most all cloud services are accessed through hosting websites, like Firefox or Google Chrome, however there are some companies that offer mobile apps dedicated to cloud functionality as well.

Well known examples of cloud technology would be Google Drive, the application that people often use for image storage, or documents as well. There is also Apple iCloud, Netflix, Yahoo Mail, and Dropbox.

Why the cloud?

The pro’s of cloud technology are often seen through the ability to access your information on any device with an internet connection. For example say your in India on a business venture and you need to pull up some documents you saved on the cloud while back in Chicago. Just connect to an internet source and you’ll be able to access the same location you saved your documents to! You can even edit the files in India and see the changes back in Chicago! Not only that, but you can allow others to have access to the documents, and they can add or subtract information as well, from all across the globe!

Another nice benefit, is due to the cloud servers doing most all the computing and storage, it means your computer doesn’t need to be a high-end machine! Google actually the Chromebook specifically for that reason. It gives accessibility to a wider range of people with multiple different situations, to be able to accomplish the same form of information sharing/storage.

The cloud is awesome!

Correct! However you must still be aware, that without an internet connection, your completely shut out from all of your information stored onto the cloud. This can become a problem for some people. It’s also important to note, that the cloud could become prone to hacking. If the companies security measures are not strong enough against an outside access, your information may be at risk.

It is wise not to put everything onto the cloud and make a habit of storing the vital/sensitive information on your personal drive with a strong network security (which we can help you with!) so that your information security isn’t in the hands of others.

Give us a call at Re2tech today and we can help you set up a cloud storage option, and bulk up your network security! We make I.T. happen! 

Open post

Google acquires cloud identity company Bitium

Google cloud has recently acquired the company known as “Bitium”, a company which gives a focus on enterprise grade identity management and access tools.

These tools can be used for single-sign on, for applications based on the cloud. This newly acquired company will help Google better manage enterprise cloud customer implementation across and organization. This will include several functionality aspects such as security levels and access policies across applications and devices.

The main purpose of Bitium is offering single-stop solution for the management of Google apps, Office 365, social networks, CRM, and collaboration and marketing tools, along with this, the ensurance of security standards.

Google is planning to continue what Bitium was working on, however in its own way, and extend to additional application partners. Plans are in the process to keep it as an open platform for third-party identity management providers that integrate with enterprise customers on the one side, and Google Cloud and G Suite on the other.

This could spell some new options for businesses and their integration with cloud technology and identity management!

Give us a call today and ask us about any networking or technology questions you may have for your home or business! Don’t forget to ask us how we can improve upon your current foundation! 

Posts navigation

1 2 3 4 5 6 7
Scroll to top