There’s been a report making the rounds recently about an anonymous person posting over 10,000 user names and passwords to Hotmail, MSN, and Windows Live accounts on a public internet forum.

http://www.wired.com/threatlevel/2009/10/10000-passwords/

This is obviously a pretty big deal, and brings the importance of Internet security into the limelight. Its speculated that the person was able to secure these passwords using a standard social engineering “phishing” scheme that we’re all constantly warned about. The most stunning revelation here, in my opinion, is the most popular password chosen for the accounts:

123456 …NOT a good password!

Now, hopefully you have a password policy in place at work or even in your personal life that stops you from resorting to a simple password selection scheme. I know that in this scenario a secure password would not have protected you but the fact that so many people chose such a simple password should prompt you to take note and review your password picking prowess.

A secure password should be 6-8 characters long and contain a mix of upper and lower case letters, numbers, and special characters. Your password should also not be written down and left lying around or emailed to anyone for any reason.

Can’t remember your new complicated password? Build your own password system! You’ll make sense of password security. Try this pro-tip:

Take the first 3 letters of the site or service the password will protect and mix up the upper/lowercase.

Let’s try Yahoo:  yaH

Throw in a special character:  *

Put in the month and year you changed your passwords:  10-09

And voila:  yaH*10-09

If you resolve to change your passwords once a quarter and keep to this simple system, changing it up a little every quarter, you’ll have a secure, complicated password that you’ll easily remember.

Greg Williamson
Account Manager

Share on Facebook

As a remote provider of IT services, it is our job to fix problems that our clients encounter with their technology. However, after doing this for six years now, I’ve noticed that many of the issues that we end up troubleshooting are very preventable. In fact, there are several effortless things that every computer user can do to increase their PC’s online safety.

1. It’s OK to be suspicious – Be very picky about the sources you’re downloading files from off of the internet. Using an extra cautious eye here may save you from being the victim of worms, viruses, and Trojan horses. Many people fail to realize that email is actually the source of most of these bad boys.

2. Scan Scan Scan - Scanning is your friend. Be sure to scan all discs and downloads, checking for viruses before you run them.

3. Prepare for danger – Install anti-virus software programs on all computers right from the beginning. Also, make sure your PC has been updated with the most current updates and patches available.

4. Learn what’s out there - Every so often, it’s a good idea to do a quick search and read up on the internet viruses and worms that are currently out there causing the most trouble. By being aware of the types of things that could potentially infect your PC, you’ll know what definitely NOT to click, and also see pattern trends in the types of crafty things hackers attempt to pull off.  You’ll become both more computer savvy AND more likely to steer clear from future computer woes.

5. Think before you type – No legitimate bank, or any other company for that matter, will ask you for personal information over an instant message or via a pop up. A good rule of thumb both online and in life, if something seems fishy, it most likely is. Don’t give out any info that you’re not 100% sure will be safe. And if you encounter something funny on your PC, contact your IT support provider immediately.

Josh Clifford
Chief Service Officer
Everon Technology Services

Share on Facebook

Anyone with an email address has been a victim of spam attacks. We’ve all seen the spam messages offering us deals on miracle physical enhancement drugs, Nigerian gentlemen wishing to pay us to help them move money, and weird, random text and phrases that have spawned the pop culture movement called “Spam Lit.” While occasionally amusing, most of the time these messages are bothersome and occasionally even dangerous.

Spammers don’t really make money, do they?

Email is cheap. All you need is a computer and an internet connection. Combine this low operating cost with an enormous number of potential viewers, and you’ve got a recipe for a decent return. These days, spam isn’t even about getting people to buy stuff… it’s about advertisers getting spammers to get the word out about products, regardless of the actual numbers of resulting sales.

Well then, what’s spoofing got to do with it?

Anti-spam techniques are more sophisticated than ever; most filtering software packages and services know to immediately throw out stuff that looks like it came from a spammer. So what’s a spammer to do? That’s right, make their mail look like it came from a legitimate source. However, this method of getting spam through filters can have a terrible side-effect – a misdirected bounceback (commonly called “backscatter” or “collateral spam”).

From the Wikipedia article on spoofing:

“E-mail spoofing is a term used to describe fraudulent email activity in which the sender address and other parts of the email header are altered to appear as though the email originated from a different source. E-mail spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message. By changing certain properties of the e-mail, such as the From, Return-Path and Reply-To fields (which can be found in the message header), ill-intentioned users can make the e-mail appear to be from someone other than the actual sender.”

Here’s the flow of a spoofed email:

• A spammer sends a bulk email message to a bunch of people. They set the From or Reply-To field to use your email address.
• This bulk message hits the spam filters of a majority of those recipients
• Those spam filters automatically reject the bulk mail message for one reason or another and send a bounceback message
• YOU receive the bounceback message (the backscatter) because your email address was listed in the From or Reply-To field.

What can you do to prevent spamming and spoofing?

There are many spam filtering services and software packages available on the market today; Everon provides an excellent spam filtering service to our clients, with capture rates up to 99%.

However, at the moment, there is no way to prevent spoofing entirely. Some DNS hosts allow SPF records, but this is still a fairly new development, and many mail servers pay no attention to the existence of these records. The use of SPF records requires participation on both sides of communication – the sender and the recipient. You, the sender, can specify mail servers which are allowed to send mail from your domain, but the recipient may not bother to check the sender policy to verify that the sending mail server is in that list.  Maybe someday!

Kristin Mott
Network Engineer Team Lead
Everon Technology Services

Share on Facebook

You may or may not have heard news about the latest Microsoft Windows vulnerability. This vulnerability allegedly went into effect today, 4/1. An April Fools joke?  One can hope – but it’s always better to be safe than sorry. Make sure that your Microsoft security patch is up-to-date in order to protect yourself and your business.

If you’re an Everon client, please be rest assured that we’ve already taken measure to ensure that this threat will not impact your systems.

If you’re unsure if your computer is protected, or simply prefer being 100% certain that it is, visit the Microsoft patch link below and select the appropriate operating system to get the download: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Share on Facebook

Social networking sites are popping up constantly on the internet. Networking has become mainstream. It’s a way to establish new relationships and nurture those that already exist. All companies seeking prospects should network. One of the largest and most popular social networking sites is Facebook. Recently, more and more companies have found that Facebook could be beneficial to their business, services, and overall brand. “How,” you ask?

Facebook has developed a number of tools and applications that make you able to circulate your brand and move your business to the center of existing and potential customers’ minds. Networking like this can foster ways of thinking “out-of –the box” – which will do great things for your business. Here’s how Facebook can help…

1. Photos: This is one of Facebook’s original apps. Everyone loves viewing photos. Posting photos of your company, and company events will show clients and potential clients the environment of your workplace and what your business looks like.

2. Advertising: Advertising on Facebook can enable a company to choose a specific demographic, view how many people the chosen demographic will reach, and then advertise to it. Every company has a service, idea, or product that can be promoted to increase business revenue and attract prospects. Advertising on Facebook can help get your company’s name and logo out to the public even more to build further recognition.

3. Polls: This is a great tool for any department in a business to find quick answers about a particular feature, service, or idea they would like to execute. It is also great in looking to find out information and opinions from clients, other employee and co-workers or a specific targeted demographic on how to better implement services or anything that is relevant and important to discuss.

4. Free Conference Calls: An application that can be used to foster quick and immediate connections in a more meaningful, interactive, and personal way with clients and potential clients. In addition, short or long business meetings can be organized more quickly and better between co-workers at your company and other companies.

5. Introductions: Want to learn  some background information about a law firm that you are thinking of working with? Try searching for them on Facebook.  Facebook allows users the option of a quick, more efficient process of networking. Giving and receiving introductions in a systematic and more formal way.

On an end note, keep in mind your company’s goals for being on Facebook. Choose only those tools and applications that will help the company to communicate, achieve, and strengthen those objectives. Facebook can be a great aid and privilege—don’t abuse it or the company can lose it.

Jessica Sannella
Everon Technology Services

Share on Facebook