Category: News

WEP wireless security

Posted on by Mark Pace

View Online

Alert Services (Advisory)
7 June 2013

Australians continue to use out dated encryption

Businesses and home users are advised to avoid using the Wired Equivalent Privacy (WEP) security protocol for wireless connections.

Once commonly used, the WEP security protocol is today considered broken and should not be used.

Although most router/modem manufacturers and Internet Service Providers currently supply and support devices with higher levels of encryption, many computers and networks continue to maintain wireless connections via WEP.

If you still currently use WEP, your wireless connection is vulnerable, information you send via this method is easily accessible via sniffer tools downloaded from the Internet.

You should check your current settings and if you currently use WEP, choose an alternative security protocol for your wireless connections.

How to find your wireless security settings:

Windows
For Windows based computers, you can check the level of security being used on a wireless network by viewing Network Options in the Control Panel. From here, select your wireless network and open the Properties for that connection. The exact name and location of these options will vary between versions of Windows. A security tab or menu should offer a choice of security protocols for your device.

Apple
For Apple based computers, you can check the level of security being used on a wireless network by clicking the Network icon in the System Preferences. Select your connection on the left hand side and the security level will be listed next to the network name.

How to update your wireless security:

Updating wireless security varies depending on the make and model of your wireless device. Refer to your manual for individual product details.

Modern modems, routers and wireless devices typically offer a range of encryption protocols. Wireless encryption should be set to WPA2 if available (or WPA if not).

There can be various types of WPA2 encryption, with the simplest version being WPA2-PSK. This uses a network name and requires a password. Most computers and smartphones can connect to WPA2 networks with minimal reconfiguration.

If your wireless device does not support any encryption other than WEP, it is strongly advised to update your equipment.

More information

More tips are available here (PDF).

The information provided here is of a general nature. Everyone’s circumstances are different. If you require specific advice you should contact your local technical support provider.

Information provided by the Internet Commerce Security Laboratory, www.icsl.com.au

Disclaimer
This information has been prepared by Enex TestLab for the Department of Broadband, Communications and the Digital Economy (‘the Department’). It was accurate and up to date at the time of publishing.

This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.

The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.

Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.

Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.
Host of subscription service
The Commonwealth has engaged Ladoo Pty Ltd to host the Stay Smart Online Alert Service. All URL links should show the domain send.ladoo.com.au at hover over. URL links related to the administration of the service (‘View online’, ‘Update your profile preferences’ and ‘unsubscribe’) should direct you to web pages hosted by Ladoo Pty Ltd.

CONTACT US
Facebook: www.facebook.com/staysmartonline
Email: staysmartonline@dbcde.gov.au
Web: www.staysmartonline.gov.au

2012 Australian Government. All rights reserved

SITBACK… and relax. Offsite online backup data solutions

Posted on by Mark Pace

SITBACK FINALSITBACK (“Sterling IT Backup”) provides our customers with a seamless, robust online data backup solution to an offsite location.
Also known as Cloud Backup.

Data loss or the exposure of sensitive data can result in huge financial losses, legal penalties, loss of reputation, brand damage, loss of intellectual property, loss of customer trust… and all this can easily lead into bankruptcy.

 

Sterling IT specialises in secure online backup and recovery. Whether you are looking for online backup of servers, distributed networks, workstations or notebooks, Sterling IT has a suitable solution and reliable technology that will scale with your business.

Sterling IT provides real-time, hassle-free, local and offsite backup protection. It offers a reliable, centrally managed backup solution that unravels complexities and makes it easier for IT managers and business owners to protect their organization’s most important asset – their data.

Both small business and enterprise solutions Sterling IT offer both allow unlimited clients. That is you can run the backup client on 1 computer/server or 100’s of computers/servers (including laptops that are in the field all the time). That’s right, NO CLIENT FEE. You can start with 1 or 2 systems and just keep installing onto more computers or servers as required. All that is required is an internet connection.

In today’s information-driven organisations, the cost of managing, keeping available and recovering data can be overwhelming.

The ever-increasing role digital information plays in our lives has increased scrutiny over how it is stored and protected.

In order to ensure company’s good name, integrity and longevity, data must be stored securely and in multiple locations; this is no more just “nice to have”, it is a necessity.

Enterprises are seeking new ways to tackle their data protection challenges. While data growth is not new, the pace of growth has become more rapid, the location of data more dispersed and the value much higher.

Sterling IT offer plans starting from $9 per month based on storage requirements. Unlimited computers! All backed up to AUSTRALIAN DATA CENTRES.

SITBACK is the easy to use, automated and affordable way to backup your irreplaceable data. At your predetermined time, your data is encrypted, compressed and sent to our secure, offsite servers.

For a limited time, Sterling IT is offering our clients a free trial and installation.
Contact us now to organise protecting your data.

sitback

Further information and terminology can be found at https://en.wikipedia.org/wiki/Remote_backup_service

Is your website infected with Malware or on a blacklist?

Posted on by Mark Pace

People trust many websites today including ticketing sites, real estate sites etc. The issue is most malware and trojans are being injected into sites we actually trust. This can include YOUR website.
If you want to be as sure as you can if your website is clean, go to Securi Sitecheck, type your URL and check for any malicious code or blacklists you may be on.

You will see results like below (Sterling IT is safe!). if you find your domain has any issues or is on a blacklist, contact Sterling IT as soon as possible. The longer you leave it, the longer it will take to reverse.

Comparitech have published a list of the best web application firewalls (WAFs) that can help protect a website from hacks and external attacks. Here’s the link – https://comparite.ch/best-waf

Sterling IT Offering Free Technology Training for you and your company.

Posted on by Mark Pace

It is important to ensure that you, your staff and company, are aware of increasing technology threats, best practice and usage of systems. This also includes working closely with Sterling IT and understanding new and upcoming technologies. Some items we can include are new and ongoing threats, especially in Australia.

Please see this link from the Aust Govt (Aust Institute of Criminology) which outlines a lot of definition on just some threats in Australia and around the world.

If you and your staff are aware of the threats to your business, hopefully the damage will be little or none.

How can Sterling IT Help YOU ?
We are offering FREE training to all our Managed Service Clients (SITMS). All you need to do is click here and provide a couple of dates and times, and we will do our best to accommodate these.

Not a Managed Customer, no worries. Contact our office, ask for Mark and we will be happy to arrange a quotation for you.

 

Thousands of Aussies hit by Westpac trojan

Posted on by Mark Pace

Source CRN.COM.AU
By Darren Pauli on Mar 15, 2013 12:30 PM

Huge phishing campaign hits inboxes.

 

Trojan-laden phishing emails bearing the Westpac name have deluged hundreds of thousands of Australian inbox’s this morning.

The trojan backdoor slipped past almost all anti-virus engines placing victims at heightened risk of infection.

Specific details of the malware or its method of obfuscation are not yet known. However Fortinet and DrWeb today classified the sample as W32/Kryptik.KZ!tr and BackDoor.Slym.1498 respectively.

Continue reading “Thousands of Aussies hit by Westpac trojan”

Apple hit by hackers

Posted on by Mark Pace

Exploited Java flaw.

Apple was recently attacked by hackers who infected the Macs of some employees, in the widest known cyber attacks against Apple-made computers to date.

Unknown hackers infected the computers of some Apple workers when they visited a website for software developers that had been infected with malicious software. The malware had been designed to attack Mac computers, the company said in a statement.

The same software, which infected Macs by exploiting a flaw in a version of Oracle’s Java software used as a plug-in on web browsers, was used to launch attacks against Facebook this week.

The malware was also employed in attacks against Mac computers used by “other companies,” Apple said, without elaborating on the scale of the assault.

But a person briefed on the investigation into the attacks said that hundreds of companies, including defense contractors, had been infected with the same malicious software, or malware.

The attacks mark the highest-profile cyber attacks to date on businesses running Mac computers. Hackers have traditionally focused on attacking machines running the Windows operating system, though they have gradually turned their attention to Apple products over the past couple of years as the company gained market share over Microsoft.

“This is the first really big attack on Macs,” said the source, who declined to be identified. “Apple has more on its hands than the attack on itself.”

National security

Cyber-security attacks have been on the rise. In last week’s State of the Union address, US President Barack Obama issued an executive order seeking better protection of the country’s critical infrastructure from cyber attacks.

Over the weekend, cyber-security specialists Mandiant reported that a secretive Chinese military unit was believed to have orchestrated a series of attacks on US companies, which Beijing has strongly denied.

White House spokesman Jay Carney told reporters on Tuesday that the Obama administration has repeatedly taken up its concerns about Chinese cyber-theft with Beijing, including the country’s military. There was no indication as to whether the group described by Mandiant was involved in the attacks described by Apple and Facebook.

An Apple spokesman declined to specify how many companies had been breached in the campaign targeting Macs.

“Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers,” the statement said.

“We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple,” it continued.

The statement said Apple was working closely with law enforcement to find the culprits, but the spokesman would not elaborate. The Federal Bureau of Investigation declined to comment.

Apple said it plans to release a piece of software today, which it said customers can use to identify and repair Macs infected with the malware used in the attacks.

 

Source : https://www.crn.com.au/News/333756,apple-hit-by-hackers.aspx?eid=4&edate=20130220&utm_source=20130220&utm_medium=newsletter&utm_campaign=daily_newsletter

By Jim Finkle and Joseph Menn on Feb 20, 2013 8:03 AM (42 minutes ago)
Filed under Security