The Password Crack’d

With the Halloween season upon us, we begin with a review of something that’s the stuff of nightmares for IT support, and business owners – the hacking of devices & networks and general cyber security issues.

Passwords give cyber security experts the heebie jeebies. People are generally lax when left to setting their own login information, and weak or easy-to-guess passwords are all too common. Users generally use highly predictable passwords, such as their pet’s name. This will be compounded with re-use of the same password across multiple sites, allowing the hacker to access all accounts with the minimum of effort. It has been reported that almost 1-in-3 people admit to using the same password across multiple sites.

While most sites and apps are upping the security layers, through things like dual-factor authentication, biometric data, etc, password only access is still common and hackers are very adept at harvesting, guessing, or tricking people into revealing their access details through a number of devious means.

Common Cyber Security Weaknesses

Some of the most common, and effective, methods for stealing passwords are:

Phishing/Smishing: Sending a fraudulent email or SMS text message to trick the victim into clicking on a link or downloading an attachment which is infected with a virus to create a backdoor, or to encrypt the files on the device. Common versions during lockdown involve messages pretending to be from delivery companies.

Social Engineering: Gaining the confidence of the victim by tricking them into believing they’re communicating with a legitimate helper — tech support, bank, police, etc — and getting them to hand over their details. The modern day equivalent of turning up to the door in uniform with fake ID.

Malware: Placing spying software, such as a keylogger or screen recorder onto the victim’s device to record activity, and also search for passwords or other useful personal data on the device. This can be planted through the above phishing techniques or by visiting a dodgy or compromised website.

Brute Force / Dictionary Attack: The old school technique that looks to guess the login credentials by automating the process of guessing many combinations. Still surprisingly effective because of how many people still use easily guessed passwords. And, because of the amount of password re-use, hackers will use credentials garnered from any past data breaches to see if that password still works on the compromised site and any other sites where the user may have an account. This is why you should always change passwords at regular periods, and immediately after any breach is known.

Things become more complex once you get to the level of mask attacks, rainbow tables and network analysers, and the deeper espionage of spidering, but we’ll leave those cyber security worries for people actually employed in the IT security world.

Ultimately the most common ‘hacks’ rely on sneaking past the average user’s defences, so always be vigilant when receiving emails and texts that are asking you to click on something, don’t use an easily guessable password, and never re-use the password across multiple logins.

If you need a review of your company’s cyber security practices and data management, contact us today for help.

The Tale Of The Lost Laptop In The Sky

From Channel Daily News in Canada…

“In 2007, a Boeing-owned laptop with the personal data of about 12,000 former employees went missing on a flight. The company did not believe at the time any of the data would be compromised. The data on this notebook included the names, addresses and most importantly the social security numbers of these former employees. The company waited weeks to inform these people that a breach occurred.

Then, one former employee found out that a criminal used the social security number to apply for credits all across the USA. Most of those applications got rejected and showed up at this man’s mail box. Those rejections also show up on his credit score which was significantly lowered as a result.

To clear up this mess, he spent months on the phone in automated customer service hell. He had to convince call centre operators that who he was and that he did not live in places like Minnesota or Florida.

After clearing things up the credit card companies decided to put a fraud alert on his information. This would prevent criminals from obtaining a credit card under his information; however, it also prevented the man from opening up a bank account.

More than three years passed before he stopped getting credit card rejection letters in the mail. As for that missing notebook… well it’s still missing.”

Cyber Security Can’t be Ignored

In the many years that have passed since that episode, large-scale data breaches against corporations holding sensitive personal data has become an increasingly common problem. Large companies store the details of hundreds of thousands of employees and customers, both past and present. Even a company with the most stringent IT security can find its systems compromised in the most unexpected ways, and it’s important for those companies to report any potential data loss as soon as possible, and not assume said data won’t be used criminally.

Whatever the size of your business, it’s best to mitigate against attacks on your IT systems with a robust cyber defence system and protocols for handling data.

Contact us today about an audit of your business and find out how to bolster your IT security.

Stranger (Internet Of) Things

Who’s looking forward to the world of a fully connected, computer-controlled, automated life? Where your house automatically sets your preferred temperature and lighting levels, and automatically controls the locks and alarm as you come and go? Where the fridge and cupboards automatically reorder items when you’re running low? Where a voice-activated ‘assistant’ manages your daily routine. Where the car self-drives you to your destination using autopilot and GPS, and then goes and self-parks?

This tech, and much more, is currently available under the moniker the ‘Internet Of Things’. Some people may already have some, or all, of these things to a greater or lesser extent. It’s the Utopian dream and nothing could go wrong, right?

With the infancy of technology comes weaknesses and cyber security issues, so let’s take the opportunity that Halloween allows to look into some of the darker sides of this technological advancement.

How about the one about the light bulb that performed a DoS attack on the owner’s smart home? A mundane but annoying problem, without even the interference of viruses or malware.

‘Rojas’s house froze up, and stopped responding to his commands. “Nothing worked. I couldn’t turn the lights on or off. It got stuck,” he says. It was like when the beach ball of death begins spinning on your computer – except it was his entire home.’

Out on the road, people allow GPS to override their common sense, usually to the wrong location, but sometimes into water or other obstacles.

“After asking the GPS to re-route, they took what they thought was a road that would lead them to the highway. Instead, their SUV ended up sinking into deep water. The ‘road’ turned out to be a boat launch, and the water a lake.”

If people are having trouble with the GPS system, what happens when you go full autopilot – a la Tesla, and potentially Google or Uber’s self-driving taxi services? Hacks on vulnerabilities in your home can be annoying, hacks on vulnerabilities in your fast-moving vehicle could be terrifying.

As with any of your common-garden networks, servers and software, autopilot data can be corrupted, infected, or hacked.

“the $80 million, 65-meter luxury super-yacht yielded its GPS-determined course until it was under complete control by hijackers. No alarms went off. As far as the ship’s GPS equipment was concerned, the signals it was getting were authentic.”

While there’s potential for your Amazon drone delivery to be intercepted before even reaching the door, military drones could also be a target – and imagine a whole army of military drones being compromised!

“I developed a drone that flies around, seeks the wireless signal of any other drone in the area, forcefully disconnects the wireless connection of the true owner of the target drone, then authenticates with the target drone pretending to be its owner, then feeds commands to it and all other possessed zombie drones at my will.”

And the moral of the story is? When everything is connected then everything, and everyone, is vulnerable. Cyber Security is an area rife for exploitation. Don’t have nightmares!

While the tech big guns — Microsoft, Apple, Google, etc — are committed, through a joint venture, to keep AI both ethical and beneficial to Humanity, in everyday business life the appropriate cyber security precautions can be taken to stay protected. If you’re concerned about the health of your company IT security, get in touch today.

LaneSystems Out And About In Teesside

You may have seen Michel, Tina and Hayley running our stand at the Tees Valley trade show at Wynyard Hall on September 30th.

“It was great to attend this year’s Teesside Expo, our first public event since the beginning of lockdown” said Tina.

“Such a fantastic opportunity for Michel, Hayley, and I to represent LaneSystems Ltd. We are looking forward to next year!”

Windows 11 Is Here

Although Microsoft told us Windows 10 would be the final version of their operating system, times have changed and October 5th saw the release of Windows 11, a major update to the look and feel of the World’s most popular desktop OS.

The early reviews are filled with praise for the new design, giving it a thumbs-up for its modern, clean, attractive interface and its more consistent look. The performance boost, improved functionality and app support are well-received features.

While the new centred task bar layout might be getting the most comments, one of those areas of improved consistency is the Settings, for managing programs and devices, and an improved Start Menu and File Explorer interface. There’s a new Widgets panel and streamlined Notifications and Quick Settings area. An improved app experience will see the integration of Android apps.

Most useful for businesses is the further improvement in the Snap Layouts and Multitasking features, along with massive integration of Microsoft Teams and its suite of applications for a more streamlined workflow.

Before you all rush to get up to date with Microsoft’s latest offering, there are some fairly strict hardware requirements to allow you to install. The base requirements are a 64-bit processor (no more 32-bit support), 4GB of memory, 64GB of storage, UEFI secure boot and TPM (trusted platform module) 2.0. It’ll need a CPU from the last four years.

Windows 10 is still going to be supported through to at least 2025 so if you’re looking to see if there’s a benefit to making the switch to Windows 11, get in touch and we can show you which OS is right for your business.

And finally…

Halloween has grown in popularity in the UK over the years, and there’s plenty of tech around to get into the spirit of the night. Here are some fun items we’ve found to enhance the ghoulish grooves:

The Bloody Bath Mat: A novelty horror bath mat with an invisible colour-changing sheet that turns red when it comes into contact with water. Leave a trail of bloody footprints when you get out of the shower.

Purge LED Mask: Creep out your friends, family and neighbours with a light up LED face mask based upon the popular dystopian film franchise.

One-Eyed Doorbell: When visitors press the doorbell, the eye opens up and creates scary sounds.

Animated Halloween Scarecrows: Greet your visitors with a sensor controlled 2m tall spooky figure with glowing eyes and scary noises.

Halloween Holographic Projectors: Up the production values by projecting a series of spooky high-end optical projection screen videos in a window of your home.

And if you want to go all out with the spooky experience, take a cue from Samsung who, last year, got into the Halloween spirit by using their SmartThings technology to create a spooky show at the 300-year-old Old Bury house.

Showcasing what can be done via their app to control lights, cameras, music, fog and sound effects, many Brits plan to use these ideas to enhance their own interactive celebrations.