Find (and Fix) Your Fish Tank

Recently an unnamed casino's network was hacked via an internet-connected fish tank. (Yes, a fish tank...) Hackers exploited a flaw in the fish tank's software and then used it to move around the rest of the casino's network, compromising other machines and stealing data.

Despite the obvious question of why a fish tank would be connected to the internet in the first place, what is the true lesson here? How many of us have a "fish tank" in our homes or businesses just waiting to be hacked by cybercriminals?

Yahoo: (how could it possibly be) Worse Than We Imagined

Here's a quick followup to September's post regarding Yahoo's admission that they had 500,000,000 accounts stolen back in 2014. (For those who lost count of the zeroes... that's 500 Million...)

Yahoo recently fessed up to another security breach... this one happened a year earlier than the aforementioned breach, and it's twice as bad, having affected 1,000,000,000 accounts (that's ONE BILLION).

Besides the sheer volume of the breach, this has very far reaching effect. Even if you do not have a Yahoo email account, Flickr is a Yahoo-owned service and those accounts are included in the breach. If you've had a Verizon phone in the past, then your email account was likely managed by Yahoo. And it doesn't end there... Many are advocating deleting all your Yahoo accounts, however it's not always that simple. Here are a couple of articles that may prove helpful:

HTTPS Is Coming to a Site (Very) Near You

I wanted to take a minute to let all of CommandB's clients know about some important security-related changes coming from Google. You may have heard about Google's increasing efforts to move all websites to using secured connections via HTTPS. In short, here's what's happening...

Currently, if a site is secured via HTTPS, then a padlock appears in the URL bar along with a green "https" next to the URL which most users have learned to associate with a secured website.

CommandB.net | HTTPS indicator

If the site is NOT secured with HTTPS, then Google Chrome displays a neutral "info" icon next to the URL. If you click on this icon it tells you that the connection to the website is not private.

CommandB.net | Chrome - No HTTPS

Secure Your Home Networks Now

Chances are that most of you maintain an acceptible level of network security at your offices, but can you say the same thing about your and your employees' home Internet connections? Considering that it's becoming more and more common for employees to perform at least a portion of their work from home, maintaining good home network security is almost as important as it is at the workplace.

Since most "normal" people aren't comfortable with the complexities of computer networking, manufacturers of network devices try to make things as simple as possible to set up. Unfortunately, this often leads to massive security problems... especially on low-cost network devices like routers, web cams, light bulbs and other cheaply made devices.

Yahoo is a Bunch of Yay-hoos

You might have heard recently that Yahoo has confirmed that they suffered a security breach and 500,000,000 (that's 1/2 a billion) user accounts were stolen - including names, logins, birthdays and security questions. This affects not only Yahoo, but Flickr and Tumblr as well.

And this actually happened in late 2014! So if you have an account on any of those sites and have not changed your password since then, you've been vulnerable this entire time. That is B.A.D.! So now is the time to change your passwords and security questions on those sites.

What's worse... if you've used those same credentials or security questions on other sites, you're now vulnerable there as well, as hackers always try to re-play stolen credentials on other, more valuable sites (e.g. your bank). So you'll need to change your credentials on those sites as well. (Remember... never ever re-use passwords.)

This is a perfect time to re-read my last post... Manage Those Passwords.

Pages

Subscribe to Front page feed