Computer Business Consultants

A Day in the Life of a Hacker

Computer Business Consultants — Wed, 22 Feb 2012 19:19:19 +0000

They harvest data about you, your family, your friends, and your work directly from the Web apps you use and the sites you visit. Here’s how they do it.

This post originally appeared on PCMagazine.com and was written by Matthew Sarrel. Even though it was written in September, 2008, it is scary how relevant it still is to today

It’s all become so easy. I used to write viruses and attack networks to show off how smart I am, but these days it isn’t even a challenge: There are millions of you out there who don’t run any security at all at home. The hard part is finding you—but then, I don’t really care about you. I care about your identity and your data. You’ve even gone out of your way to make it easier for me with this latest push towards cloud computing, especially social networking, SaaS (software as a service—all those neat Web 2.0 apps), and online storage. Now I don’t even have to find you at home; I can focus my energy on a few popular services and still get what I want. I harvest information (data) about you, your family, your friends, and your work directly from the Internet applications you use and the Web sites you visit. Let me tell you about my day.

10 a.m. It’s time to unleash my new Facebook app, a cute game about putting kittens in the microwave that’s really designed to harvest your personal information. By running my app you agree to share your entire profile with me, and if you’ve posted anything even remotely useful to me (like a credit card number), then I figure you deserve to have me steal it. Here’s an similar bit of trickery I wish I’d thought of: In March 2008, the Aurigma ActiveX image uploader was used to cause buffer overflow attacks that planted malware on users’ PCs.

11 a.m. My newest fake profile on MySpace, for a band of S&M-loving leather-clad Japanese women, is just about ready. Web 2.0 is all about sharing user-generated content—yeah, that content is my malware—and the best part is that you’ll come and get it. Most people don’t realize how easy MySpace makes it to customize profiles; I can upload simple code that your browser will run when you visit my page. I use that code to crash your PC while behind the scenes you download malware from another Web server I’ve compromised. This has already happened so many times that I call the tactic Old Faithful. The first one I ever heard about was the JavaScript virus Samy, which hit MySpace in 2005.

2 p.m. After a hearty lunch and a lovely nap, I get back to my latest attack, planting malicious iFrames on sites that you already trust. An iFrame is an inline frame—an HTML element that makes it possible to embed one Web page inside another. I host my attacks on a server in the Ukraine, break into sitesyou trust, like CNN or Playstation.com, and insert an iFrame that sends you to my attack server while you still think you’re on CNN.com.

4 p.m. Social networking works for hackers, too. Now I’m headed online to sell the credit card and bank info I’ve stolen. There are thousands of servers hosted outside the U.S. with message boards where anyone can buy or sell your identity. It’s gotten so easy that prices have come down. I get just $3 for your Visa info, but that’s okay because I’ve harvested thousands of credit card numbers today.

6 p.m. It’s time to turn my attention to online apps. Do you use Google Docs? Google is so great. It even goes so far as to let me plant a malicious iFrame in a spreadsheet. I can trick you into opening my spreadsheet, or simply break into your account and put an iFrame in your own spreadsheet. Open up the doc and infect yourself with my bot, which quietly captures personal info like your username and password when you log into banking sites.

Don’t hate me, friend. After all, you’re the one who made it so easy for me. Besides, I’m not all bad. I can tell you how to protect yourself. For every one of you who listens there are 1,000 who don’t—I’ll never run out of patsies.

Android for Dummies

Computer Business Consultants — Tue, 21 Feb 2012 21:54:24 +0000

Android Application Development For Dummies by Donn Felker. With the ever expanding use of smart phones for more than just a phone, many of our customers have inquired as to how to develop their own “apps.” There are several different types of tutorial books out there, but this is one that we have found to be very easy to understand and very complete with its content.

HTML, XHTML, & CSS for Dummies

Computer Business Consultants — Tue, 21 Feb 2012 21:49:20 +0000

HTML, XHTML & CSS For Dummies by Ed Tittel and Jeff Noble.
This is one of the “must have” books for anyone working with website regardless of your experience level. It is very easy to understand and amazing thorough in it content. We recommend this book for those looking to have a better understanding of what is entailed in developing or customizing a website.

Small Time Operator

Computer Business Consultants — Tue, 21 Feb 2012 21:36:48 +0000

Small Time Operator 2010 Edition (How to Start Your Own Business, Keep Your Books, Pay Your Taxes And Stay Out of Trouble) by Bernard B. Kamaroff is a book that we recommend to anyone looking to start a business. It is very easy to read and very complete in helping you to not only successfully start a business, but make sure you (as the title says), stay out of trouble. Can’t recommend this book enough.

When saving attachments from Outlook 2010 receive error “Cannot save attachment”

CBC_Inc — Fri, 10 Feb 2012 21:41:09 +0000

Problem:

When saving attachments from Outlook 2010 receive error “Cannot save attachment”.

Cause: Protected View settings in Office prevent saving E-mail Attachments.

Solution:

1. Open an Office product such as Excel.

2. Choose File -> Options -> Trust Center

3. Click “Trust Center Settings” Button

4. Choose Protected View in Left side selection pane.

5. Check appropriate check boxes for Protected View settings.

6. Click OK, Ok

7. Close & Open Outlook.

Maryland Business Works with Lake County Business to Implement Benefits of Cloud Computing

Computer Business Consultants — Wed, 25 Jan 2012 15:46:51 +0000

Clermont, FL – Computer Business Consultants, Inc. recently upgraded Medbridge Medical Solutions network and server architecture to a cloud based solution that provides a higher level of customer service, speed, and data storage while maintaining the security levels and HIPAA compliance required within the Medical Industry.

MedBridge Medical Solutions of Laurel, MD is a market-leader in Outsourced Revenue Management, Medical Technology Support, Physician Practice Consulting, and EMR/EHR Solutions for physician practices, hospitals and medical facilities nationwide. Their incorporation of both operational knowledge and technical expertise into a custom-tailored solution, enables them to deliver solid sustainable performance improvements to every aspect of their client’s operations.

With the MedBridge business model in mind, the new hardware and network solution needed to allow them to provide management, support, and consulting solutions virtually and in real time, while also being completely secure. The need for large amounts of data storage and speed was also just as important as access and security. MedBridge chose Computer Business Consultants, Inc. because of their vast experience in the medical field, Internet security experience and their expertise in cloud based solutions.

“Computer Business Consultants, Inc. designed and implemented a multi-server, cloud accessible, and secure closed architecture solution that addressed MedBridge’s requirements and was able to do so efficiently at a very reasonable price.”, said Vern Thomas, CEO of MedBridge Medical Solutions

According to Clinton Pownall, President of Computer Business Consultants, Inc., “By creating a closed architecture solution that is also in the cloud, Medbridge Medical Solutions can now provide the services and solutions to their clients quickly, effectively and securely without the increased costs to their clients of having an On-Site server. We knew the importance of not only having great amounts of security and data storage capabilities, but also the importance of speed for them to be effective for their customers. They needed to have the capability for immediate access to solutions both from the customers end and from the businesses end.”

Protect Your Privacy and Data the Easy Way

Computer Business Consultants — Wed, 11 Jan 2012 16:35:51 +0000

Even with a rash of high profile computer security breaches, many people are still not implementing even the most basic safeguards to protect their privacy and their data. Defence Intelligence has created the following seven computer security resolutions to help people protect their privacy, their data, and their wallets.

Stay up to date

Keep everything updated. Your operating system, your web browser, anti-virus, Acrobat, Java, everything.
Set programs to automatically update so it’s not as annoying.
Before randomly clicking the “update” button, be sure you recognize the program and it looks legitimate. If in doubt about an update pop up, open the program itself and update from there.

Improve your passwords

Stop using the same password in multiple places. Unless it’s a throwaway account that you care nothing about, have a unique password for everything you do.
Strengthen your passwords by adding numbers, symbols and capital letters. Try using phrases instead of a single word.
Do not store your passwords in your browser.

Check your messages

If you don’t know who the email is from, don’t open it.
Turn off the preview feature in your email program. Some malware can be executed simply by being opened in the preview pane.
Don’t click on links in received emails. These can be faked and may lead you to bad places. Copy the address and then paste it in your browser instead.
Don’t open any attachments that you aren’t expecting. If it’s from a friend, check with them to verify that they sent it.
Don’t forward forwards.

Know your friends

Don’t add “friends” that you don’t know.
Keep your friend list up to date. If you’re not sure who the “friends” on your contact list are, delete them.
Before clicking on any links or files sent to you, verify that your friend intended to send them to you.

Secure your mobile devices

Require a password to unlock your phone or tablet and keep it locked when not in use.
Don’t store anything on your mobile that you aren’t comfortable losing.
Ensure that your device does not connect automatically to open Wi-Fi networks.
Install an application capable of locking down and erasing your device in the event it is lost or stolen.

Watch what you click

Be wary of third party applications available for your phone, facebook, etc. If you don’t need it, don’t install it.
Don’t click on unknown shortened links on Twitter or elsewhere. You have no idea where you might end up. To see where these links lead to, use a service like http://www.longurl.com or http://www.unfurlr.com.

Share with care

Whatever you share online will remain online. Once it’s out there, there is no way to remove it.
Treat email like a postcard – potentially visible to all.
Don’t insert random USB keys into your computer – you don’t know where they’ve been or what they may contain.

Avoid Email Scam Tips from AT&T

Computer Business Consultants — Thu, 22 Dec 2011 15:13:05 +0000

Its the holiday season. Last minute shopping now comes with floods of emails from companies letting us know about those “don’t miss” deals. And with those great deal emails, there is also the increased grinch-worthy emails and text messages that try to take advantage of holiday shoppers.

AT&T came up with a few tips to help shoppers stay safe this season, within the electronic spectrum at least.

How to identify scams

Be wary of any email requesting personal and/or financial information. AT&T does not send email requests to customers asking for personal account or credit card information. Most other reputable organizations do not either.
If you receive an email message that appears to come from AT&T and asks you to provide your email ID, email password, social security number, or other personal information, do not reply to it and do not provide your account information or password. Simply delete the email or forward it to abuse@att.net.
If you receive a text message that asks you to call a number you don’t recognize or go to a web site to enter personal information, do not select the link embedded in the message. Simply delete the text message.
To report spam received on your phone, text us the actual spam message to short code 7726 (SPAM) to start an investigation.
For other organizations, call before responding to any email that asks for personal information. They should be able to verify with you on the phone whether the email is legitimately from their organization.

Tips to protect yourself

Be aware that email headers can be forged easily, so the posing sender may not be the real sender.
In your browser’s address bar, make sure that the website’s address begins with “HTTPS,” and that a lock icon appears. You can click the icon to view security information and certificate details.
Realize that Internet scammers can create realistic forgeries of websites, so avoid clicking on links in an unsolicited email message. Go directly to the company’s website and fill out information there or call the company to verify that they are seeking information from you.

Report fraudulent emails

Contact the company named in the email to confirm whether it sent the request. Most companies do not ask customers to confirm personal information by sending an email.
Forward the suspicious email to the Federal Trade Commission at spam@uce.gov.
You can also report the problem to law enforcement agencies through NCL’s Fraud Center, www.fraud.org.

How do I administer a Core Server 2008 Hyper-V server?

Computer Business Consultants — Sat, 03 Dec 2011 00:32:48 +0000

How do I administer a Core Server 2008 Hyper-V server? When I log into the server there is a blank screen.

Solution:

1. While logged in using Remote Desktop RDP, Press CTRL+ALT+END and log off.

a. If you are using a Remote Desktop w/in a Remote Desktop, use the On-Screen Keyboard while the Core server RDP windows is active and press CTRL+ALT+END.

2. To manage the computer you can use another Server 2008, open Manage, and “Connect to Another Computer”

How do I allow users to enter aliases outside the domain they are a part of?

Computer Business Consultants — Sat, 03 Dec 2011 00:30:03 +0000

Cause: Due to security issues a user can only create an alias for a name within their domain. Thus john@domain1.com could not create an alias for john@domain2.com.

Solution:

To enable this feature you must edit the following file:

/usr/admserv/cgi-bin/.cobalt/siteUserEmail/siteUserEmail.cgi

Look for the line shown here:

if( $aliasDomain && ( $domainName!~/.$aliasDomain$/ &&
$domainName ne
$aliasDomain ) ) { $badAlias=1; }

Comment out the line. The line should now look like this:

# if( $aliasDomain && ( $domainName!~/.$aliasDomain$/ && $domainName ne $aliasDomain ) ) { $badAlias=1; }

This disables all checking on the e-mail alias. Just be sure that people don’t try to intercept mail for other sites on that RaQ.