Beware: JavaScript from Unfamiliar Sites May Be an Attack in Disguise

Everyone enjoys having a more interactive internet experience, and one of the ways websites achieve this is through the use of JavaScript. Unfortunately, hackers and scammers can also utilize the same script to make malicious attacks on your system. JavaScript makes the web experience very dynamic, enhancing the interactivity of many websites – you’ll see it everywhere, from Facebook to the most obscure sites on the web. Another reason it’s popular is that it’s compatible with all browsers, from Internet Explorer to Mozilla and even Mac’s Safari. Unfortunately, this popularity and wide range of use also makes JavaScript a tool that hackers and other unscrupulous programmers can use to infiltrate and hack into a system. The attacks can be simple or complicated, ranging from simple spam to more elaborate scams. The degree simply depends on the purpose of the script’s designer. What’s more, a quick visit to an infected website can trigger an attack, if your browser is enabled to allow JavaScript to execute from that site. The good news is that you can protect yourself from these kinds of attacks. Simply block JavaScript from executing from sites you aren’t familiar with – better safe than sorry. For Internet Explorer , go to Tools > Internet Options > Security, and set your bar to High. You can also input a list of trusted sites. For Firefox users, a free application called NoScript gives you control over which websites can execute JavaScript on your browser. Google Chrome users can select a universal disabling of JavaScript from all sites, and then add a list of sites exempted from the ban. Other browsers also have options to either disable JavaScript execution or prompt you for permission before the script is run from any website. You should also be particularly wary of JavaScript attacks originating from malicious PDF files. Antivirus and security firm Symantec reports that almost half of all web-based attacks come from infected PDF files. You can disable JavaScript in Adobe Acrobat Reader by selecting Edit > Preferences > JavaScript, and then removing the check on “Enable Acrobat JavaScript”. It might seem inconvenient to guard yourself from these sorts of attacks, but in the long run it pays to keep your system secure. If you want to know more about keeping your system clean and safe from attacks, give us a call and we’ll be happy to help you develop a customized plan that meets your particular needs.

Why Entrepreneurs Should Consider Managed Services

Most entrepreneurs are not IT professionals or IT experts. Outsourcing IT services to experts is a definite advantage for business owners. The term Managed Services is defined as “the practice of transferring day-to-day related management responsibility as a strategic method for improved effective and efficient operations”. ( http://en.wikipedia.org/wiki/Managed_services ) While large corporations regularly choose this technology solution, many owners of small and medium-sized businesses are still hesitant to go this route. Here are some reasons Managed Services can benefit all sizes and types of business: 1. IT is an integral part of most businesses. Especially in recent years, the business world has become increasingly dependent on IT. Almost all businesses rely on some sort of technology. With this increased use of IT comes an increase in problems and outages – and even loss of data – all of which result in loss of productivity. 2. Faulty or under-supported IT causes costly downtime. Small, in-house IT departments of one or two people are usually not able or equipped to handle occasional IT breakdowns, and employees must call on somebody else for help, sometimes resulting in hours or even days of lost productivity. This downtime greatly affects the bottom line of your business. 3. Technology is constantly improving. Improvements in technology are continuing at a rapid pace. Equipment is upgraded and new specialties in IT are emerging. Small to medium-sized businesses are not equipped to keep up with these constant changes. 4. IT Managed Services provide state-of-the-art solutions. Managed Services providers are experts in the field of technology, and bring knowledge and experience in the latest solutions to your business. And taking advantage of scale of economies, the Managed Services model gives you access to affordable state-of-the-art technologies previously only available to large enterprises. 5. Many businesses involve special compliance requirements. Even small to medium-sized businesses can have complicated compliance requirements, but most owners do not fully understand how to comply with these regulations. Many Managed Services providers stay current on these regulations and requirements, and can help you translate them to your technology needs in order to stay compliant and avoid fees – and possibly worse. 6. IT Managed Services cost less in the long run. With today’s economic downturn, IT budgets have been slashed in most companies. But bear in mind that businesses still depend heavily on IT, and work increases as resources diminish. This can bring about low morale for employees and lost productivity – and ultimately customer satisfaction suffers. While IT Managed Services may cost more in the beginning, lost productivity and lost customers cost a lot more. The question is, are you an expert in IT? Most entrepreneurs aren’t. If you want to concentrate on your company’s core competencies without having to worry about your IT infrastructure, outsource your IT services to a reputable Managed Services provider.

Managing Internal Social Networks

Social networking is booming and blooming right now, and many organizations are seeing the benefit of utilizing the principles that revolve around social networks. However, there is also the need for company policies that manage the use of these networks. One of these purposes is the creation of internal social networks which, in a nutshell, improve communication and information sharing within the organization. While some may worry about how employees will behave when such a mechanism is put in place, the results have generally been positive – employees view internal social networks as an extension of the workplace, and as such are usually at their best (albeit informal) behaviour. Still, it is wise to have a policy in place that governs the use of your internal social network. Experts suggest drawing from existing IT / email / external social networking rules that are already in place, and simply extending and adjusting the policy to include points specific to the use of the internal social network. Also, it’s a good idea to consult a lawyer to avoid any legal obstacles or problems in the future. Experts also recommend that department heads be given administrative duties in the social network, since smaller companies can ill afford to hire a person to manage it full time. So in the same way that a marketing manager, for example, handles the marketing department, he/she can also moderate discussions and topics within the social network that pertain to marketing and related issues. Overall, internal social networks provide many benefits to companies that use them, but proper management and handling is needed. Always remember that unlike external social media platforms, internal ones are directly under your control and are a part of your organization – use them well in order to better and more efficiently achieve the goals you’ve set for them.

New Security Threat: Tabnabbing

A new phishing technique has been discovered – tabnabbing “morphs” an unused tab in your browser into a lookalike website where you’re prompted to re-enter login information. Dubbed as “tabnabbing”, the vulnerability was discovered by Aza Raskin, the creative lead for the Mozilla’s Firefox browser and co-founder of Songza, a music search engine and jukebox. Tabnabbing fools users into entering passwords and other sensitive information when an unselected tab in your browser appears to transform itself into a lookalike for a familiar website. You are then prompted you to re-enter a username and password, which in turn passes that information along to the hacker. Incidentally, Raskin’s blog post on the topic ( http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/ ) demonstrates how the website can “change” into a lookalike. Both Mozilla Firefox and Google are vulnerable to this type of attack, which is classified as “phishing” – a scam where users are tricked into entering login information into fraudulent websites masquerading as legitimate ones. Fortunately, there have been no instances – yet – in which tabnabbing has been used in phishing attacks, but Raskin says that he is “aware of other researchers and toolkits extending and expanding tabnabbing”. However, it’s very likely that phishers will be looking for ways to exploit tabnabbing soon, and are currently no fixes or patches released. One way you can protect yourself from tabnabbing is to make sure that your browser has the proper anti-phishing features installed. It’s also important that your website is updated with the latest security features since many phishers like to exploit websites running old version web software, which they use to host phishing sites. If you want to know more about keeping your system secure from the latest malware and security threats, please don’t hesitate to get in touch with us and we’ll be happy to sit down and discuss security options that fit your needs and requirements.

Racket Extorting Money from Website Owners Revealed

A money extortion scheme was revealed recently by security firm Symantec that warns website owners of a DDoS attack unless they pay up. Security firm Symantec recently uncovered a scheme that purportedly attempts to extort money from website owners and operators in order to avoid the possibility of a DDoS attack. The capability of these extortionists to actually carry out the threat is still an open question, and it’s more likely that this may simply be an empty threat to try to get money. The best action against these types of messages is employing screens to block such email from reaching your mailboxes. However, it’s best to seek the services of an expert to determine the extent of risk, and also to employ safeguards and response measures should an attack take place. If you find such messages in your mail, let us know and we can help.

Save on Video Conferencing Costs with These Three Easy-To-Use Online Services

Three online video conferencing services have put themselves at the top of the pack with new features that make them much more business friendly. Many businesses these days are realizing the value of video conferencing and video chat. Not only do these tools eliminate transportation costs, they also drastically reduce unproductive time spent travelling. A simple phone call connects all parties instantly. Video chats in particular are the cheapest of the bunch, with services offering video chats for anywhere from free to a minimal monthly fee. However, until recently, many of these services weren’t up to speed with the requirements and demands of businesses. Lagging transmissions, slow connections, and jumpy video were just some of the issues that plagued online video chatting and conferencing. Recently, however, three online video conferencing services have put themselves at the top of the pack with new features such as group chat and improved performance that make them much more business-friendly. Let’s take a look at them. Skype Undoubtedly the best known of the three, Skype has long been a staple in online video calls and instant messaging, and now the beta version of Skype 5.0 offers video chats with up to 5 people at a time. It is also the most stable, with the least dropped calls, and is free to use. However, it is not without its cons – its interface takes some getting used to, and it is available for PC users only. Tokbox For $9.99 a month, you get crisp, clear video calls with up to 20 people, and basic chat free of charge. Tokbox’s user interface is very easy to use and understand, and allows you to send video e-mails, and share Tweet invites and your screen with other users. Oovoo Basic chats between two people are free, but with the paid version – the business plan is $39.95 a month per user – allows you to chat with up to six people at a time. Like Tokbox, it features screen sharing and Tweet invites, and also lets you record your video conferences. Like Skype, the interface can be a bit confusing to use at first, but the audio and video are high quality. Considering video conferencing for your business? Give us a call – we can help you sort through the options and implement the best solution for your needs.