Hackers found a way in to AT&T’s iPad 3G registry and, using a brute-force attack based on unique ICC-ID numbers, managed to pull down corresponding email addresses for those users — who include members of the US military, executive branch, and media companies.

AT&T has since closed the vulnerability and issued the following statement:

“AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device.

This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.

The person or group who discovered this gap did not contact AT&T.

We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained.

We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.”

So once again it’s the convenience of the cloud vs. the security of customer information. Increasingly we’re trusting online accounts and services with our personal and financial information, and high-profile incidents like this, if nothing else, force everyone to re-examine what we trust and with whom.

How serious is this loss of data to you? Does it make you hesitant to signup online or on-device?

see original post here: http://www.tipb.com/2010/06/10/att-hacked-ipad-3g-owners-email-addresses-harvested/

As you may or may not know, Kotori Technologies, LLC uses Sunbelt Vipre for most of our clients' Anti-Virus needs. Here is an interesting article from Sunbelt in reference to the Antivirus Product Wars:

All antivirus companies are being hit with the next wave of malware: Rogue antivirus tools like Antivirus 2010. This code throws messages on the user's screen that they are infected, and "download here to get rid of the malware". Sure enough, that gets the trojan installed.
Our CEO Alex wrote about this: "For what it's worth, as someone who is on the inside of an AV company and is intimately familiar with these threats, the reality is that no AV vendor, ESET, McAfee, Sunbelt, Sophos, Symantec, etc. can give you 100% coverage against it.
These new fake antivirus variants are some of the most vicious, polymorphic trojans this industry has seen. They use extremely complex obfuscation techniques which make detection quite challenging by even the best antivirus engine. Many of these rogues are also service-side polymorphic. That means every time an exe is downloaded, it's recompiled on the server-side into a different piece of code.
And, there are about 75,000 new tier-1 pieces of malware coming out every day. So your AV vendor, realistically, is only going to be one layer of protection, no matter what the sales guy might say. (That being said, AV is a must. Just look at viruses like Conficker, Sality, Virut, etc. These are viruses that the industry does a pretty good job at, and if they get into your network and you don't have endpoint protection, it's quite messy.)

Key things to do are:
     a.  No Admin Privs. Try to run as many users on Limited User accounts as you can (always difficult, I know). It won't stop all infections, but it does make a difference -- probably 80% reduced infection vector. 
     b.  Patch aggressively. The key exploit vectors right now are PDF and Flash, then Windows/IE. When I browse the web, I obsessively check Adobe and Flash to make sure I'm fully patched, and I constantly check Windows update. If you're tight on funds and can't afford a professional patch management solution like Shavlik or Lumension, Secunia has an excellent free / inexpensive solution. Or do it yourself, which depending on your network size, can be challenging. However, it really is an absolute must.
     c.  Educate your users. The vast majority of infections these days are caused by social engineering. A user will get a funny video link on Facebook or some other social networking site, click on it, and it will say that they need to "install a special codec", or "update Flash". Or they will be doing a Google search and a malware site will have attached itself to an innocent keyword. The user will click and start getting crazy warnings that their machine is infected. This is the malware trying to get the user to install.
     d.  Do malicious web filtering. There are tens of thousands of pieces of malware daily, but only a few thousand new malware sites a day. Many endpoint protection tools, including ours, offer malicious web filtering. Or use a web gateway proxy. If you're tight on funds, setup a simple Linux gateway and download URL block lists places like malwaredomainlist.com. It's not perfect but it's not bad either.
     e.  Submit malware files to AV vendors. Most, if not all, AV vendors take customer submissions very seriously, and the internal escalations are always senior to anything else.

See original articel by Sunbelt at: http://www.wservernews.com/archives/wservernews-20100322.html

Well as you all know, when calling on a customer you have never meet before, selling Managed Services, you must have the skin of an armadillo, and the courage to continue, rejection after rejection.  It can only make you stronger, or crazier, whichever comes first.  After being in Sales all my adult life, and having a rather easy time being successful, getting into a field that is ever so changing (it seems daily), can be mind boggling at times.  Things I thought I knew about networks and computing in general are very benign.  The past few months in this industry, I have become a sponge learning all that I can.  What I’ve really learned is how much money most companies are wasting by having an “IN-House” IT department, or the ones that have none at all.

 Managed services, if you can get your foot in the door, not only helps you and your company to make a living, but really helps a business owner save a tremendous amount of money. Let me try to explain in my best “Street Smart Business Ideas”. First take a company of 10 to 50 users (PC workstations), they have Chad, the computer guru, that’s been hacking and playing on computers since he was 13.  He’s now 30 and making $5000.00 per month as the “head of the IT department”. He‘s usually busy all day long because most of the computers have a problem at least once a day. This is unfortunately because he “thinks he knows more than he does”, no offences to Chad, but you know the tech I’m talking about.  Now as a business owner, if he had just a few minutes to asses what’s going on with his company, trying to cut all the costs he can in these trying times, he has no idea of outsourcing his IT department, to Kotori Technologies’ My IT Department.  Let’s say for $4000.00 per month, you can have an IT department outsourced and Managed Service without anyone else in the company who is getting paid to do nothing more than “mess with the computers all day”.  Be able to rest easy knowing all your data is safe from disasters, monitored 24/7 and “Down time Free”. That would be worth way more than just the savings of $12,000.00 a year that was going to Chad, after add in the money from the down time from the other employees when they weren’t able to do the job they are paid to do.

 Now let’s take the example of the smaller company that has less than 10 workstations, but a very busy office. The office manager Sally is paid to be an office manager; not an IT Tech. She has absolutely no knowledge of networks, but is learning fast on her own. Everyday it’s something new, if it’s a printer not working, a slow internet day, or just PC’s freezing.  She is now spending most of her day “messing with the computers” and not getting her job done. Not only is it costing you money, but your customers are suffering from lack of customer service that Sally does want to do, but can’t. Here’s where Kotori Technologies’ My IT Department comes in.  Maybe we can help this company for $1000.00 per month. How much would the owner save throughout the year? How much would it cost him if all the data was destroyed through a disaster? How much is he spending with Sally wearing 12 hats in the office? But let’s remember it’s not all about cost saving, although that is important to the owner and business, it’s also about efficiency.

You hear it all the time… Web 2.0, Facebook, Twitter and many other sites and internet services that kids are a part of today.  In my day, the biggest thing parents had to worry about was if I could find my dad’s stash of nudie magazines.  Now porn is just a very small part of what the internet has to offer the young minds of America.  There are millions of sites out there that are not meant for the youth of any country.  The internet makes it easy for anyone to get anything.  Search engines have made it easy to find out anything any kid wants to know about whatever.

So how do you as the parent, protect yourself and your kids from material that you don’t want them to see?  Well you have to put in safe guards.  The measure at which you need to put up safeguards will depend on how old and how tech savvy your kids are. There are countless software programs out there, and no matter how well your raise your kids, curiosity killed the cat.  Your kids will start to wonder some at some point.  So you have to do your homework.  If you are reading my blog post, then you are halfway there.

Here are my 5 Steps to protecting your home pc for the general home user.  If your child is a “wanna be” hacker, then you need more help than I can provide in this post.  Call us and we will get you all set up.
     1) Upgrade to Windows 7 – If you have not done this, then do so.  The new parent safety features of Windows 7 takes care of all the work for you. If you’re a MAC user than this will not work.  Go to: http://www.microsoft.com/windows/windows-vista/features/parental-controls.aspx
     2) Use Google Safe Search – Safe search is a feature in Google to not allow certain content to be searched.  Go to: http://www.google.com/support/websearch/bin/answer.py?hl=en&answer=134479
      3) Use Open DNS – Open DNS allows you to filter all of your internet traffic by content and block access to those pages.  They offer a free version and a pay for version that is only $10 per year. Go to: http://www.opendns.com
      4) Use Safe Eyes – Safe Eyes allows you to block sites and set time limits for any user.  It has more bells and whistles than Windows 7.  So if your budget is not a huge issue, it is $50 per year.  It works for both MAC and PC.  Go to:  http://www.internetsafety.com
      5) Install Anti-Virus – How does this help keep the kids off the PC?  Well it doesn’t.  But what it does do is provide you a good level of protection for your computer and peace of mind.  We suggest Viper by Sunbelt Software.  Go to: http://www.sunbeltsoftware.com/Home-Home-Office/VIPRE/

Just as with anything out there this is not 100% bulletproof but it gets you going in the right direction.  If you have any questions on these or any software products, please feel free to give us a call.

Is your business one that is highly dependent on a completely effective computer that is thoroughly operational? If so then you do not want to see your computer breakdown in any way, shape, or form. Sadly, computers are prone to problems and errors. In some cases, the problems are minor. Then there are other instances when the problems with the computer are so severe the problems lead to crashes and other serious faults.
When such an incident occurs, it may not even be possible to restore the computer to its original effective operational capability. That is why computer network auditing is so extremely helpful. It can find problems and flaws well in advance of a crash or serious security breach.

In some ways, you could consider having a network audit as a form of insurance. By enacting an audit long in advance of the problem, the situation that escalates into the unforeseen problem is completely eliminated. Needless to say, that can save your business a lot of time, effort, and expense.
So, what will be performed during the performance of a network audit? There are many part to the audit and they can include the following:
A clear diagnosis of the operating system and the registry can be effectively run. This way, the severity of current problems can be determined while problems that exist below the surface can be detected. When an operating system is faltering, the computer's lifespan is on borrowed time. Because of this, it is necessary to detect and fix these problems across a network early in the beginning of the issue.

How is the operation of the software and hardware of these computers performing? For those that notice problems with operation, the need then becomes knowing exactly what the problem is so as to effectively fix the problem with little or no effort. Well, you will need some effort - specifically, you will need to call in a professional that can perform the diagnostic audit required to address the problem.

Are you employing backups in the network to capture data prior to a crash? If so, you will need these backups to be as functionally reliable as possible. A network audit can inform whether or not this is the case. Consider that another vital component of performing an audit.
The way in which the computer and the network are incorporated with the servers needs to be strong as well. A network audio can ensure this is the case, and remains the case.

Among the most vital of areas in which a network audit can be employed is in the security of the computer. When you have security problems you are open to all sorts of security troubles and violations and breaches. Such a scenario cannot be maintained while allowing the company to remain healthy. A network audit can be used to pick up on the security flaws. From this, effective repairs can be employed.

There is a lot of value to network auditing and those that want their computer system to remain healthy and effective should definitely look into it.
Kotori Technologies is offering free network audits to all current and potential clients. Please call our office today to schedule your appointment.