Security firm announces it has persuaded fraudster to give up database of email addresses along with passwords users use to log in to websites

The internet on Wednesday gave you another reminder that everyone has been hacked.

Hold Security, a Wisconsin-based security firm famous for obtaining hoards of stolen data from the hacking underworld, announced that it had persuaded a fraudster to give them a database of 272m unique email addresses along with the passwords consumers use to log in to websites. The escapade was detailed in a Reuters article.

It might sound bad, but it is also easily mitigated.

The passwords and email addresses, which include some from Gmail, Yahoo and Russia’s mail.ru service, aren’t necessarily the keys to millions of email accounts. Rather, they had been taken from various smaller, less secure websites where people use their email addresses along with a password to log in.

People who use a different password for both their email account and, say, Target.com, won’t be affected. But those who tend to use the same password for multiple sites as well as their email should change their email password.

“Some people use one key for everything in their house,” Hold Security founder Alex Holden says. “Some people have a huge set of keys that they use for each door individually.”

Holden said there is no way for consumers to check if their emails were included in his firm’s latest find. In 2014, when his firm tried to set up such a service after obtaining a billion hacked login credentials, his site crashed.

The hacker appears to have been largely targeting Russian users. Some 57m of the email addresses were for the country’s largest email provider mail.ru, which claims 100 million monthly users. Around 40m of the addresses were Yahoo Mail, 33m Hotmail and 24m for Google’s Gmail service.

In this case, the hacker had been bragging on internet chat forums that he had a treasure trove of login credentials that he was trying to sell. Holden, who is fluent in Russian, said he wouldn’t pay for the data but would give him “likes” on various social media posts in exchange.

The hacker, who apparently is quite young, agreed. “We kind of call him the collector,” Holden says in a heavy Russian accent. “Eventually, almost everyone gets breached.”

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

RaaS has outgrown smaller targets and now threatens governments, NGOs, and SMBs.

It starts with a fast click on a link in a harmless-looking email. Then your PC slows to a crawl. A message suddenly pops up and takes over your screen. “Your files and hard drive have been locked by strong encryption. Pay us a fee in 12 hours, or we will delete everything.” Then a bright red clock begins counting down. No antivirus will save your machine. Pay the fee or lose everything.

You’re the latest victim of a ransomware attack. The scary thing is, you’re not alone. The ransomware market ballooned quickly, from a $400,000 US annual haul in 2012, to nearly $18 million in 2015. The average ransom—the sweet spot of affordability for individuals and SMBs—is about $300 dollars, often paid in cash vouchers or Bitcoin.

The ransomware market scaled up so quickly, claims a recent report by Imperva, due to the rise of ransomware-as-a-service, or RaaS. Here’s how it works:

• Ransomware authors are marketing on-demand versions of code, using traditional malware distributors in a classic affiliate model.
• The ransomware author collects the ransom and shares it with the distributor.
• Malware is distributed through spam email messages, malicious advertisements, and BlackHat SEO sites.
• According to the Imperva report, “in classical affiliate marketing, the larger cut goes to the possessor of the product. In RaaS … the ransomware author gets a small cut of the funds (5%-25%) while the rest goes to the distributor (affiliate).”
• Using the deep web, TOR, and Bitcoin, the report says, “this model, based on TOR and Bitcoins, is designed to keep the identity of the author and the distributor hidden from law enforcement agencies.”

Phishing in particular, is a highly effective tactic for malware distribution.

The well-worded email appears to come from a legitimate email address and domain name, and raises very few irregularities. The email comes with a demand for money for an arbitrary service, along with a link that purports to be an “overdue invoice.”

Click that link and open the file (which looks like a Word document), and you’ll become the latest victim of ransomware — that is, malware that encrypts your files and locks you out of your computer until you pay a ransom.

Phishing attacks have also helped ransomware move into the enterprise. In 2015 the medical records system at Hollywood Presbyterian Medical Center was attacked. The hospital paid $17,000 in Bitcoin to unlock the sensitive records. In early 2016 the Lincolnshire County Council was snagged by a phishing scheme and held up for 500 dollars.

To prevent your business from attack, make sure the IT department and communication team are in sync, keep your company’s security systems updated, and remind employees to use caution when clicking on email links from unknown addresses.

If you’ve been hacked, the ransomware rescue kit provides a suite of tools designed to help clean particularly pugnacious malware.

Businesses that suffer ransomware attacks face a tough choice. Paying the fee could restore access to mission-critical data, but there’s no guarantee the extortionists will honor the deal. And of course, paying a ransom provides incentive to hackers and validates the attack.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

There’s plenty of free, effective anti-malware protection available. Just don’t let it push your browser around.

Although malware was once predicted to become extinct, it remains a constant threat. Thankfully, countless tools are available to help protect your PC against such security threats—including the popular (and free) anti-malware products on this list.

: AVG AntiVirus Free

AVG AntiVirus Free (Figure A) provides protection for your computer, your browser, and your mail client. Like many other free products, AVG AntiVirus Free tries to sell you a paid license, which includes an enhanced firewall, anti-spam protection, and a few other features.

Figure A

Although AVG AntiVirus Free seems to do a good job protecting systems against viruses, you have to be careful about the options you choose when installing and configuring this product. Otherwise, AVG will attempt to “hijack” your browser by installing AVG Web TuneUp, changing your search page, changing your new tab pages, and changing your home page.

2: Malwarebytes Anti-Malware Free

Malwarebytes Anti-Malware Free (Figure B) offers basic protection against malware. There are two main things I like about this app. First, unlike some of the other free anti-malware products, it doesn’t try to change your browser settings or install unwanted toolbars. Second, it has a clean and intuitive interface that doesn’t leave you guessing about what to do.

Figure B

The disadvantage to using Malwarebytes Anti-Malware Free is that unlike the premium version, it does not support real-time protection. You can scan your PC for malware at any time, but you won’t be alerted to infections in real time unless you upgrade to the paid version.

3: Avast Free Antivirus 2016

Avast Free Antivirus 2016 (Figure C) is probably the most comprehensive antivirus tool on this list. It offers 12 components, including Rescue Disk, Browser Cleaner, Web Shield, and File Shield. The installer lets you choose which components to install.

Figure C

During the hour or so that I used Avast Free Antivirus, it did not attempt to take over my browser or engage in any other obnoxious behavior. The software does, however, prominently display a warning message during the installation process telling you in no uncertain terms that Avast Free Antivirus 2016 collects personal information. At least it gives you a way to opt out of this data collection.

4: Panda Free Antivirus

Panda Free Antivirus (Figure D) is another free anti-malware solution that requires a bit of caution during the installation process—otherwise, Panda will install a browser toolbar and change your home page and your default search provider.

Figure D

The free version of Panda Antivirus offers real-time protection against malware, but it does try to get you to upgrade to the paid version. That version, which Panda refers to as the Pro Edition, adds a firewall, Wi-Fi protection, and VIP support.

5: YAC

YAC (Figure E) stands for Yet Another Cleaner and—you guessed it—it’s yet another free tool for blocking threats and removing malware from an infected system. It offers a simple, easy-to-follow interface, and it doesn’t try to hijack your browser (which is a personal pet peeve, in case you hadn’t noticed). In fact, the software gives you a way to lock your browser settings so that your preferred home page, default browser, and default search engine can’t be changed without your consent.

Figure E

In addition to its basic anti-malware capabilities, YAC includes some nice extras, such as a tool for speeding up your computer, an uninstaller, and an ad blocker. The primary disadvantage to using YAC is that you have to upgrade to the paid version if you want to receive real-time protection. Otherwise, you’ll have to initiate anti-malware scans manually.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

In a new report from SolarWinds, 92% of companies say adopting cloud is critical to long-term success. But, most don’t think they’ll ever be fully cloud.

On March 29, IT management software provider SolarWinds released its annual report titled IT Trends Report 2016: The Hybrid IT Evolution, detailing some interesting trends around cloud adoption in the enterprise and the rise of hybrid IT.

First off, according to the results of the report, cloud adoption is a foregone conclusion for most businesses. The report found that 92% of the IT professionals who were surveyed said adopting cloud was important to long-term success in their business. Nearly 30% labeled it extremely important.

However, despite this widespread adoption, most organizations aren’t fully embracing the cloud within the whole of their organization. Joel Dolisy, CIO of SolarWinds, said that is because the cloud isn’t the best option for all workloads.

“The findings of this year’s study paint a clear picture: Cloud adoption is nearly ubiquitous, but it’s not now and will not in the foreseeable future be suitable for all workloads, and even if it were, very few if any companies would convert all of their existing applications to run in the cloud,” Dolisy said in a press release.

The data to support Dolisy’s statement came from the report as well. Only 43% of respondents said that half or more of their IT infrastructure will make it to the cloud over the next 3-5 years. And, 60% said it is unlikely that their entire infrastructure will ever be fully cloud-based. Additionally, 9% said they hadn’t migrated any piece of their infrastructure to the cloud.

Dolisy called the resulting dynamic hybrid IT, where an organization blends critical on-premises tools with cloud-based technologies. This affects IT as well, he said, because it shifts the dynamic of the corporate IT professional to one who can guarantee always-on performance regardless of where he or she is based. Additionally, these professionals need new skills and tools to effectively deploy and manage these environments.

Basically, the rise of this hybrid IT means that IT professionals are faced with two key tasks: Leveraging the cloud to increase efficiency and performance, while maintaining security of critical systems.

So, what are the benefits of this hybrid IT infrastructure? The SolarWinds report listed three in ranked order:

1. Infrastructure cost-reduction
2. Increased infrastructure flexibility/agility
3. Relieving internal IT personnel of day-to-day management of some infrastructure

However, there are some challenges to managing this type of infrastructure as well. Of the respondents, 62% listed security as the top challenge within these type of environments.

Then, of course, there are also inherent challenges to encouraging cloud adoption as well. SolarWinds pegged the top three barriers to overall cloud adoption (which, in turn, affects hybrid IT) as follows:

1. Security/compliance concerns
2. Legacy system support
3. Budget limitations

Nearly 70% have migrated their applications to the cloud, almost 50% have migrated their storage, and 33% have moved their databases.

So, how does this affect your organization? Well, new trends in infrastructure often require new skills to support them.

According to the survey, only 27% are convinced that their IT department has the skills needed to fully support a hybrid IT environment. To succeed in hybrid IT, respondents said they needed better monitoring tools, application migration support, distributed architectures, service-oriented architectures, and automation or vendor management tools.

Hybrid IT also require support from leadership as well. Of those surveyed, 56% felt that they had the support needed to do hybrid IT right.

“In short, IT is everywhere,” Dolisy said. “Effectively managing and monitoring the new environment—from on-premises to the cloud with multiplying endpoints—to be able to act when needed is more critical now than ever.”

The 3 big takeaways for readers

1. Hybrid IT, a mix of cloud and on-premises solutions, is growing as the prevailing trend in IT architecture. Almost all respondents said cloud was critical to future growth, but many felt that their organization would never be fully cloud.

2. Hybrid IT can offer cost reduction, increased agility, and management relief. But, it also brings security challenges, issues with legacy systems, and budget challenges.

3. If your organization is engaging hybrid IT, your IT professionals need the proper tools and skills to stay on top of it. Look into monitoring, different architectures, and automation to help support your staff.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

The hackers used “ransomware” to lock the hospital out of its own medical records.

Not all kidnappers grab your loved ones.

A growing online threat – ransomware – essentially abducts your computer system, putting data and services off-limits to users and demanding a payment to restore access.

“We are seeing more cases of this – sometimes almost on a daily basis,” said New Jersey State Police Capt. Steve Jones. “And we’re not seeing all of it, because people may be too embarrassed or don’t believe it can be helped.”

Ransomware viruses are a plague. Once infected — installed to your computer by a website you’ve visited, a rogue email attachment or link, or instant message — your computer will lock up. With names like CryptoWall, these types of viruses may create a popup window or Web page warning you that you’ve broken some law and have to pay a fine, anywhere from hundreds to thousands of dollars, according to the FBI.

These scams threaten to encrypt your files forever or destroy them unless a ransom is paid, according to the FBI.

Once paid, your computer is unlocked or a code is sent to unlock the machine, authorities said.

Between April 2014 and June 2015, the FBI received 992 CryptoWall-related complaints with victims reporting a loss of more than $18 million.

The state’s top cybersecurity unit recently launched an online effort to help people guard against ransomware.

“For many organizations, preventing ransomware entirely is nearly impossible,” says the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), which introduced a Ransomware Threat Profile page at its website in February.

But it notes individuals and companies can take measures to prevent infections and to limit their impact.

Although ransomware can lock up laptops and desktop computers, the risk is particularly great for data-dependent organizations like hospitals and accounting firms, said Jones, the State Police spokesman.

So far, at least three hospitals have been hit nationwide – in California, Kentucky and the Washington, D.C., area. South Jersey hospitals are well aware of the menace.

“It’s a big concern. It’s something that has really spiked,” said Tom Handlon, chief information security officer for Kennedy Health, which operates three acute-care hospitals in South Jersey.

Handlon gave no details, but said Kennedy seeks to protect itself through protective measures inside its computer system and by promoting safe conduct by employees.
“We’re monitoring it constantly and updating as we go along,” he said. “We are really educating the staff and our entire organization that we are a target.”

A similar view came from Tom Rubino, spokesman for Cooper University Healthcare System in Camden.

“We have tracked the recent wave of ransomware attacks that have targeted hospitals across the nation,” Rubino said. He said Cooper’s IT security team “is proactively taking measures to prevent ransomware infection of our computer systems.”

“Additionally, as a critical component for preventing all computer viruses, we are increasing our employee education efforts.”

A key precaution is to back up your computer’s contents on a frequent basis, Jones said. “But you’ve got to keep the backup drives disconnected,” he warned. “Otherwise, the ransomware can migrate to the backups.”

The State Police in March 2015 investigated a hacking incident that disabled much of the computer system for the Swedesboro-Woolwich school system. In that case, a hacker demanded more than $125,000 in the form of a digital currency called bitcoins.

The district, which did not pay the ransom, had to wipe clean its email servers and cafeteria lunch-ordering system to rid itself of ransomware. Only a handful of classroom computers were infected.

Hackers exploited a gap in the district’s computer security system and a vendor’s “weak” passport to take over the computer system, Michael Procopio, Educational Information and Resource Center’s director of technology, said at the time. EIRC experts helped the district restore its system.

The district’s hacker was believed to have struck from abroad – a familiar pattern, according to the State Police.

“Many of these messages and attacks are coming through foreign servers,” Jones said. “The countries that house these servers are not often countries that have a real open relationship with law enforcement.”

Tools have been available to help decrypt older versions of ransomware, said Dave Weinstein, New Jersey’s director of cybersecurity.

“At this point, the strain has morphed to the point where there is no releasing your files,” said Al Della Fave, a spokesman for the Ocean County Prosecutor’s office. “The lock these cybercriminals put on your files is foolproof at this point.”

Unless you’ve backed up your computer prior to the infection, Della Fave said, “The only way you would get your files back is to pay.”

“Ransomware is working” for cyberthieves, said Ben Johnson, chief security strategist at Carbon Black Inc., a  computer security firm in Waltham, Massachusetts. “People are paying.”

In the last few weeks, cybercriminals have come up with some new twists, he said. For instance, one version encrypts files more quickly after someone opens up a malware-filled Microsoft Word document or some other attachment.

Other versions encrypt the computer at its most basic level so it can’t even power on, or use the computer’s own system administration tools to infect itself, he said.

The best course of action is to make sure you don’t get the virus. “You must be super careful what you click on,” Della Fave said.

Here’s what you should do, according to Johnson and the Ocean County prosecutor’s office:

Popular apps on your smartphone can be convenient and fun, but some also carry malicious software known as malware, which gives hackers easy access to your personal information.

A security firm found that between 75 and 80 percent of the top free apps onAndroid phones or iPhones were breached. The number jumps as high as 97 percent among the top paid apps on those devices.

Whether these apps help advertisers target you or help hackers rip you off, you’ll want to do your homework before downloading apps, reports CBS News correspondent Anna Werner.

California’s Susan Harvey said she was a victim after she used a debit card to download a slot machine game app to her cell phone through a Google Play store account.

“It was something you purchased once, for like $15,” Harvey said.

When she went to reload the game, she found hundreds of purchases had been made — by her math, more than $5,000 worth of transactions.

“My heart sank, I just sat there looking at it… I physically, I was sick, because I didn’t know what they were,” Harvey said.

That story’s no surprise to cybersecurity expert Gary Miliefsky, whose company SnoopWall tracks malware. He said certain apps are designed to steal your personal information.

“What are the consequences for me as a consumer?” Werner asked.

“You’re gonna lose your identity. You’re gonna wonder why there was a transaction. You’re gonna wonder how someone got into your bank account and paid a bill that doesn’t exist,” Miliefsky said.

Milifesky said when you download an app, you also give permission for it to access other parts of your phone, like an alarm clock app that can also track phone calls.

“You think an alarm clock needs all those permissions? Access to the Internet over wifi, your call information, calls you’ve made, call history, your device ID? This to me is not a safe alarm clock,” Miliefsky said.

And there’s the weather and flashlight apps that he says exploit legitimate banking apps to capture information, as he showed us in a demonstration of what could happen when someone takes a photo of a check to send to their bank.

“The flashlight app spies on the camera and noticed the check and grabbed a copy of it. Shipped it off to a server somewhere far away,” Miliefsky said.

Last year the group FireEye discovered 11 malware apps being used on iPhones that gathered users’ sensitive information and send it to a remote server, including text messages, Skype calls, contacts and photos Apple fought back by removing the apps and putting stricter security measures in place.

“They get at your GPS, your contacts list…to build a profile on you,” Miliefsky said.

Some apps are simply collecting information for advertising purposes. In 2014, the Federal Trade Commission settled a lawsuit with a company over its popular Brightest Flashlight app, alleging it transmitted consumers’ personal information to third parties without telling them.

But Miliefsky said he’s found another flashlight app that can do much more troubling things.

“This one turns on your microphone in the background, listens in on you, and sends an encrypted tunnel to a server we discovered in Beijing,” Miliefsky described.

“You’re saying that they’re actually listening to people’s conversations and sending that audio back to Beijing?” Werner asked.

“Yeah, we’ve tracked it. I can show you where it does it,” he said.

Miliefsky said it can be traced to a few blocks from Tiananmen Square on Information Drive in Beijing.

He gave a report on that app to the FBI.

“Because to me, it’s spyware at the nth degree,” Miliefsky said.

His recommendation?

“We really have to look at our phone and say, ‘This is really a personal computer that fits in our pocket. Let’s shut down all the apps we don’t use. Let’s delete apps that don’t make sense and reduce the risk of being spied on,'” Miliefsky said.

The creator of the Brightest Flashlight app settled with the FTC, agreeing to change its policy and delete all the information it had gathered.

Harvey sued Google over her alleged hack, but a judge recently dismissed it, saying she and her attorney filed too late. Google said fewer than one percent of Android devices got bad apps in 2014.

Have questions?

Get answers from a Microsoft Cloud Solutions Partner!
Call us at: 856-745-9990

TECHIES is a full Managed IT Services Company headquartered in Marlton, New Jersey for over 20 years with a new location opening soon in Wilson, North Carolina. TECHIES provides Managed IT Services, Cybersecurity Solutions, Website Design Services, Dedicated Server Solutions, IT Consulting, VoIP Phone Solutions, Cloud Solutions, Network Cabling and much more.

1. IBM z13s mainframe

Security standards are constantly changing. Here are some of the latest software and hardware products to help keep your organization secure.

In February 2016, IBM announced the IBM z13s, a mainframe with cryptographic features built directly into the hardware. According to IBM it can decrypt at twice the speed of the generations before it.

2. Cisco Firepower NGFW

Cisco recently announced its Firepower series appliances with its next-generation firewall (NGFW) technology. There are 16 models in the series that include integrated NGIPS and advanced malware protection.

3. Illumio

Illumio is a startup that provides adaptive security for the data center and cloud environments. The company recently achieved unicorn status as its value topped $1 billion, and it is consistently named a top enterprise security provider.

5. Skyport Systems SkySecure

Image: Skyport Systems

SkySecure is an out-of-the-box enterprise security solution to protect application workloads. The systems includes hardware, software, and management tools.

6. Spikes Security Isla

Image: Spikes Security

The Isla is an enterprise appliance that “isolates and eliminates all browser-borne malware.” It was launched in mid-2015, but it was independently certified as invulnerable to web malware exploits in early 2016.

7. Blackphone 2

Image: Zack Whittaker/CNET

The Blackphone by Silent Circle is an Android-powered smartphone with a built-in security center to lock down your data. The most recent iteration, the Blackphone 2, released late last year.

8. Imation IronKey Enterprise H350

Image: Imation

The IronKey Enterprise H350 is a rugged, military-grade encrypted hard drive. It is available in multiple capacities and is FIPS 140-2 Level 3 certified.

9. Bitdefender Total Security 2016

Image: Bitdefender

For home users and small businesses, the Total Security 2016 by Bitdefender is a great option. It stacks up well against key competitors and includes device anti-theft features.

10. Qubes OS 3.1 rc2

Image: Qubes

Qubes OS is a Linux-based, security-oriented OS that is focused on compartmentalization using VMs. It’s been around for a few years, but the latest version released in January 2016.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

The most important Tech Case in a Decade

Customer Letter – Apple

February 16, 2016

A Message to Our Customers

The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.

This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.

Answers to your questions about privacy and security

The Need for Encryption

Smartphones, led by iPhone, have become an essential part of our lives. People use them to store an incredible amount of personal information, from our private conversations to our photos, our music, our notes, our calendars and contacts, our financial information and health data, even where we have been and where we are going.

All that information needs to be protected from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission. Customers expect Apple and other technology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data.

Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.

For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.

The San Bernardino Case

We were shocked and outraged by the deadly act of terrorism in San Bernardino last December. We mourn the loss of life and want justice for all those whose lives were affected. The FBI asked us for help in the days following the attack, and we have worked hard to support the government’s efforts to solve this horrible crime. We have no sympathy for terrorists.

When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.

We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

The Threat to Data Security

Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.

In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.

The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.

We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.

A Dangerous Precedent

Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.

The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.

The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.

We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.

While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.

TECHIES is a full Managed IT Services Company headquartered in Marlton, New Jersey for over 20 years with a new location opening soon in Wilson, North Carolina. TECHIES provides Managed IT Services, Cybersecurity Solutions, Website Design Services, Dedicated Server Solutions, IT Consulting, VoIP Phone Solutions, Cloud Solutions, Network Cabling and much more.

A strange bug is affecting many Safari users today, causing crashes on iPhone, iPad and Mac. For many users, simply tapping in the URL bar will cause the browser app to crash completely.  The exact issue causing the crashing has not been locked down, but it appears to be related to Apple’s Safari Suggestions service. It’s a very annoying bug that is affecting a lot of people all of sudden today.

When you type a URL, Apple sends what you type to its servers, returning a response with autocomplete search queries, Top Sites and other info. There appears to be a bug in this server request that is causing Safari to randomly crash. Users are discovering some potential workarounds until Apple fixes the problem properly …

Disabling Safari Suggestions seems to be helping resolve the bug for many people on iOS. On your iPhone or iPad, go into Settings, tap Safari, and toggle off the ‘Safari Suggestions’ switch. This will fix the crashing, obviously its only a temporary fix until Apple sorts its servers out as it will disable the Safari Suggestions functionality.

Another option is to enter Private Browsing mode. In private browsing, by design Safari does not contact the suggestions server for intelligent completion options, so the server is never contacted and the crash never arises.

The bug is affecting users in many countries, but not all. It also depends on the state of your Safari, whether it has certain data cached already. The crash has been seen on iOS 8, iOS 9 and OS X 10.11. The bug could be even more widespread beyond these platforms however. It is pretty crazy flaw that is affecting so many people this morning, with many reports across European iOS customers.

We have contacted Apple about the issue for clarification, but it’s such a serious functional flaw that we expect a fix very shortly. Please note: this is an unrelated incident to the prank site CrashSafari.com.

Update: The Safari crash bug has now been fixed, according to Apple.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Manual Setup

Step 3

Then proceed to “VPN“. You may need to scroll down to find it.

 

Step 4

Tap on “Add VPN Configuration…“.

 

Step 5

Tap on “Type“.

 

Step 6

Select “PPTP” by tapping on it.

 

Step 7

“Description” is the name of the connection, can be any as you like, we recommend StrongVPN.
Fill the “Server“, “Account” and “Password” fields.
“Server” is your server address. It is not remote.sjtechies.com, that is just an example.
“Account” and “Password”. Account is neither Test\jsmith nor your email.
“Encryption Level” option must be set to “Auto“. “Send All Traffic” should be “ON“.
When the fields are filled up correctly, tap “Done“.

 

Step 8

It will give you the warning about using the PPTP connection, which has some downsides.
Tap Save button. (Hint: If you want stronger encryption just use L2TP.)

 

Step 9

Now connect by tapping the switch button to the right of VPN Status.
(If you have more than one VPN configuration listed, the one with a check next to it will be connected. You can tap on a vpn configuration name to select it, or tap on the ‘i’ to the right of the name if you need to update the settings.)

 

Step 10

It will show you “Connecting…” status, wait while it connects.
When the VPN connection is established the status will be “Connected“. Also notice the “VPN” badge on the top bar.

 

Step 11

To check if your IP address is changed successfully open the Safari browser and proceed to http://strongvpn.com/.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design Services, Server Support, Network Consulting, Internet Phones, Cloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.