Social media is a great thing. Services such as Facebook, Twitter, and YouTube help connect friends, families, and even strangers around the world. But it’s well known that they pose an important threat to business owners.
Let’s start with the basics. It’s true that access to these services can keep an employee stimulated and give them a break from the stresses of their work. However, it’s not uncommon for people to spend endless hours scouring Facebook. Moderation is key. Put policies in place, monitor time spent on these types of sites, and help keep productivity high.
Now come the scary parts.
On my way to Prague last month, I decided to pick up May’s print volume of PC Today. Coincidentally, the entire volume was focused on security.
The first article that caught my attention was about the Federal Communications Commission’s plans to help the victims of phone theft. The article goes on to say, “… when a given phone is reported stolen, wireless carriers can remotely shut down that phone.” What does this mean for you, the consumer?
First of all, the FCC is attempting to protect victims of data and identity theft. However, more than likely your data will be long retrieved by the time you notice your phone is stolen and call the wireless provider.
Secondly, the article cites the FCC’s statistic that 40% of New York City robberies are that of mobile phones. However, I doubt that the majority of those were for the purpose of data theft but rather for the theft of the hardware itself.
If you’re concerned about the data and identity theft aspect of losing your phone, you can take several steps to mitigate that risk:
- Don’t store sensitive data on your phone. This is pretty common sense. You wouldn’t want your credit card information easily accessible, but who stores that on their phone anyway? What’s more common is saving e-mail passwords and allowing the thief to gain easy access to your personal, or even more sensitive corporate e-mails.
- Another layer of passwords, such as locking access to your phone with a 4 digit number, is another excellent way to deter thieves.
- Use the software that comes with your phone. Instead of relying on the wireless carrier to deactivate the phone, or even to support the feature, use software that is prepackaged. For example, Apple’s iPhone comes with a nifty feature called Find My iPhone that can help you erase all of the data remotely. The article did not specify whether the FCC was going to require this for all wireless carriers.
In the digital age of today, our eyes are glued to our mobile phones. Don’t become a victim of mobile theft and make sure to have that phone glued to your side.
How else do you think the FCC can help?
Continuing our media push, I wrote a guest post for Forbes.
High profile news throws a spotlight on how people feel about the privacy of their personal digital data, but for years, cybercrime has been stealing and selling it with very little coordinated public uproar. This malaise must end. The very real threat comes not from big faceless companies and governments, but those who seek to hide below the radar and the law. A combined awakening needs to take place and governments, businesses and Internet users must pull together to fight this very current threat to personal data, because at the moment cyber crime is winning.
Check out the post and let me know what you think!
So as you can see, I’ve been talking to the media a lot in the last few weeks. I was mentioned in “Soca shuts sites selling stolen credit card info” which was posted on the Computer Business Review website.
Just me preaching about how arresting a few cyber criminals will never stop the problem. New ones will take their place in a market this profitable for them.
I recently wrote an article for London Loves Business called “How can you protect your business from cyber attack?”
I figured it would come naturally to me, but I had to really give the content some thought. In a nutshell, employee education and updated security software are still so critical to keeping your business safe.
A friend of mine asked me to take a look as to why Google and Bing were inaccessible using Firefox. I dove in and realized that they were also unreachable using Internet Explorer, Chrome, and even command line ping. It became apparent that the hosts file had been hijacked. In fact, these entries were the only ones present:
I swiftly removed them from the hosts file and both websites loaded fine. But what had put them there? With a working browser, a quick search revealed that those addresses were not legitimate and something had clearly hijacked the machine.
Knowing my friend to be an avid Malwarebytes Anti-Malware user, I checked the quarantine and found several objects. The main files appeared to be dplayx.dll and dplaysvr.exe and had several registry entries allowing them to start with the computer. I sent the files to Adam Kujawa, a Malware Intelligence Analyst working with me at Malwarebytes. Adam confirmed that this malware was responsible for the hosts file redirection.
However, a further analysis revealed a more cynical side. Adam continued by saying that “all binaries analyzed were heavily packed with custom obfuscation methods and employed anti-debugging tricks which made them a pain to get through” and that “the use of the filenames dplayx.dll and dplaysvr.exe is important because the names belong to legitimate applications and are integral parts of Direct X.”
While not new, the use of these particular filenames shows that malware authors are still trying to hide their executables behind legitimate names.
Today I learned that Jeff Weisbein, a friend of several years, has joined the team at Mashwork. I wanted to personally congratulate him and wish him the best going forward. Jeff has been extremely hard working in growing BestTechie from a small website to a great resource for all types of computer users, and I can’t wait to see what this next chapter brings.
Good luck Jeff!
I apologize for the lapse in posts in the last couple of weeks. Last week I was at RSA and the weekend before that I was jumping into a freezing lake. Seriously.
Marcin Soaking From Polar Plunge
In the weeks leading up to my February 25th Polar Plunge, many Malwarebytes employees eagerly donated to the cause. The pitch? Watch your CEO jump into a freezing lake. Together, we raised over $700 for Special Olympics. I want to personally thank each and every one of them!
Also, isn’t that Malwarebytes shirt awesome?
I was chatting with a few friends who knew what I did and loved using our product. Somehow the topic of selling Malwarebytes Anti-Malware in brick and mortar stores came up. I told them that this was already being done for a year and they were shocked. I guess this isn’t that well known.
Malwarebytes Anti-Malware Retail Box
I actually went out and bought those boxes from Fry’s Electronics the first week they were selling them. OK, to be fair, I sold out one of the stores.
Sveta from MRG brought this video to my attention.
Really shows how sophisticated and dangerous these threats can be.