Social Suicide

The ability to chat with the world does not mean things can get better, it’s quite the opposite , you see when people from rivaling countries say like Russia and the USA or Others have problems so do its citizens on all levels. Would it be wrong to think a Russian now living in America might feel awkward to say the least. Or say an American in Russia. The tension between this on social media is a melting pot for creating cells that turn into larger ones built on purpose and mission only based on differences that cultural cannot be resolved. Words become deeds that became action before the knowledge was known to elite or general masses. Social media is a double edge sword that has no meaningful purpose beside being economy and eco chambers for others to observe, it would be wiser to shut it down than monitor it and less costly, it has become a security risk that has no place today’s society not based on its inceptional but the course of human history. ~1337

MIA

Yeah, I know I’ve been sort of MIA the last 6 months or so. Relo plus security setups you know the routine. I had hoped to expand the Org http://www.avatarpoint.com/444.html later this year but it may not be possible until earlier next year as I need to visit the Dragon again for some intel. I have also Rooted The Good Witch Network (GWN) which shall really get a spell or 2 brewing.. Thats it for now, High Atop the Mountain Avatarpoint end transmission/

Microsoft Fixes some holes.

I was very happy to hear about Microsoft fixing some 4.7 infected machines from cyber criminals, It’s not so much that they were able to recover the systems controls again. Id expect that much they designed the OS. It was the fact that they took the time to fix their mistakes and help out 4.7 million users. Cheers to you Microsoft. :) Giving control of the machines back to its users is what occurred once the infected machines were cleaned. Which leads me to the topic of “Should some users really have 100% control of their machine.” after careful consideration the thought is no. Everyday users have little understanding of the complexity behind the scenes going on to make all the bells and whistles go off. Nor do they have the ability to do more than run a virus program in some cases.  If I were a developer of Operation Systems in todays environment I would clause some control over the system or remove responsibility. It really makes no sense to hold a company responsible for cyber criminals activity that affects users, to understand my statement one needs to understand more about how computers and networks work.

 

Best Regards, C,J.T

The “Cloud”

Yes, the cloud, the word that conjures up dreamy escapes to places unseen.   I was pushed to write this this morning after listening to an explanation today on the news that was off the wall IMHO.   A little about the cloud, the cloud is a server or satellite in some cases.  The cloud doesn’t make your life easier it just makes things more accessible if your not tech savvy or don’t really understand what it all means. My problem with the “CLOUD” is that I saw this trend back in the 90s  when Microsoft started writing half of its applications in the cloud on their servers so office would need internet access to fully be operational in all its glory. The cloud is used to keep your personal data off your devices and in someone else s hands basically, and hope they will give you access to what is already yours if you need it.  let me repeat that, The cloud is used to keep your personal data off your devices and in someone else s hands basically, and hope they will give you access to what is already yours if you need it.

 

Security consultative services 247

CJ Thompson

avatarpoint.com

Computer Technical Meltdowns.

I couldn’t help but think of when you have one of those “days” or “weeks” , we’ve all had them, some more frequently than others. While conversing with family members the other day I was surprise to learn a family member broke their phone and lost there ability to use face time all with the same day. while this is not considered to me a melt down to many other it might be life or death depending on the importance or frequency needed of communication. I would suggest for those computer technical moments have some good backup plans in place.  Skype is a good 2nd choice tool, remember Microsoft owns it.  Another secondary communication tool is goggle, any flavor of their apps will do. I’ve been on Sabbatical most of the year and plan to enlighten the conversation with greater stimulation over the next coming months.

 

C.J.T Principal Consultant

Avatarpoint

 

 

9 frequent methodologies hackers use.

I’ve listed 9 of the most frequent methods hackers use to gain control of computers.

 

1. Denial of service

Another form of attack is called a denial-of-service (DoS) attack. This type of attack causes your computer to crash or to become so busy processing data that you are unable to use it. It is important to note that in addition to being the target of a DoS attack, it is possible for your computer to be used as a participant in a denial-of-service attack on another system.

2. Back door and remote administration programs

On Windows computers, three tools commonly used by intruders to gain remote access to your computer are BackOrifice, Netbus, and SubSeven. These back door or remote administration programs, once installed, allow other people to access and control your computer.

3. Trojan horse programs

Trojan horse programs are a common way for intruders to trick you (sometimes referred to as “social engineering”) into installing “back door” programs. These can allow intruders easy access to your computer without your knowledge, change your system configurations, or infect your computer with a computer virus

4. Unprotected Windows shares

Unprotected Windows networking shares can be exploited by intruders in an automated way to place tools on large numbers of Windows-based computers attached to the Internet. Because site security on the Internet is interdependent, a compromised computer not only creates problems for the computer’s owner, but it is also a threat to other sites on the Internet. The greater immediate risk to the Internet community is the potentially large number of computers attached to the Internet with unprotected Windows networking shares combined with distributed attack tools. Another threat includes malicious and destructive code, such as viruses or worms, which leverage unprotected Windows networking shares to propagate.There is great potential for the emergence of other intruder tools that leverage unprotected Windows networking shares on a widespread basis.

5. Cross-site scripting

A malicious web developer may attach a script to something sent to a web site, such as a URL, an element in a form, or a database inquiry. Later, when the web site responds to you, the malicious script is transferred to your browser.  You can potentially expose your web browser to malicious scripts by following links in web pages, email messages, or newsgroup postings without knowing what they link to using interactive forms on an untrustworthy site viewing online discussion groups, forums, or other dynamically generated pages where users can post text containing HTML tags.

6. Being an intermediary for another attack

Hackers will frequently use compromised computers as launching pads for attacking other systems. An example of this is how distributed denial-of-service (DDoS) tools are used. The intruders install an “agent” (frequently through a Trojan horse program) that runs on the compromised computer awaiting further instructions. Then, when a number of agents are running on different computers, a single “handler” can instruct all of them to launch a denial-of-service attack on another system. Thus, the end target of the attack is not your own computer, but someone else’s — your computer is just a convenient tool in a larger attack.

7. Packet sniffing

A packet sniffer is a program that captures data from information packets as they travel over the network. That data may include user names, passwords, and proprietary information that travels over the network in clear text. With perhaps hundreds or thousands of passwords captured by the packet sniffer, intruders can launch widespread attacks on systems. Installing a packet sniffer does not necessarily require administrator-level access. Relative to DSL and traditional dial-up users, cable modem users have a higher risk of exposure to packet sniffers since entire neighborhoods of cable modem users are effectively part of the same LAN. A packet sniffer installed on any cable modem user’s computer in a neighborhood may be able to capture data transmitted by any other cable modem in the same neighborhood.

8Mobile code (Java/JavaScript/ActiveX)

There have been reports of problems with “mobile code” (e.g. Java, JavaScript, and ActiveX). These are programming languages that let web developers write code that is executed by your web browser. Although the code is generally useful, it can be used by intruders to gather information (such as which web sites you visit) or to run malicious code on your computer. It is possible to disable Java, JavaScript, and ActiveX in your web browser.

9Social Engineering 

Here we see a smorgasbord of different techniques being used.  Many old school ways of gathering Intel such as dumpster diving and phone freaking. What the hacker is looking for here is someone not on their guard or someone who can be manipulated by fear of losing their job to reveal a login or password, this is usually done by calling the target company and impersonating someone in the company.

 

Network Infrastructures

It’s no wonder why managers and company execs are realizing the importance of a well designed Network structure which has enterprise architecture as part if its conception and the security aspects that are involved in the processes. With the ever growing potential of threats from global communications lines we as a society now engage in on a daily basis of truly global communication whether we are aware of it or not. Calling your local credit card company can bounce you right off a satellite in the UK to India and back in a blink.  I would strongly advise a hardening of systems to begin with, and if you are not aware of the term please contact us our engagements are both in the public, and private sectors. We provide a free 1 hour consultation and can be available for further consultation or services. Don’t risk what you’ve build we can provide the solution. for further information email info@avatarpoint.com and leave the best time to contact you and we will do the rest.