Consider cloud computing advantages – Homeland Security warns to disable Java amid flaw

Although not a cloud computing issue, regardless of whether you are considering cloud computing advantages or not, all users must take this threat seriously

Although not a cloud computing issue, regardless of whether you are considering cloud computing advantages or not, all users must take this threat seriously

Whether or not you are considering cloud computing advantages, it is important for all users to take this threat seriously.  It is not a cloud computing issue, rather, it is a local computer security issue.  It was recently announced by Homeland Security that Java (even the most recently updated version) contains a severe vulnerability that can theoretically compromise both your local computers and your network ( ).    Ordinarily, we wouldn’t suggest anything more drastic than making sure all your computers are up to date, and that you make sure that Java, Flash, etc. is all up to the latest version.  However, this latest alert is more severe than most, and it would be advisable to consider disabling or removing Java from your computer and web browsers.  For most people, this will not have any effect on the use of your computer.  Most websites use Java Script, not Java, which, despite the similarity in names, have nothing to do with each other.  Only a very few specific sites and/or applications might require you to actually have Java installed on your machine.  When, and if, you need to use one of these sites, they will alert you that you need to install Java, and, by that time, hopefully the issue will be resolved.

Here is a nice tutorial on how to disable Java on your PC or Mac (preferred option):

You can also remove Java in Windows from the “Remove Programs” option in the Windows Control Panel.

At ScalIT, we are always concerned about our customers’ privacy and
security.  Contact us today regarding cloud computing advantages, and how ScalIT can help your business be more efficient and secure.

Passwords Posted as Yahoo is Hacked

More than 450,000 Yahoo user passwords were posted online after Yahoo was hacked.  The hackers claim that they intend the public posting of user logins and passwords to be “a wakeup call.”

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the hackers said in a comment after the data. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”  The sensitive data was posted as plain text.  Yahoo has announced that it is looking into the matter.

Yahoo is not alone with this problem.  Recently, nearly 8 million passwords were compromised, as LinkedIn, eHarmony, and have all suffered high-profile password hacks.  What does this mean for you?

Although the breach was a direct result of bad security policies on the hacked Yahoo website, there is much we can learn from the hack.  First and foremost, if you have a Yahoo account, you should change your password quickly.  When choosing a password, is important to keep the following in mind:  Choose a password at least 8 characters long, and do not use whole words.  Be certain to mix in upper and lower case letters, as well as numbers and symbols.  Also, use different passwords for different sites.  If any one password gets stolen, it isn’t the key that opens the doors to all the sites you visit.

According to some research done by CNet analyzing the data from the Yahoo breach, many of us are just not careful enough creating passwords.  According to  Roger Cheng and Declan McCullagh of CNet:

• 2,295: The number of times a sequential list of numbers was used, with “123456” by far being the most popular password. There were several other instances where the numbers were reversed, or a few letters were added in a token effort to mix things up.

• 160: The number of times “111111” is used as a password, which is only marginally better than a sequential list of numbers. The similarly creative “000000” is used 71 times.

• 780: The number of times “password” was used as the password. Apparently, absolutely no thought went into security in these instances.

• 233: The number of times “password” was used in conjunction with a few numbers behind it. Apparently, the barest minimum of thoughts went into security here.

• 437: The number of times “welcome” is used. With a password like that, you’re just asking to be hacked.

• 333: The number of times “ninja” is used. Pirates, unfortunately, didn’t make the list.

• 137,559: The number of Yahoo credentials that were leaked.

• 106,873: The number of Gmail credentials that were leaked. Hotmail, which was the next most frequently cited e-mail service, had fewer than half the number of users hit.

• 161: The number of times “freedom” is used, suggesting a lot of patriotic users. “America” was used 68 times.

• 161: The number of times the f-word is used in some combination. There are a lot of angry people out there.

• 133: The number of times “baseball” appears as a password. It’s the most popular sport on the list, proving that it is indeed America’s national pastime. It just may not be the best password.

• 106: The number of times “superman” is used as a password. That’s nearly double the amount of times “batman” is used and triple the frequency of “spiderman.”

• 52: The number of times “starwars” is used. The force is not with this password.

• 32: The number of times “lakers” appears. It tied with “maverick,” although fortunately “the_heat” or “celtics” weren’t on this list.

• 56: The number of times “winner” is used.

• 27: The number of times “ncc1701” is used as a password. For those of you who aren’t trekkies, that’s the designation code for the Starship Enterprise. “startrek” is used 17 times, while “ncc1701a,” the designation for the Enterprise used in later Star Trek movies, is used 15 times.

At ScalIT, we are always concerned about our customers’ privacy and security.  Contact us today to find out how we can help your business be more efficient and secure.

Did Facebook Change your Email Address?

Recently, Facebook modified all user accounts to replace their profile email address with a new “Facebook” email address.  Unless you manually go into your Facebook preferences and change it back to your desired email address, email messages, alerts, and notices sent to you either through or by Facebook will no longer be delivered to you.  You need to either add your new Facebook address to your favorite email program, or you need to change it back to the email address you prefer.

To change the email address, you should click on the “About” link on the main Timeline page, then click on the “Edit” button next to the “Contact Info” box. Although you can change the email addresses that appear on your Timelines, the Facebook email address cannot be deleted, only hidden.

Facebook made this change in order to direct more communications through their servers.  This enables Facebook to better glean what interests you and how to market to you better.  All email that flows through these new accounts is indexed for just that purpose.

At ScalIT, we are always concerned about our customers’ privacy and security.  Your information always remains YOUR information.  Call today.

LinkedIn security breach

LinkedIn had 650,000 email addresses and passwords stolen. If you have a LinkedIn account, ScalIT strongly suggests changing your password as soon as possible to a unique and secure new password (upper and lower case letters, include numbers and symbols, too; make at least 8 characters). Many of these passwords have already been published on hacker sites. If you have used the same password that you used on LinkedIn on other sites, you should probably consider logging into those sites, too, and changing your passwords there.

At ScalIT, we are always concerned about our customers security.