thatsITsolutions's Blog

New site coming soon!

thatsitsolutions — Thu, 24 Mar 2011 13:10:10 +0000

I’ve decided my site is in desperate need of an upgrade. So over the next few weeks I will try to find the time to redesign it.

It’s been a while since I put thatsIT together, have neglected it & now a major facelift is on the cards – stay tuned!

Computer Systems & Upgrades

thatsitsolutions — Sat, 19 Mar 2011 03:10:30 +0000

If you need an upgrade or new PC call me! Custom computer builds – better quality parts, components individually selected for better performance, cheaper than the “big brand” stores.

Intel & AMD processors, ASUS & Gigabyte main boards – performance systems built for a fraction of the price you’d expect to pay.

ThatsIT

Web development

thatsitsolutions — Sat, 19 Mar 2011 02:58:43 +0000

Created a new website for a client “Simply Splashbacks”, check it out http://www.simplysplashbacks.net.au

Will add some flash effects, maybe a few transitions and I’m done

VoIP virtual PBX

thatsitsolutions — Sat, 19 Mar 2011 02:53:40 +0000

Been busy setting up VoIP & virtual PBX for a couple of clients. Just love what you can do these days with IT

Local computer repair

thatsitsolutions — Sat, 18 Dec 2010 03:08:41 +0000

Melbourne computer repairs – call thatsIT on 0413 194 152 or visit our website www.thatsITsolutions.com.au

http://melbourne-computer-repair.blogspot.com/2010/12/melbourne-computer-repairs.html

We are a verified PayPal partner

thatsitsolutions — Fri, 12 Nov 2010 03:13:31 +0000

We now accept most credit cards for payment & for donations – visit our web site or give us a call.

Dont get your facebook, twitter, etc account hacked

thatsitsolutions — Wed, 18 Aug 2010 23:40:04 +0000

By Stefan Tanase

“All upcoming Guns N’ Roses dates are officially canceled. Please contact your place of purchase for any refunds.”

No Guns N’ Roses fan ever wants to see this text. And especially when it’s published on Axl Rose’s official Twitter account, it’s a guaranteed recipe for disaster.

This is not the first time a famous Twitter account is hacked, and I can bet it won’t be the last. Barack Obama, Britney Spears, British Petroleum and the New York Times are just a few big names/brands that have gone through this painful process. Usually, accounts representing companies or celebrities are managed by people with excellent communication skills, not IT skills, and especially not IT security skills.

In general, a lack of user education and strong policies regarding online security often lead to undesirable events. Whether you manage an official Twitter account or a personal one, you should know how Twitter accounts get hacked so you can protect yourself.

Here are three methods:

1. Weak passwords

Do not use trivial passwords. Think of something unique, a password which no one else would think of. Don’t necessarily think of add numbers or hard to remember characters – “admin123″ will never be *much* safer than “admin”, and if you add and strange characters, you’ll wake up one day having a hard time remembering your password.

Here’s a nice tip instead. Think of a phrase that is most likely unique and easy to remember, for example, “uniqueeasytorememberphrase”. Be sure no dictionaries used in brute-force attacks include such a password. Also, after using it for several days you will start typing it faster than the blink of an eye.

2. Phishing pages

If they cannot guess the password, cyber criminals will try to make you give it to them, without you even realizing. Keep your eyes wide open when you see e-mails asking you to reset your password, especially if you have not requested it.

Be careful what links you click on. URL shortening services like bit.ly are doing a “great job” masking the final destination of your click. You can unwittingly land on a server which is hosting phishing sites or pages distributing malware.

3. Infected computers

So many times I hear people around me saying “hey, my computer is infected, but it’s okay, I can still do my things.” You can still do your things, but who knows who else is doing *their thing*, intercepting your browsing sessions or logging every key that you press.

Keep all of your applications updated – operating system, antivirus, browser plug-ins, everything. You can be using the latest version of Google Chrome, you’ll still get infected if your Windows security updates are disabled.

Security means several layers of defense, and you can’t break any ring in the chain.

This advice can be extended to general online activity, not just social networks, and most importantly, not just Twitter. You should care at least as much for the security of your e-mail account, especially if it was used to register your Twitter or Facebook accounts.

Basically, a compromised email account opens op new ways for the bad guys to get into your other accounts: the password reset function usually sends a link to your email address for confirmation.

I want to end this with an advice which is so simple, yet so ignored by most of the internet users. Do not use public computers to log on to your personal accounts. No airport internet machines, no hotel business center, nothing. I know how many times you really need to check your email from a friend’s computer – just don’t do it. You have no idea what’s running on that machine.

Stay Safe!

* Stefan Tanase is a senior security researcher at Kaspersky Lab. He specializes in monitoring Web 2.0 and social media threats.

Basically, a compromised email account opens op new ways for the bad guys to get into your other accounts: the password reset function usually sends a link to your email address for confirmation.

Microsoft shortcut exploit issue

thatsitsolutions — Thu, 05 Aug 2010 11:10:26 +0000

Computer World reports that yesterday Microsoft released an out of schedule patch, MS10-046, for the recent shortcut exploit issue.

The past few weeks have seen increasing reports of attacks using the shortcut exploit, especially in the past few days. Microsoft felt the it was too serious of a problem to let it wait until the next scheduled patch Tuesday.

The patch was released at 1 p.m. Eastern on Monday.

Recall the way the attack works:-

“two weeks ago, Microsoft confirmed a flaw in how Windows parses shortcut files, the small files displayed by icons on the desktop, on the toolbar and in the Start menu that launch applications and documents when clicked. By crafting malicious shortcuts, hackers could automatically execute malware whenever a user viewed the shortcut or the contents of a folder containing the malevolent shortcut.”

The day after the flaw was announced by security blogger Brian Krebs on July 15, Microsoft admitted it was already being exploited with the “Stuxnet” worm which targets PCs that manage large-scale industrial control systems in manufacturing and utility companies.

Code also became available online and Microsoft found several more attack campaigns using the vulnerability. One of those campaigns was a particularly nasty malware family called “Sality”, found by the team responsible for making signatures for Microsoft antivirus products including Security Essentials. The discovery of Sality using the exploit apparently was what spurred Microsoft to release an out-of-band update.

Holly Stewart of the Microsoft Malware Protection Center wrote on the team’s blog,

“Sality is a highly virulent strain … known to infect other files, making full removal after infection challenging, copy itself to removable media, disable security, and then download other malware. It is also a very large family — one of the most prevalent families this year.”

Sality seriously upped the number of PCs under attack, it quickly surpassed the numbers seen with Stuxnet. Microsoft also knew that soon other malware families would pick up the shortcut exploit.

All versions of Windows including the preview of Windows 7 SP1 and older versions like 2000 have the vulnerability. Get patch MS10-046 with Automatic Update or visit the Microsoft bulletin for more info and download links.

Auto complete – browser exploits

thatsitsolutions — Thu, 05 Aug 2010 11:06:57 +0000

All the common browsers are subject to exploits that use the auto-complete feature to force them to give up personal data, as presented at Black Hat security conference last week.

Computer World reports that the presentation “Breaking browsers: Hacking Auto-Complete” is by Jeremiah Grossman, the CTO of WhiteHat Security.

None of the techniques used were that difficult and the data that can be gathered from auto-complete includes names, addresses, e-mail addresses, and sometimes passwords, credit card numbers, and search entries.

That data can be used to break into bank or email accounts, or to set the victim up for more malware that can get more data out of them. The best way to avoid the attack is to turn auto-complete off.

Grossman was able to hack the auto-complete of different versions of Internet Explorer, Safari, Chrome and Firefox, including Internet Explorer 6 and 7 which sadly account for a third of all browsers in use. He had to come up with different ways to hack each browser and he thinks that the browsers can be patched, he contacted each browser company but they didn’t tell him definite plans for updates.

The exemption is Apple which pushed out a quick update to Safari’s auto-complete problem the day before the presentation.

Security suites: maximum protection, minimum fuss.

thatsitsolutions — Thu, 29 Jul 2010 01:31:43 +0000

We look at 9 of the most comprehensive security suites to see how they rate – here’s the review:
www.tinyurl.com/2vqlctp

I personally use a different group of tools consisting of virtualization & “sand boxes”.

Computer support, data recovery, web design, networking & security solutions – thats IT, visit my website:
www.thatsITsolutions.com.au