Recent Blog Posts

The law in question is the Electronic Communications Privacy Act (ECPA), which was originally passed in 1986. What makes this situation rather precarious is that this 30-year old law is used to justify accessing emails today. To fully grasp how odd this is, consider how much email usage has changed during this time period, much less the technological landscape in general. The wording of this law makes it so that any stored electronic communication (like email) that?s more than 180 days old is considered ?abandoned,? and therefore, is subject to law enforcement agencies accessing it without a warrant. This presents a major problem for modern computer users that communicate primarily through electronic communication and store everything (going way further back than 180 days) in an Internet-connected database, like the cloud. Obviously, this describes pretty much everybody and the majority of organizations today. Recently, legislative action has been enacted to try and close this loophole. CompTIA reports: On April 13th, the House Judiciary Committee unanimously passed an amended version of the Email Privacy Act (H.R. 699)… The Email Privacy Act would put an end to this outdated 180 day rule and require a warrant for law enforcement to access the content of all stored communications. While the current iteration of the bill is not perfect, we were happy to see that it does not contain a carve out to the warrant requirement for civil agencies, nor does it alter ECPA?s emergency exception procedures. The goal behind closing this loophole is to protect citizens from government overreach, as well as the service providers who store digital information for the population. As society grows hugely dependent on digital information, it?s more important than ever to update the laws that govern data usage in order to protect privacy rights. Is all of this news to you or did you already know about the ECPA loophole? Is data privacy something that concerns you, or do you not much care if the government reads your emails? Share your thoughts with us in the comments.

Types of Cloud SolutionsImplementing the cloud into your current business model is easier said than done. In order to get the best return on investment for your cloud technology, you need to take your various options into account. We?ve outlined some basic information about the various types of cloud computing your business should know about. Public cloud: The public cloud is a solution that?s designed to maximize efficiency for the user. The management and maintenance of the public cloud is handled by the provider. This is great for businesses that want a hands-off cloud experience at the expense of control over data. Private cloud: The private cloud is often hosted either in-house or by an outsourced IT provider. As such, they require proper management and maintenance to ensure functionality. The private cloud is preferred by companies that want to maximize data security and want the most control over their data. Hybrid cloud: The hybrid cloud is a solid middle ground for users who don?t want to exchange data security for operational efficiency. What to ConsiderIn order to make the most educated decision you can, we recommend taking the following variables into account when choosing your cloud solution. Data security: Businesses that want to maximize data security will appreciate the private cloud. The private cloud allows for additional security measures, like secondary hardware-based security solutions, that can maximize the security of your data. Access control: If you don?t want that much control over your data, the public cloud is a good choice. However, users who want to maximize access control and role-based user access will want to invest in a private or hybrid cloud. Management responsibility: Just like other computing hardware and software, a cloud solution requires a certain expertise that should be administered by a qualified IT technician. If you don?t want this responsibility, the public cloud is for you; though it should be mentioned that a hybrid cloud allows your business to take advantage of the many benefits of both private and public clouds. White Mountain IT Services can help your business integrate and adjust to a new cloud computing solution. We can assist and consult your team through each and every step of the cloud adoption process. To learn more, give us a call at (603) 889-0800.

Hold the PhoneA lot can be said about the days of having one phone line per household that only allowed one person at a time to use the phone. This meant getting creative in order to ensure that the phone was available when you needed it. For example, if you were expecting a phone call, one sneaky trick was to call an automated phone service like your local movie theater for showtimes and then wait to hear the phone notify you that your call was coming in. This way, when someone else picked up another phone or walked by, they wouldn?t hear the dial tone. Use Collect Calls for Quick MessagesBack in the ?90s, collect phone calls were all the rage with dozens of collect call services like 1-800-COLLECT to choose from. If you remember how they worked, you would typically get a brief spot during the call setup where you were supposed to tell your name to the person you?re calling so they can accept the charges. Though unethical, many callers would use this portion of the call to relay a quick message and then hang up before the charges for the call could be applied. It was a dark time before text messages. \We all had to do what we had to do. Blow On Your Video Game to Make it WorkFor cartridge games, this was the go-to troubleshooting procedure. Even though blowing on the game seemed to have worked on many occasions, the science behind this doesn?t back it up–it actually corrodes the connectors. Instead, any success from this was likely the result of plugging in the game a second time. Keep a Disposable Camera in Your Car?s Glove CompartmentIn a time before everybody had a camera phone in their pocket, disposable cameras were widely used. One common place to keep a disposable camera was in your car?s glove compartment box, just in case you were to ever get in an accident and needed to document what took place–and then wait for hours at the local drug store to get your photos. Carry Extra AA Batteries for Your Portable CD PlayerListening to music on the go didn?t use to be nearly as convenient as it is today. Portable CD players required you to carry your CD collection, and if you were serious about listening to music, you would bring some extra batteries along for when your CD player ran out of juice. Some might look back at these obsolete tips with fondness, while others may see these tips as a cause to celebrate how far we?ve come. Do you have any more obsolete tech tips from the 90s to add to this list? Share them with us in the comments!

Once the file has been downloaded, Petya causes a Windows error and forces the system to endure the typical ?blue screen of death,? causing a reboot. The computer will then display a red skull and crossbones, and a fraudulent ?system check? infects and encrypts the master file table (MFT) with military-grade encryption protocol. This causes the computer to basically forget which files it has, and where they are stored. Rather than closing access to particular files, Petya completely locks the user out of the system by overwriting the computer?s master boot record. The computer is essentially rendered useless by the user, who can?t even log in. Petya will display a list of demands, as well as how to meet them. As is the case with most ransomware, the ransom must be paid in Bitcoin. Once this has been done, the criminal supplies a decryption key that?s used to regain access to the files. The initial cost for the decryption key is .99 Bitcoins, which is an estimated $430. However, paying for the decryption key isn?t that simple. Once the user accesses the payment page, they?re given a limited amount of time to access the key before the price is doubled. While there are some websites that claim there are commands that can allow users to skip the lock screen, the MFT will still be encrypted, rendering the files useless. Even if the user pays the ransom, there?s still no guarantee that the decryption key provided by the hackers will work. This is why we always suggest that you don?t pay the ransom, and instead contact a professional technician who can consult you on the situation. In particular, business owners and human resources representatives who are responsible for the hiring procedure are the preferred targets. Petya is distributed through emails that are disguised as potential job seekers. The message will often contain a hyperlink that redirects to a Dropbox containing a resume, which is really just a Trojan horse containing Petya that?s capable of weaseling its way past your antivirus solution. Petya had been causing significant trouble for German businesses, but a programmer has found a solution. Admittedly, it?s a tricky solution to implement, but it?s still preferable to paying a ransom. As is the case with most ransomware, your best chance of escaping unscathed is by dodging the attacks altogether. Ransomware is notoriously difficult to crack, even for seasoned IT veterans, but keeping a watchful eye on anything you find on the Internet can help you avoid infections. With White Mountain IT Services?s security solutions, you can proactively detect and eliminate threats to your IT infrastructure. To learn more, give us a call at (603) 889-0800.

The contraption used to hack garage doors is built from a discontinued Mattel toy from 2007: the IM ME. The IM ME is a supposedly secure wireless instant messaging system that works similar to a mobile phone. It was meant to be a kid-friendly, secure alternative to a mobile phone for texting. The IM ME stores an address book for other users of IM ME, and used an Internet connection to communicate with each other. If you look at it now, you wouldn’t be surprised to hear that it?s no longer supported and that it has no place in today?s computing world. Smartphones are largely more efficient and dynamic as communication tools. Just last year, it was discovered that the IM ME could be turned into a device that can hack into any garage door that?s using an unsecured fixed code transmitted from a remote, rather than one which uses a ?rolling code? that changes with every button press. This flaw was discovered by Samy Kamkar, an independent developer and technology consultant, who then proceeded to exploit the flaw to demonstrate its danger. He built the device using the IM ME as a base model, then added a simple antennae and open-source hardware attachment. Kamkar, calling his device OpenSesame, explains that his device works differently from what are called ?code grabbers.? An ordinary code grabber will snatch the code from the garage door button when it?s pressed, and reuse it to open the door at a later time. This requires the hacker to be present when the button is pressed (similar code grabbers also exist for automobile key fobs, which is a pretty scary concept on its own). OpenSesame can accomplish this same goal without being near the user, which makes it much more dangerous. The most dangerous part of this hacking experiment is the fact that any hacker can walk up to a vulnerable garage door and have it open in around eight seconds. As reported by WIRED: Using a straightforward cracking technique, it still would have taken Kamkar?s program 29 minutes to try every possible code. But Kamkar improved his attack by taking out wait periods between code guesses, removing redundant transmissions, and finally using a clever optimization that transmitted overlapped codes, what?s known as a De Bruijn sequence. With all those tweaks, he was able to reduce the attack time from 1,771 seconds to a mere eight seconds. If you?re curious about how Kamkar?s device works, you can watch this video to see the device in action. Furthermore, if you want to see if your own garage door is vulnerable, you can view this video where he goes into detail about which doors are vulnerable, and why. This more than proves the fact that hackers engage in some dangerous and unpredictable acts, and that the Internet of Things continues to be a major reason for this. With so many more devices connecting to the Internet and communicating with each other with near-field communications and Bluetooth, the situation could very quickly turn into a nightmare scenario for your business. If your network isn?t prepared to handle the dangers and threats that come from unregulated Internet of Things devices, it?s a very real possibility that your organization could suffer a data breach or worse. It?s your responsibility to ensure […]