Our Most Popular Managed Services

If you need help deciding what services are best for your business let us know.

Logo

Blog banner image

Info Advantage Blog

Info Advantage has been serving the Upstate New York area since 1993 , providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

Details on Massive Hardware Flaws in Intel Processors Released, Fix May Cause Major Computer Slowdowns

cpu-1-1175242

Details for a security vulnerability thought to affect almost every Intel processor made in the last decade have recently been released, and the outlook is not good. While there are updates on the way to fix the flaws, experts believe that a patch may slow down computers by up to 30%.

According to The Register, where the information was first publically released, the Intel vulnerability allows hackers to access areas of the computer that shouldn’t be reachable. The flaws, known as Meltdown and Spectre, directly affects the kernel memory of the Intel chip.

Meltdown breaks the isolation between applications and the OS, allowing hackers to access the memory of programs and the OS itself. Spectre breaks the isolation between different applications down, allowing a hacker to trick error-free programs to leaking information.

These flaws allow apps to detect and read the operating system codes, look into other app’s memory banks, or even leak personal information such as passwords, login information, files, and more.

The patch will make the affected kernel completely invisible, but this comes at a price. According to The Register, making the kernel invisible would add a new process that will increase its overhead, slowing down the computer.

Since the problem is with the hardware itself, nothing short of an OS-level fix will be required for the affected operation systems, including Windows, Linus, and Mac. So far Windows has released an emergency patch for Windows 10, with patches for Windows 7 and Windows 8 to come next week. However, there seem to be some issues caused by some anti-virus softwares that can result in bluescreen errors.

Apple says they have also addressed the majority of their flaws with their last OS update, and they are currently testing new tweaks for their next update. Linux developers have also created a set of patches.

In addition to operating systems, many cloud services companies will need to release updates in order to keep themselves protected against the vulnerability. Microsoft Azure, Amazon AWS, and Google Cloud Platform have all reported that they are working on implementing new updates to bulk up security against Meltdown and Spectre. However, they have all stated that the impact of proposed update and have found that they have very little affect on performance in their benchmark tests.

If you want to know more about how these vulnerabilities may affect you and your business, call us at (585) 254-8710 to learn more about how you can strengthen your technology security.

0 Comments
Continue reading

WannaCry: The Worst Digital Disaster the World Has Seen in Years

WannaCry: The Worst Digital Disaster the World Has Seen in Years

 

On Friday, May 12, a cyber-attack was launched that affected over 300,000 computers in roughly 150 countries. The attack, a ransomware worm known as WannaCry, affected nearly every major industry; including healthcare, government, and privately-owned businesses.

The attack began in Europe and continued to spread across the globe, reaching targets in China, Japan, and even reaching across seas to the Americas. Once hit with WannaCry, the worm encrypts all the files on an infected device, prompting the user to pay $300 in order to regain access to their files.

Since the attack spread, the hackers are thought to have gained about $80,000 in bitcoins from WannaCry victims. However, that number is not expected to rise much higher, as many technology companies have already implemented measures to block the attack. In fact, Microsoft had already had a vulnerability patch in place in March, months before WannaCry was released.

So how was WannaCry able to affect hundreds of thousands of devices while there were already measures available to block the attack? The answer lies within an affected company’s technology infrastructure. While the patch by Microsoft was originally released in March for Windows XP systems, many businesses completely overlooked the upgrade. This left them wide open for an attack, making them easy targets with well-known vulnerabilities.

However, we cannot be so quick to blame the IT departments of the affected businesses, particularly those with complex technology infrastructures. For example, many health care service providers in the UK were affected due to a reliance on older versions of operating systems. This is due in part to the variety of third-party medical equipment that health care providers rely on to do their jobs. This equipment can often be difficult to upgrade or patch, and can only be replaced if the budget allows for it. In many cases, companies will choose to spend their dollars on other IT necessities.

What can businesses do to protect themselves from WannaCry and other similar cyber-attacks? Security experts state that the best way to combat these attacks is to keep your technology updated and your employees aware of potential threats.

A good way to gauge your company’s vulnerability is to perform a threat and vulnerability tests. These tests will give a company insight into how many employees would fall for an attack by sending out a fake phishing scam. Once the data is collected, a company will have a better idea of what kind of vulnerabilities they have, and how they can train their employees to avoid them.

Experts also suggest that companies keep as up-to-date on their software as possible, and urge them to consistently check for updates or patches. While an update might not seem imperative, hackers are constantly on the lookout for newly discovered vulnerabilities to exploit. By creating a consistent update schedule, companies can be sure that they are protected from future attacks.

Don’t have the time to constantly check for software updates? Not sure if your company is up-to-date with the best possible cyber security plan? Contact our security experts at Info Advantage by calling (585) 254-8710 today to talk about how you can protect your business’ assets.

 

0 Comments
Continue reading

What the Cancellation of the FCC Online Privacy Rules Means for You

What the Cancellation of the FCC Online Privacy Rules Means for You

Congress recently voted to do away with Obama-era regulations that were intended to protect consumer data from being sold to advertisers without the user’s consent. As of April 4th, President Trump has officially signed the legislation that will dismantle the internet protection that had originally been approved in October 2016.

What Was Voted On?

Congress voted on whether or not to keep a set of Internet privacy rules approved back in October during the end of the Obama administration. The measure, which was passed by a 215-205 vote according to NBC News, blocks the FCC from being able to enforce new privacy rules that had been passed last year by the Obama administration last year before the election. The legislation, which was recently signed by the President, also bans the FCC from issuing any similar online protections in the future.

What Information Can Be Bought?

The original policy would have banned Internet providers from collecting, storing, sharing and selling user information. They would be allowed to collect and sell information such as your web history and app usage, according to The Washington Post. The rules also required Internet providers to use stronger security safeguards to protect customer data against hackers. Now that the policies have been brought down, providers are able to monitor their customer’s online activity and use the data they’ve collected to create highly targeted ads. It also allows them to sell the information to advertisers, financial firms, and other for-profit companies.

How Can I Protect My Data?

As of now, there are no real changes being made to the Internet security policy, so not much is expected to change right away. However, experts suggest a few methods that users can use to keep their data to themselves. First, security experts suggest that you use a virtual private network, or VPN. VPNs will hide your location so they cannot verify your identity, and hides your Internet traffic so that no one will be able to see your browsing history. Security professionals also suggest that users make use of HTTPS sites, which ensure users that their data is secure and will not be shared.

Contact Info Advantage today at (585) 857-2644 to learn more ways you can protect your personal data from being shared or sold.

0 Comments
Continue reading

RAM Prices Are on the Rise, and Won't Be Getting Better Any Time Soon

RAM Prices Are on the Rise, and Won't Be Getting Better Any Time Soon

The price of desktop RAM has been on the rise in the last few months, and experts believe the trend won’t be stopping any time soon. According to a blog post by Newegg Business, RAM prices have been on the rise since June 2016. Newegg reported that prices jumped up 20-30% over the summer, affecting all desktop memory brands. Since then, prices have continued to gradually climb as supply fell just below the level of demand.

So how much is the cost of RAM rising by? According to PC Part Picker’s pricing history, a 2 x 8GB kit of G.Skill DDR4-2400 RAM cost about $75 at Newegg back in November. At the time, they were the lowest price available. Now, over three months later, the same system can be found on Newegg for $111. These trends have shown persistent for nearly all types of RAM, no matter the make or manufacturer.

There are a few factors that can be blamed for the increase in RAM pricing. One of the major reasons for the price change is the industry shift to DRAM chips for mobile devices, which have been on the rise as smartphones continue advance in technology. According to Nanya Technology president Pei-Ing Lee in an interview with DigiTimes, higher demand for DRAM chips have pushed up both price and production levels. The sudden increase of demand pushed manufacturers to focus their efforts on DRAM production, placing server and desktop memory production on the back burner.

Lee believes this is a trend that will continue throughout 2017, with prices stabilizing by the third quarter (July through September.) However, prices are not expected to go back down any time soon. That means if you’re looking to buy RAM for a new system, or were looking to upgrade your current system, now is the time to buy. Prices are expected to steadily rise in the next few weeks, and demand will only continue to swell as consumers look for the newest in mobile technology.

Looking to upgrade your current RAM but not entirely sure what you need? Contact Info Advantage at (585) 254-8710 today to speak with technology professionals who can help you figure out exactly what your system needs, and at the right price.

0 Comments
Continue reading

FBI Director Insists Government Can Access Any Private Record

FBI Director Insists Government Can Access Any Private Record

Does the U.S. Constitution allow the American government to access the electronic devices of its citizens? According to FBI Director James Comey’s statements at Symantec’s Annual Government Symposium, it certainly does.


This situation was birthed from the tussle between Apple and the Federal Bureau of Investigation after Apple refused to grant the FBI the information necessary to unlock an encrypted iPhone linked to a terror case. In the end, the FBI managed to unlock the device without assistance from Apple after threats of lawsuits and other unpleasantries were thrown around.

Reacting to this issue, as well as the trend towards more encryption in mobile devices causing complications during investigations, Comey clarified the bureau's stance on the privacy of the American citizen. Conceding that there is a reasonable expectation of privacy in houses, vehicles, and mobile devices, Comey asserts that there are other considerations to take into account to justify revoking that expectation, going on to say: “With good reason, the people of the United States--through judges and law enforcement--can invade our public spaces."

This statement, however, begs the question: how does a personal device really qualify as a public space? Again, according to Comey, it does in the U.S. “Even our memories are not absolutely private in the United States,” Comey said. “Even our memories are not absolutely private in the United States. Even our communications with our spouses, with our lawyers, with our clergy, with our medical professionals are not absolutely private. A judge in certain circumstances can order all of us to testify about what we saw or remembered or heard. There are really important constraints on that, but the general principle is one we’ve always accepted in the United States, and it’s been at the core of our country. There is no such thing as absolute privacy in America. There is no place outside of judicial authority.”

Comey also made a point of saying that, while the FBI has no business telling American citizens how to live and govern themselves, the tech companies have no business doing so either. This came as a direct response to the open letter many tech company higher-ups signed last April that demanded the US government end the mandates that would require access to encryption keys for the interests of law enforcement and national security.

Naturally, these Silicon Valley leaders don’t agree with Comey, and neither do all of his peers. Nuala O’Connor, who holds the titles of president and CEO of the Center for Democracy & Technology as well as the first Federal Chief Privacy Officer for Homeland Security, had little good to say about the ideas of her respected peer. According to O’Connor, “He could not be more wrong on encryption.”

What are your thoughts on Director Comey’s views? Do you think any government has the inherent right to access a digital device--arguably invading the privacy of the citizen--even if it's ultimately for the greater good? Share your thoughts in the comments, and be sure to keep checking back to Info Advantage’s blog.

0 Comments
Continue reading

Highlights from SonicWall's 2017 Annual Threat Report

Highlights from SonicWall's 2017 Annual Threat Report

SonicWall recently released their 2017 Annual Threat Report, which takes a look into the technology security trends in the upcoming year. In the report, SonicWall carefully observes and analyses the technology threat landscape from the last year and uses it to predict how it will continue to change in the future. Here’s a brief summary of their most important findings for 2017, and what it means for modern business.

Point-Of-Sale Malware Declining

With the integration of chip-based POS systems, hackers are finding it more difficult to steal sensitive information through POS malware attacks. The chip readers allow the transaction to be approved by creating a unique code that cannot be used again, as opposed to the traditional magnetic strip that uses the same code each time it is swiped. Thanks to the integration of the chip-reader, along with stronger legal guidelines, SonicWall observed that the number of new POS malware has decreased by 88 percent since 2015.

Website Encryption on the Rise

As web traffic continues to grow exponentially, users want to ensure that their data is kept safe. Due to this, many websites are opting to use Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption to protect sensitive user data. SSL/TLS encryption is represented by a lock and HTTPS URL, rather than the standard HTTP URL. This ensures the user that their information is safe, and is only being sent to the intended recipient. SonicWall believes the trend towards SSL/TLS encryption is due in part to the growing trend of cloud applications. They expect the trend to continue into 2017, and believe that SSL/TLS traffic will account for 75 percent of online interactions by the year 2019.

 

Ransomware Becoming More Popular

Ransomware was by far the most popular security attack in the previous year, with an increase from 3.8 million attacks in 2015 to 638 million in 2016. According to SonicWall’s Global Response Intelligence Defense (GRID), $209 million in ransom had been paid by affected companies by the end of the first quarter. The growth was most likely driven by the increased access of ransomware as the ransomware-as-a-service (RaaS) industry expanded. This allowed individuals to purchase a ransomware pack without requiring the necessary coding skills needed to launch an attack. The most common attack is known as Locky, and is often attached to emails as disguised as a Microsoft Word invoice. As the RaaS industry continues to grow, SonicWall’s GRID suggests that all organizations backup their data continuously to a backup system that isn’t always online, or uses authentication.

 

Internet of Things Devices Compromised

The recent advances in technology have opened up the world to more and more connections to the Internet from more than just a computer, smartphone or tablet. These days, Internet of Things (IoT) devices can be anything from a camera or smart watch, to a smart car or home security system. Due to the wide-adaptation of IoT devices, many developers have felt the pressure to release their devices as soon as possible, which often means oversight in security. This made it easy for hackers to discover weaknesses in IoT devices, resulting in the launch of largest distributed denial-of-service (DDoS) attacks in history. The attack used thousands of IoT devices with weak passwords to launch an attack on hosting company OVH and DNS service provider Dyn. This resulted in the outages for well-known sites such as Airbnb, Netflix, Reddit, Twitter, and Spotify. To protect your IoT devices, SonicWall suggests that you ensure your devices are protected by next-generation firewalls, which scan for specific IoT malware. They also suggest you separate all IoT devices from the rest of your network, in case it becomes compromised.

 

Android Security Increased, But Still Vulnerable

During 2016, Google worked on new operating systems that would directly combat many of the security vulnerabilities found in Android devices. They added additional security features, including a new approach to permission granting, an increase of security patches, and a full-disk encryption of the device. However, these new strides in security have been met with hacker resistance as they find new ways to combat these security measures. This includes screen overlays, ad-fraud malware HummingBad, self-installing apps, and third-party adult-centric apps. SonicWall suggests that any Andriod device on a company network should keep the “install applications from unknown sources” un-check and make sure both “verify applications” options are checked. It is also advised that users enable the “remote wipe” option in the event that the device is compromised.

The best way to combat an attack is to stop it before it becomes a problem. Contact Info Advantage’s security professionals today at (585) 254-8710 to learn more about proactive ways to ensure the safety of your data. 

0 Comments
Continue reading

Cloudbleed: The Internet’s Newest Security Bug

Cloudbleed: The Internet’s Newest Security Bug

There are thousands of breaches of information every year, threatening our personal information and sensitive data. On Feb 23rd, news of a brand-new bug known as Cloudbleed dropped. This bug has affected thousands of sites, potentially leaking out the sensitive information of their users, according to a new report by CNET. Here is a quick guide to understanding exactly what Cloudbleed is, and how it may have affected you and your company.

What is Cloudbleed?

Cloudbleed is the name of the newest major security breach bug from an Internet security company known as Cloudflare. The issue arose when users entered their information onto secured “https” sites, such as a login page. Cloudflare’s service is meant to help securely move the information entered into the “https” sites between the user and the servers. Instead of deleting the information after it was used, the Cloudbleed bug caused Cloudflare’s security service to save potentially sensitive data, such as user credentials, photos, video frames, or even server and security information.

Who is affected by Cloudbleed?

There are currently around 3,400 websites believed to have been affected by the Cloudbleed bug, though the actual number could be much higher. The bug is believed to have started back as September, with the height of the problem occurring between February 13th to the 18th. Uber, Fitbit, and OKCupid are the main three that seemed to be directly affected by the bug. According to Cloudflare, the Cloudbleed bug is thought to have leaked information about “one in every 3,3000,000 HTTP requests” made through the service.

What can I Do Now?

As of now, Cloudbleed is no longer an active threat. Cloudflare was able to stop the bug just 44 minutes after it was discovered, and the problem was solved completely in 7 hours. While the impact is minimal and requires no immediate action, there are a few things individual users can do to keep themselves safe from potential data leakage.

It is recommended that you change your password on any account that uses Cloudflare. This includes sites such as OKCupid, Fitbit, and Medium are some of the most popular sites that are known to use Cloudfare’s services. If you are unsure whether or not a site you use was affected, there is now a webpage that tells you whether or not a site is infected

It is also recommended that you use a two-step authentication on any site or service that offers it. This will ensure that no one will be able to access your account, even if they are able to get your user credentials.

-

With thousands of security breaches per year, you can’t afford to wait for security. Contact Info Advantage today at (585) 254-8710 to speak to a technology professional about how to keep your data safe. 

0 Comments
Continue reading

Couple Exploits Vulnerability With IRS Filing System, Steals $1M, Goes to Jail

Couple Exploits Vulnerability With IRS Filing System, Steals $1M, Goes to Jail

The Internal Revenue Service is one organization that you don’t want to mess with. Thanks to their antics filing fraudulent tax returns through the often-exploited Get Transcript site managed by the IRS, Anthony and Sonia Alika have to do some time in the slammer; and that’s not even mentioning what they have to pay the IRS in restitution.


Mr. Alika is set to serve 80 months in prison followed by three years of supervision upon release, and must pay $1,963,251.75 in restitution for conspiracy to commit money laundering. On the other hand, his wife must serve 21 months of jail time, followed by three years of supervision and an IRS restitution of $245,790.08 for structuring cash withdrawals to avoid the required bank reporting. They both pled guilty to their respective crimes.

Their actual crime: laundering $1 million in money stolen from the U.S. Treasury by filing fraudulent forms. In particular, they filed fraudulent income tax returns using data stolen from the Get Transcript service. Get Transcript was originally created so that taxpayers could review their past returns, but the Alikas used it to obtain data that they needed to steal from the IRS.

The Alikas, and their co-conspirators, would then use the funds to purchase prepaid debit cards, and register them to the identities that they had stolen. They would then file their tax returns using the fake identities and receive the refunds on the prepaid cards. The cards were then used to purchase money orders and deposit the money into bank accounts, which was then withdrawn in small amounts to avoid suspicion and bank reporting.

Keep in mind that this isn’t the first time Get Transcript has been utilized for fraudulent activity. In May 2015, 100,000 tax accounts were stolen and used to steal $50 million from the IRS. That’s a ton of cash that could have been saved if it weren’t for the lax authentication requirements. In response to this case, the United State Department of Justice put out a press release outlining some best practices to keep personal information and accounts as safe and secure as possible.

File Your Taxes Early
If you’ve already filed your legitimate tax return, refund criminals like the Alikas can’t file using your identity. The longer a return goes without being filed, the more time you’re giving hackers to file a fraudulent return using your stolen identity.

Use Strong Usernames and Passwords
This tip can be applied to all online accounts--especially those that contain sensitive information, like your tax return. You should have passwords and usernames that are unique to your person; if someone else were to get ahold of your credentials, or if you share them, the chances of them getting stolen multiply.

BONUS TIP: Randomized strings of upper and lower-case letters, numbers, and (if permitted) symbols are the most secure option when selecting a password.

For more information on how to keep your computer systems and your identity safe, reach out to us at (585) 254-8710.

0 Comments
Continue reading

NATO Officially Declares Cyberspace a Battlefield

NATO Officially Declares Cyberspace a Battlefield

Security professionals have been at war with hackers ever since the Internet was created, but a recent NATO decision has affirmed the fact that cybersecurity is a real-world problem, and one that needs to be fixed. Just like land, air, and sea, cyberspace has become a battlefield, albeit a very different kind of battlefield.


The decision by NATO declares that cyberspace can be defined as an “operational domain,” which is an area where conflict can occur. There have been some incidents of cyber attacks that have transcended from the cyber realm, to having effects in the physical world, such as the recent Ukrainian electrical grid hack, or the supposed Iranian hack of a United States dam control system. The idea is that hacking attacks can have direct effects, such as causing blackouts or turning off critical systems.

NATO Secretary General Jens Stoltenberg made a valid observation concerning the decision to add cyberspace to the list of operational domains: “Cyber defence is part of collective defence. Most crises and conflicts today have a cyber dimension. So treating cyber as an operational domain would enable us to better protect our missions and operations.”

Technology is so prevalent in today’s world that it’s practically impossible to imagine warfare, of any kind, that’s not assisted by it; and where there are technology systems, there are networks that can be hacked and taken advantage of. If data that’s deployed to bases or war zones is inaccurate, lives can be lost, rather than protected. Another example would be hacking critical infrastructure, like with what happened in the Ukraine, which left countless citizens without heat, electricity, and other necessities.

In particular, NATO plans on securing its networks and focusing on helping other countries secure theirs, as well as implementing ways to identify where attacks come from, and why. In 2014, NATO changed its policies on cyber attacks to allow NATO to respond in force to any attacks against nations that are involved with the organization, so defining cyberspace as a grounds for conflict shows just how quickly this situation is escalating.

Of course, all of this is easier said than done. Cyber security as a whole is still handled primarily on a state level, and while the US and UK plan on investing in cyber security, other countries find that it’s of low priority, or that it’s too far off to consider at this moment.

This decision by NATO should reaffirm that your business needs to take a cautious, proactive approach to network security, as well as leverage best practices in order to minimize risk while working online. If your business falls victim to a hacking attack, you’ll realize far too late that the online world is a dangerous place filled to the brim with malicious entities. Therefore, it’s in your best interest to take a preventative approach to network security.

Info Advantage can equip your business with the tools needed to keep your IT infrastructure safe. To learn more, give us a call at (585) 254-8710.

0 Comments
Continue reading