Security Concerns in These Times of Giving


As the holidays approach, we must take a moment to remember that we must still stay vigilant while having a good time. Year to date, we’ve had some serious security issues plaguing the world of cyberspace. Is it to be expected? Everything from leaks of spy-tools from intelligence agencies, state-sponsored spyware, and all the way to full on hacking of political campaigns along with multiple hacks on IoT (Internet of Things). Below is a list of just a few of the most recent security issues to hit us in 2017:

  1. Shadow Brokers
    This group surfaced to claim that they had breached the NSA and stole some of its data in 2016. Earlier this year they released a large amount of details that included a Windows exploit known as EternalBlue which hackers have used to target two high profile ransomware attacks.
  2. WannaCry
    Back in May, a strain of ransomware was sent out around the world infecting public utilities and large corporations. The most noted affected entity was the National Health services hospital and facilities in the UK causing delays in vital medical care. This ransomware did have flaws however, and experts were able to create a “kill switch” to stop it in it’s tracks.
  3. Cloudbleed
    Back in February, the internet infrastructure giant, CloudFlare, released that a bug in its platform was allowing random leakage of sensitive customer data. Cloudflare offers security and performance services to some heavy hitters like FitBit and OKCupid. All in all, the information of nearly 6 million individuals was at risk of having small pieces of their information be compromised.
  4. Deep Root Analytics
    It was discovered back in June that the conservative data firm had misconfigured its Amazon S3 server. This allowed for more than a terabyte of voter information be publicly accessible to anyone of the internet. More than 198 million voters were exposed.
  5. Experion
    Spanning a time from mid-May through June, hackers were able to access over 143 million people’s personal data, including social security number, addresses,phone numbers, driver’s licenses and even some credit card numbers. If you have a credit report, you were most likely hacked.

IoT is slowly but surely moving into everyone’s home in one form or another, from a simple controller for a light fixture, to your refrigerator, to the lock on your front door and even your thermostat. Recently hackers have been drawn to the IoT as a new playground to test their skills. Here are a few of the recent attacks they have produced:

  1. The Mirai Botnet
    Once infected with Mirai, computers continually search the internet for vulnerable IoT devices and then use known default usernames and passwords to login, infecting them with malware. This lead to usage of this botnet to attack Dyn, one of the largest DNS hosts in the world, causing huge portions of the internet from being accessible, including Twitter, the Guardian, Netflix, Reddit, and CNN.
  2. St Jude Cardiac Devices
    This implantable device had vulnerabilities that would allow a hacker to access it using its transmitter, and once in, could deplete the battery, or give erroneous pacing or shocks.
  3. Jeep Hack
    This was reported a few years ago, but reporting it wasn’t enough. A couple of hackers decided it should be demonstrated, so they took control of a Jeep via a Sprint cellular network and were able to make the vehicle speed up, slow down, and even veer off the road.

How can you protect yourself and your loved ones? You can begin by making your IoTs more secure. Here are some options and suggestions:

  • Authentication
    Devices which must authenticate against other systems (generally in order to access or transmit data) should be configured to do so securely, such as with unique IDs and passwords. It may also be possible to implement encryption (SSH) keys to provide device identity to permit it to authenticate against other systems. And, oh yeah, change the default username and password on any device you connect!
  • Connection
    Decide which features of your new fridge you really will use. If you don’t need it connected, don’t connect it.
  • Use a Separate Network
    Many routers allow for Guest networking to allow for users to gain access to the internet, while not giving access to your files, or other devices. This type of separation works well for any IoT items you may have with questionable security.
  • Passwords
    Pick a good password, and a different password for each device. If a hacker gets one of your passwords they will typically try it on all devices. If you use a different one for each, it will limit the hackers access to your devices.
  • Update
    Make sure you have the latest firmware. These usually have all the necessary patches for security and are usually updated regularly. Set your device up to automatically check for updates every few months. And, if you buy a device that does not allow access to update the firmware, DO NOT CONNECT IT. Outdated firmware is a massive hole in any security, and let’s face it, most of the software running refrigerators is not built with security as its first priority.

With a trusted partner like OPG helping guide the design and development of solutions to overcome challenges, security will be a reliable friend, not a foe. We’d love to talk to you further about how we can help your firm solve these challenges with smart security options and planning. Give us a shout today!

Take a look at our “What We’ve Been Up To” section below to see some ways we have helped our clients use technology to unravel the complexity of their businesses. Contact us today and see how we can help you cut the complexity and start moving toward elegant simplicity.

<code>What We’ve Been Up To</code>

Here is just a quick taste of the many successful happenings in our web and mobile software work at OPG for the last month of so. We like to feature a few key successes to keep the list short, so this is just a taste of the amazing effort of the OPG team recently.

  • OPG onboarded several new clients in the last month. The focus areas range from consulting to system architecture and planning and even includes a new platform takeover and ongoing support (this is where we step in where another developer has left off and take the project forward, seamlessly). It’s exciting to welcome these new firms into the OPG family!
  • For one client, their existing Server setup was limited in security. With the help of OPG, they have now had the servers updated to the latest security standards helping keep their, and their clients, information more stable and secure.
  • Another client wanted their system to be faster, with better reliability. With the help of OPG, they are now moved from a single server setup, to a more robust High Availability server setup that allows for multiple servers with a load balancer, multiple app servers to help their internal and outside team members get the job done in a more efficient manner and a scary fast database cluster. And, all of this means that this client platform stays up, always.
  • OPG furthered development of a Learning Management System (LMS) by integrating a new API to allow their clients to pull the necessary information. This includes access to information about which users are participating in the LMS and which are in need of renewals of their certifications, or had recently passed their certification for safety. This extension allows OPG’s client to manage the core platform, but allow its customers to gather and use the information as needed without further resource from OPG’s client. Now THAT’S empowering your customer!