Category

Uncategorized

Instagram Accounts Left Open To Hacking

By | Blog, Uncategorized | No Comments

In June 2018, Instagram had amassed one billion monthly active users worldwide with the USA being the largest user group and the UK 8th on the demographics chart with a total of 23 million users.

Facebook purchased Instagram in 2012 and combined they are the two most popular social media networks used worldwide.

What happened?

In July of this year a critical vulnerability was discovered in Instagrams’s 2-step authentication password recovery feature allowing hackers to compromise any Instagram account in only ten minutes without the account holder being aware.

2-step or two factor authentication is an additional layer of security added to websites, including Amazon, Google, Microsoft and Twitter, to mention a few, to make it harder for hackers and fraudsters to access your online accounts. There are various types of two factor authentication however mobile text verification is still the most widely used and it is the type of authentication used by Instagram.

How was the vulnerability identified?

The flaw in Instagram’s recovery system was found by Laxman Muthiyah, a bug bounty hunter.

He investigated the password recovery feature that allows users to regain access to their account after forgetting their password. This involves a user receiving a six-digit passcode to their smartphone for authentication.

He knew that the use of 6 digits meant there could be a total of 1 million possible combinations that could be text to account holders.  To be able to access an account all 1 million codes would need to be tried within the 10 minute window between receiving the code and the code expiring.

Although this seems impossible, it can be done with mass brute-force campaigns using an automated script and a cloud service account.

“In a real attack scenario, the attacker needs 5,000 IP [addresses] to hack an account,” he said. “It sounds big but that’s actually easy if you use a cloud service provider like Amazon or Google. It would cost around 150 dollars to perform the complete attack of one million codes.”

Log-in attempts from one specific IP are restricted by Instagram, however Muthiyah discovered that they didn’t blacklist the IP addresses that had exceeded the number of allowed attempts for a certain time period which meant he could he switch between IP addresses in order to perform a continuous attack.

“I found two things that allowed me to bypass their rate-limiting mechanism: Race hazard and IP rotation,” he said. “Sending concurrent requests using multiple IPs allowed me to send a large number of requests without getting limited. The number of requests we can send is dependent on concurrency of requests and the number of IPs we use. Also, I realized that the code expires in 10 minutes, it makes the attack even harder, therefore we need thousands of IPs to perform the attack.”

He provided the evidence to Facebook, they verified the issue and congratulated him, awarding him with a $30,000 bounty, whilst swiftly resolving the glitch.

“The Facebook security team was convinced after providing the above video of sending 200K valid requests,” Muthiyah said. “They were also quick in addressing and fixing the issue.”

Are other websites vulnerable to this threat?

There are many different forms of two-factor authentication, such as app-generated codes, physical authentication keys, email-based systems and app-generated authentication but many 2FA schemes still use mobile text verification involving six-digit, one-time passcodes that expire within a few minutes. So how many services are vulnerable to the same kind of attack?

Almost all well-known websites use some form of two-factor authentication and it is clearly more effective than just a username and password but 2FA attacks are on the rise and many of the systems for account recovery are susceptible to phishing. With the amount of websites using 2FA increasing, it is important these flaws are found and eliminated quickly.

We have to bear in mind when online that although 2FA provides additional security it is not completely watertight.

Last year, an Android Trojan was exposed taking money from PayPal accounts even when 2FA is active. Posing as a battery optimisation tool, the app asked for excessive accessibility permissions, allowing it to observe activity on other apps and waiting for someone to open PayPal and log in.

What you can do

Google and Microsoft both have Authenticator Apps you can use for an added layer of security, downloadable from the Microsoft Store and Google Play, however where there is an app or a website, there is always a hacker trying to break the code and access your details. Get tips on how to stay safe online at https://www.getsafeonline.org/

What is 5G and what will it mean for you?

By | Uncategorized | No Comments

5G is finally here !

5G will arrive officially in the UK on the 30th May with the mobile network EE.

They are officially launching 5G in London, Edinburgh, Belfast, Cardiff, Manchester and Birmingham with other cities added throughout 2019 to increase the overall 5G coverage.

What is 5G?

5G is the fifth-generation of mobile internet connectivity, following on from 2G, 3G and you’ve guessed it – 4G. This change will affect mobile phones, tablets and laptops which use a data connection via a sim card.

It promises faster data download and upload speeds, better mobile internet coverage and more reliable internet connections when using your mobile phone.

Whatever you currently do on your smartphone, you’ll be able to do it faster and easier, whether it’s mobile gaming, watching mobile videos (Youtube etc.) or video calls which will clearer and reliable. Fitness trackers will now also be able to monitor your health in real-time (the fitness tracker will however require the necessary technology to allow it to do this).

The change in technology will also allow for new internet-related services and innovations, including the development in autonomous vehicles to communicate with each other, reading live map information and traffic data.

Why do we need it?

Mobile devices are increasingly being used as our main interaction online, whether it’s visiting a website, updating our social media or streaming that album from Spotify; We’re consuming more and more data year on year as more media is made available.

For example in 2006 Amazon Video was introduced, followed shortly  by Netflix in 2007, these types of instant online services have increased in popularity year on year, with thousands of streaming apps, data-hungry games and online music-services being used by millions every day.

This demand on the mobile internet network causes congestion, especially if lots of users in the same area are trying to access mobile services at the same time, the service becomes slower and depending on the devices being used can stop working altogether.

5G has better capability for handling thousands of devices at the same time, however real-time speeds will be dependent on each carrier. 5G is a brand new radio technology and as such will require new masts and transmitters and investment in said equipment will vary from each network carrier, with some pig-backing off other carriers to provide the 5G service.

How much faster is 5G?

The fastest current 4G mobile networks offer about 45Mbps (megabits per second) on average, 5G could achieve browsing and download speeds which are 10 to 20 times faster than this, based on 5G networks built alongside existing 4G LTE networks.

A standalone 5G network could achieve a much faster rate, however these will not arrive for a few years.

Will I need a new phone?

Yes you will need a new smartphone. Current smart phones do not have the necessary technology to use the 5G network.

However, as the 5G infrastructure hasn’t yet been rolled out fully, a 5G-enabled smartphone is not expected until later in 2019.

The new generation smartphones will be able to work seamlessly between 4G and 5G to offer a more reliable and quicker internet connection, even during busy usage periods.

Will this affect my fixed line services?

No, 5G will only affect mobile internet available on devices with a sim, this will include smart phones, tablet devices and some laptops.

Domestic and office broadband services will remain to be provided by a fixed line connection for many years to come yet, due to the stability and certainty of the physical infrastructure currently in place and are therefore not affected by this change.

Will it work in rural areas?

No, not in the immediate future.

5G operates on high-frequency radio bands suitable for more densely-populated areas; It is not as suitable over longer distances, where lower-frequency bands are better.

With this in mind and with the 5G roll-out, there will also be focus on improving 4G LTE coverage to ensure the majority of the UK’s mobile internet users get the best service that is available to them wherever they are.

 

 

IT audits for free !

By | Uncategorized | No Comments

How Investing in the Right Technology can make the difference to your business

Technology changes every day, whether it’s a completely new innovation or improving or updating the equipment we use currently.

Technology companies around the world work tirelessly to compete and to improve on what they can offer businesses, both large and small to help drive growth and productivity.

Investing in the right technology now can help with your commercial success in the long and short term. Whatever industry you operate in, businesses can succeed or fail based on their technology strategies and subsequent investment.

A new generation of technology businesses such as Apple, Google and Amazon turned the business world on its head in a very short space of time and now dominate their retrospective markets due to their technological developments and application thereof. They changed how other businesses work and doomed others without the right technology and IT infrastructure to fail overnight.

We understand that planning your IT requirements for the longer term can be difficult and daunting, given the speed with which technology is advancing. However by looking ahead, expecting change and being able to adapt when required helps you to ensure your business is as technologically future-proof as any business can be.

Laying the technology foundations for your business now gives you the ability to develop your plans or pivot when you need to.

Plan your IT Strategically

All planning needs to begin with a review and an audit, to assess and look at where your business IT is now and where it needs to be.

You need to look at what technology you currently use, the advantages/disadvantages and how it can be improved upon.

The next step is looking at where you want your business to be in a year, two years or 10 years, what you are looking to achieve and what the specific targets of the business are.

We can’t guess what technology you’ll need in 10 years, but we can help you attain your business goals by suggesting and supplying the right technology, whether it’s hardware, software or online applications that will facilitate the business growth you are looking for.

Our IT audit covers :

  • Data Backup
  • Cyber Security
  • Anti Virus
  • Best Practices
  • Network Services
  • Server performance
  • Computer performance

Your IT strategy is just as important as your business plan

Putting technology at the heart of your business strategy allows you to plan, fosters growth and development and increases productivity in your business.

Remaining with older out-dated and unsupported IT systems, hardware and software puts your business at risk and with the continuous technological development will need to be updated at some point.

The earlier you plan and adapt for technological change, the better the advantage over competitors and stronger your business will be going forward.

Your business plan and IT strategy are intrinsically linked and should be integral to one another. In this technological age no business can afford to be complacent and any improvements to business operations and productivity can save a company thousands of pounds.

To find out more about planning your business’s technological future and a free IT audit contact us on 01626 360011.

 

Top tips to protecting your computers against ransomware

By | Uncategorized | No Comments

Here’s a list of the most important things you need to reduce the risk of being hit by ransomware – of course if you feel you need more advice or a system audit then please call us and we’ll pop round !

Simple steps to prevent ransomware attacks:

1 BACKUP REGULARLY – Please note that many conventional backup methods may be compromised.

2 PATCH YOUR SYSTEMS – Keep your software up to date

3 EDUCATE YOUR STAFF – This goes a long way to avoiding the problems

4 PROTECT YOUR NETWORK – Get the right anti virus solutions in place

5 SEGMENT YOUR NETWORK – keep your critical apps and data isolated

6 SECURE YOUR ENDPOINTS – including all smart phones !

7 – PROTECT ANDROID DEVICES – including tablets

8 – QUARANTINE ROGUE FILES – Consider sandboxing to filter the good from the bad

At myriad digital we have extensive experience of implementing system security that works, so if you want help with any of the above aspects or you would like us to test your infrastructure then please call us to arrange a visit

Managed Wi-Fi Solutions

By | Uncategorized | No Comments

Our managed Wi-Fi solutions allow you to offer secure internal and guest Wi-Fi access with full control of accessibility across all devices.

We implement Wi-Fi policies that allow you to provide the right level of access to both in-house and public Wi-Fi users providing appropriate connection protocols for staff, contractors and public hotspots.

The Wi-Fi hardware that we deploy provides a number of key advantages over other Wi-Fi solutions including:

  • Rapid Deployment
  • Scalability for Thousands
  • Long Range Performance (up to 600ft)
  • Simultaneous Dual-Band Wi-Fi
  • Advanced Software Features

Are you ready for GDPR May 2018 ?

By | Uncategorized | No Comments

Get ready for GDPR

With major advances in IT occurring rapidly and consistently for many years there have been changes also to the ways in which individuals and organizations communicate and share information.

It is for this reason that the EU have deemed it necessary to review all of the legal codes in EU states and yes that means us irrespective of Brexit.

Many core concepts existing under the current EU data protection regime (Data Protection Directiveor DPD introduced in 1995) will remain broadly similar, however many will change and these have to be in place by May 2018 and these changes present new compliance challenges for businesses.

This is where we can help. View the GDPR_white_paper here or call us to book a review of your policies so you can be compliant come the big day in May.

View our Privacy Notice here

Spitfire Business Internet & Telecomms

Myriad engages with a Spitfire

By | News, Uncategorized | No Comments

Having looked for a new comms partner for some time Myriad finally partner up with Spitfire – Winners of Best Hosted Platform and 2nd Place Highly Commended Best ISP awards.

With a tad over 25 years experience in providing business internet and telecoms services, Spitfire proved to be unbeatable when it came to partnership opportunities. With an emphasis on customer service, Spitfire deliver innovative, award-winning solutions that come with significant cost savings.

So off we went to London to meet the team and attend some product training to allow us to resell a wide range of connectivity solutions to you our valuable clients. From leased lines and VOIP to plain old broadband we can now confidently provide rugged solutions backed up by top customer service – just as you like it !

With over 100 staff and a turnover of £20m + Spitfire have traded since 1988 and were one of the first providers of business broadband in the UK plus one of the first Telecoms companies to be involved in Wholesale Line Rental when it was launched as a trial by BT Wholesale in 2001. So we feel fairly priveleged to be on board with a top notch provider.

So when you are considering upgrading your telephone system, broadband, switching to VOIP or need the benefits of faster broadband you can consult us – your trusty partners.

Do you need premium web hosting ?

By | News, Uncategorized | No Comments

Meeting expectation when it comes to UX is an incredibly important and fundamental part of your web armour. UX is the process of enhancing user satisfaction by improving the usability, accessibility, and pleasure provided in the interaction between the user and the web site in this instance. If you don’t get this right then your visitor numbers will dwindle and the chances of success are undermined.

One simple aspect of getting this right is the speed of your site and the load time of pages. Although there are several factors that can affect this performance, the first and most important consideration is the specification of the hosting server and the hosting environment. In order to address this we have invested heaviliy in speccing out and commissioning a new web server that really rocks. Not only is the server superfast but the Internet backbone it sits on is also lightening fast thanks to recent deployment of new fibre equipment.

Good web hosting is important to all organisations. If you run an e-commerce store then this becomes even more important and pretty much mission critical to your business. If the store goes down or is slow to load pages then sure as day turns to night your sales will suffer aswell as your brand image.  So what other factors determine the UX ? theres a great list here if items that are often thought of a critical – but maybe not ? UX MYTHS

 

Beware of Word Document Viruses !

By | Home Main Post, News, Uncategorized | No Comments

For some of us they’re coming in think and fast and can cause real problems. Picking on a format that are frequently exchanged, Word documents have become the carrier of a strain of very destructive viruses that can be time consuming and therefore costly to fix.

Microsfot Word files contain small programs called “macros” which are shortcuts that are customisable and can automate tasks such as formatting text or applying bullet lists. However, this macro programming language can also be used to write viruses that activate  when you open the Word file.

By using tempting filenames or message conent the hackers are quite good at encouraging users to open the attachment thus deploying the virus. A good example is “Credit Note XYZ” or similar that suggests by clicking you may receive some reward.

So how can you avoid problems ?

The best advice is to only open email attachments from a trusted source i.e. folk you know. Even then be weary as it is possible that their machine has become infected and is sending out the virus.

Make sure that your Eset Anti Virus is up to date and switched on and scanning email attachements for viruses.

Search engine optimisation

By | Uncategorized | No Comments

Myriad Digital can improve your organisations’ web site search engine rankings dramatically. Our search engine optimisation campaigns frequently produce page one listings with the major search engines.

High search engine rankings consistently lead to more web site visitors. Visitors who are looking for specific products, services or information. More targeted visitors to a web site leads to higher sales potential. If you are interested in SEO then please call us for a chat so that we can see if it is the right strategy for your businesses online presence.