by Felicien | Dec 5, 2017 | Education
Strategies for Telling the Difference Between Legit Companies and Scam Sites
The online landscape can often feel like a field full of landmines. Phishing scams and infected websites are everywhere, waiting for unsuspecting victims to make a wrong click or inadvertently hand over sensitive data.
As technology professionals, we know the importance of being able to tell a scam artist from a legitimate service provider. We also know the value of using real-life experiences as teaching tools. That’s why we’re going to share a recent experience of ours.
How We’re Using a Message We Received to Empower Online Consumers
Not too long ago, we received the following message through our website:
I am highly concerned about getting my computer fixed through this company today. Is there anything you can send me to confirm this is not a fraudulent company?
First, we should make it very clear, that no, we are definitely not a fraudulent company. On Time Tech has been providing strategic and reliable IT support to individuals and businesses in all industries for nearly 15 years. The combined experience and expertise of our team allows us to deliver the highest level of IT service for California business owners. You can check out our wide variety of dynamic and strategic service offerings here.
However, we also want to say: we get it. In fact, we applaud the vigilance in the message we received. Trusting your personal or business devices with an external company for repair requires a certain level of assurance. Businesses and individuals alike should never haphazardly send information to a company before doing their research.
So, we’ve decided to use this message as a teaching tool. What strategies can individuals and professionals use to detect fraudulent sites from legitimate ones? Our goal is to offer concrete tools that will help consumers of all kinds feel more informed and empowered when navigating the online marketplace.
Tips and Tricks: How to Tell a Legitimate Site from A Phony One
As mentioned, trying to secure products and services online can be a tricky game. Cybercriminals are constantly coming up with new and convincing ways to trick consumers and get their hands on sensitive personal or financial information. Consumers shouldn’t have to use guesswork to figure out whether a company site is safe or not.
So, let’s check out the leading ways consumers can determine if a site is legitimate:
Examine the Site’s Security Status
As soon as you visit a website, the first way to verify if the site is legitimate is to check the address bar for the site’s security status. In most browsers, a “safe” site will display a green padlock icon next to the word Secure to the left of the website address. Even better? You can click on that padlock icon to verify the specific security details of the website, including the type of encryption used.
Check Out the Site’s Connection Type
You can also use the address bar to determine the website’s connection type. Websites that use the https tag are usually more secure and in turn more trustworthy than websites that use the HTTP designation. The reason is that https sites have the most legitimate security certifications available. For phony and illegitimate sites, going through the process to get these certifications is too much of a hassle so they use the HTTP tag instead.
It’s especially important to make sure the website’s payment page uses the https tag. However, it must be noted that websites using an https connection can still – on occasion – be unreliable or illegitimate, so it’s important to verify the website using other strategies as well.
Evaluate the Website’s URL
You can also break down the different parts of the website’s address or URL to determine how legitimate it is. A website URL consists of three different sections:
The connection type – http or https,
The domain name – like ours for example, ontimetech, and
The extension – .com, .net, etc.
Even if you’ve verified a secure connection it’s a good idea to look for the following URL ‘red-flags’ that may indicate a suspicious site:
Numerous dashes or symbols in the domain name.
Domain names that imitate legitimate businesses like ‘Wallmart’ or ‘Faceb0ok’.
One-off sites that mimic the site template of a legitimate website, like ‘visihow’.
Domain extensions like “.biz” or “.info” – these tend to be illegitimate.
IMPORTANT NOTE: It’s important to keep in mind that while “.com” and “.net” sites are not inherently unreliable, they are the easiest domain extensions to obtain. As such, they don’t always carry the same credibility as “.edu” (educational institute) or “.gov” (government) sites.
Look for Sloppy Content and Bad English
Once you’ve examined the address bar, it’s a great idea to scan the website for bad English or sloppily written content. If you notice lots of poor-spelling, missing words, bad grammar or awkward phrasing, that’s an indication to question the credibility of a website.
Even if the website in question seems technically legitimate so far, checking out the content and the way the site is put together can help give you a better idea if the source is trustworthy.
Watch for Over-the-Top Advertising and Pop-Ups
This is another huge element to be on the look for. If the site you’re visiting has a huge amount of flashy and annoying pop-up ad’s or ad’s that automatically play audio, the site probably isn’t legitimate. The following types of website ads are red flags:
Ads that take up the whole page.
Ads that require you to take a survey, or complete a task before continuing.
Ads that redirect you to another webpage.
Explicit or suggestive ads.
Use Google
Once you’ve explored the site content, if you still have doubts, use Google Reviews as a tool to determine legitimacy. Type the website in question into the Google search bar and review the results. Google compiles user reviews of high-traffic sites near the top of the search results – check and see if the site in question has any reviews and read them thoroughly. Make sure the reviews you read are from reliable, third-party sources.
Google also has a useful Transparency Report webpage. You can use this site to quickly run a website’s address through the Google transparency service to see the safety rating it’s been given from Google.
When in Doubt, Use the Website Contact Page to Reach Out
When it comes down to it, it’s always better to be safe than sorry. Most websites will include a Contact Us page where users can ask questions and send comments and concerns to the owner of the site. If you’re able too, call the number provided or send an email to help verify the legitimacy of the website. Sometimes getting in touch with another human is the best way to determine legitimacy. If the site in question doesn’t have a Contact page listed anywhere, it should be an immediate red flag.
Navigating a Dangerous Cyber Climate: Balancing Fear with Strategy
No matter what kinds of websites you’re visiting it’s always a good idea to be on the lookout for con artists and fraudulent websites. However, fear of being hacked or scammed should never take over your ability to connect with the companies you need to. You should never have to sacrifice getting things done because you’re afraid the internet isn’t safe.
That’s why it’s critical to get used to the detection strategies in this guide. If you rely on concrete strategies to assess website legitimacy and safety, you’ll feel much more empowered making decisions and handing over information on the world-wide-web. Furthermore, you won’t feel stuck or unproductive, because you’ll feel more confident in your ability to tell a scam from the real deal.
by Felicien | Dec 5, 2017 | Education
Apple has become an authority in providing us with useful software and the required fixes that inevitably come with the development of this software. This was proven true Wednesday, November 29th, 2017 after a bug in Macs High Sierra software was discovered. The bug was discovered by a Turkish software developer by the name of Lemi Orhan Ergin. Tuesday, November 28th Ergin made the announcement on Twitter, directing the tweet at Apple. The tweet reads “Dear @Applesupport, we noticed a huge security issue at MacOS High Sierra.” By Wednesday morning Apple had resolved the issue, meaning that their response time was less than a day after the issue was reported. If this isn’t an example of dedicated customer service I’m not sure what is.
The bug was only apparent in MacOS High Sierra 10.13 or 10.13.1 software. This bug caused a security issue in many Macs running the latest software as it allowed unauthorized personnel unchecked access to anything that existed on the Mac in question. Not only did it allow full access from the lock screen by simply choosing “other user” upon login, but it allowed access to the Mac through the use of the word “root” as the login name, without the requirement of a password. Ergin gave us the how-to on Twitter, listing the steps that would need to be taken as “System Preferences>Users and groups>Click the lock to make changes. Then use “root” with no password.” Ergin ended his tweet by saying “The result is unbelievable!”
Not only did the bug allow those with physical access to the Mac the ability to hack in, but it was also a potential issue with screen sharing. Through screen sharing hackers in remote locations could gain access to the information on the affected computers.
MacOS High Sierra 10.13 and 10.13.1 were the latest software update for the Mac, however, it has since been replaced with a software that fixes this bug. To correct the problem Mac users need only to update their Mac to the latest software. This can be done in the App store on your Mac. By first opening, the App store and then selecting updates in the toolbar users can see which software they are currently using. Here you can select the update button to update your Mac to the latest software. All updates that have occurred in the last thirty days will also be visible here so you can see if you were running High Sierra 10.13 or 10.13.1. This will give you insight into whether you had the potential to be affected by this bug.
It is fortunate that this bug was discovered and fixed so quickly. However, it also puts into perspective how sensitive the information we store on our devices may be, and even more how we should work to protect this information. Since the main threat of this bug was through physical access to Macs it is important to remember to keep sensitive devices in secure locations. If you don’t want others gaining access to your personal or private information precautions must be taken. It is also important to be aware of what software you are using on your devices and whether there are any known or reported issues with the software you are using. Mac users are able to find out which software they are running by selecting the apple icon in the left corner of the screen and then clicking “About this Mac.” After you are aware of what software you are using it is important to be aware of updates or new information that may surface regarding this software. There is no such thing as being too informed where the issue of security is concerned.
The High Sierra security issue is just one bug of many that Apple or any company work to fix each time a new software is released. This is to be expected, as fixing problems before they arise seems pretty much impossible. What is important to take away from this is the amount of effort we should all be put into keeping our devices locked and safe. To ensure that the files we consider to be for our eyes only are in fact only viewed by ourselves. We must remember to keep our devices in safe places, where not everyone will have access to them. It is also a good idea to be aware of what software’s we are running and when, as well as any potential issues the software might have. Staying informed however cannot ensure that there will not be issues, which is why people like Lemi Orhan Ergin and companies like Apple are essential to ensuring device security.
by Felicien | Dec 5, 2017 | Education
MacOS vulnerability gives any user full admin rights without a password
We all want to believe that the technology platforms we use are invincible. But, the reality is, software flaws exist. And some of these flaws don’t even require sophisticated hacking to exploit – they’re just sitting ducks, waiting to be found. Unfortunately, that’s the current challenge for Apple.
Apple is usually in the news for their latest innovations and new products, but recently an easily exploitable vulnerability in Mac’s High Sierra Operating System (OS) has made headline news. The security flaw enables a root superuser account without a password, giving attackers full access to all parts of a Mac machine.
The Background: How the MacOS Security Flaw was Detected and How it Works
High Sierra’s “root” bug was first revealed by Turkish software developer Lemi Orhan Ergin, who says security staff at his company happened to stumble upon the issue while trying to restore account access for a user. The issue was then made public by Ergin, who demonstrated the flaw in a Tweet to Apple’s tech support account.
The flaw is made possible any time a user encounters a prompt in High Sierra asking for a username and password. This includes logging into a machine with multiple users, installing an application, or changing settings. Users are then able to simply type “root” as a username, leave the password field blank, click “unlock” twice, and immediately gain full administrator access.
In other words, the bug allows any rogue user that gets their hands on a Mac computer to gain the deepest level of access to a computer, known as root privileges. Malware designed to exploit the flaw could also fully install itself deep within the computer, with no password required.
Even worse, is that the flaw can be exploited even when it’s not possible to enter a username at the main MacOS login screen. Users can still take advantage of the flaw via the system preference settings. For example, an attacker could enter the root as the username in the Users and Groups preferences setting, leaving the password field blank, and clicking on the unlock button.
After that, it’s possible for an attacker to wreak havoc on a business network. They can add new accounts with full administrative rights and could also turn off MacOS security features such as FileVault disk encryption, install malware, not to mention the ability to steal, copy or delete data.
Dangerous Access: Why the MacOS Flaw is Especially Scary
News of the security vulnerability spread like wildfire across Twitter and other social media platforms, with many security researchers confirming that they were able to replicate the flaw exploit. Security researchers Patrick Wardle and Amit Serper posted that they had been able to gain unauthorised access by exploiting the root flaw. WIRED also independently confirmed the bug.
What’s terrifying is the fact that the attack could be used on a logged-out account. This raises the possibility that someone with physical access could exploit it just as easily as malware, meaning the threat is both internal and external. Users could, for instance, use the attack to gain root access to a logged-out machine, set a root password, and then regain access to a machine at any time. This means if someone did this to any company machine sitting on a desk, they could come back later and do whatever they wanted.
Wardle explained the external threat as well. He noted the flaw can also be exploited remotely if the target MacOS system has resource sharing services enabled.
“Attempting to log in creates the root account with a blank password,” said Wardle, a security researcher with Synack. “If the root account is disabled, logging in remotely re-enables it.”
This creates a huge threat to MacOS systems and leaves devices vulnerable to potential threats within and outside business organizations.
How to Patch the Flaw: Setting a Root Password to Prevent Unauthorised Access
Unfortunately, despite suggestions that the flaw can be mitigated by disabling the computer’s guest account, this doesn’t work. It simply restarts the computer with Safari as the only application running.
It is possible to mitigate against the flaw, however, by adding a password for the root user. Here are the directions for adding a root password:
Access the Users and Groups preferences pane.
Select the Login Options
Select the Join Network Account Server
In the dialog box that pops up, click on Open Directory Utility.
From the tool’s menu bar, select
Here, you’ll be able to assign and change the password for root privileges.
IMPORTANT NOTE: Simply disabling the root account in the Open Directory utility tool does not work, as the root account becomes re-enabled when entered into the username field upon login
However, the safest fix is to install Apple’s newly released update. About 18 hours after the vulnerability was made public, Apple released a patch for the ‘root privileges’ flaw. If you haven’t yet applied the latest update, you should do so asap. Apple blamed the flaw on a logic error in the validation of account credentials. They improved credential validation strategy with the patch and accepted responsibility for leaving users vulnerable to threat.
“Security is a top priority for every Apple product, and regrettably we stumbled with this release of MacOS,” the company said in a statement. “We greatly regret this error and we apologize to all Mac users, both for releasing the OS with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.”
Frightening Patterns: MacOS Security Flaws Becoming More Common
“We always see malware trying to escalate privileges and get root access,” says Wardle. “This flaw is the best, easiest way ever to get root, and Apple has handed it to them on a silver platter.”
And unfortunately, the root access bug isn’t an isolated event. The flaw is only the latest in a disturbing series, that has plagued the High Sierra OS. On the day the operating system launched, Wardle determined malicious code running through the software that left data up for grabs. Another reported bug apparently showed the user’s password as a password hint when trying to unlock an encrypted partition on their machine known as an APFS container.
Wardle argues that flaws could be identified and stopped quicker if Apple launched a “bug bounty” for information about security vulnerabilities in its desktop software. Bug bounties are becoming an increasingly popular way for tech companies to proactively mitigate threats and identify system vulnerabilities. Apple already has a bug bounty for iOS, but still nothing for MacOS.
“A bug bounty program is a no-brainer. Maybe this is something that will encourage them to go down that path,” claims Wardle “It’s crazy these kinds of bugs keep blowing up. I don’t know if I should laugh or cry.”
Despite the efficiently released patch from Apple, this latest security flaw should leave Mac users on high alert. Staying in tune with the latest Mac product line is great, but it’s even more important to stay in tune with Mac security updates and potential software flaws. You can only protect your business data if you know the latest threats to combat.
If you have questions about the MacOS security flaw or need a hand making sure you have it patched, reach out to our team of technology experts. Trying to mediate a wide variety of cyber threats can be time-consuming and stressful – sometimes checking in a team of professionals makes all the difference.
by Felicien | Dec 4, 2017 | Education
Understanding the Key Differences Between Microsoft’s OneDrive and SharePoint Applications
Microsoft’s collection of software is continually evolving. As it continues to grow, many users are noticing quite a bit of overlap between application capabilities. For business owners, this can be a challenge – especially when trying to decide which apps are worth investing in.
Two Microsoft apps that are especially hard to differentiate are OneDrive and SharePoint. The simple fact is that both apps have a lot in common and are stocked with very similar features. However, they aren’t identical and understanding the key differences can help business owners make more informed decisions when choosing an application to invest in and deploy.
Breaking Down the Basics: How Microsoft Defines OneDrive and SharePoint
In order to get a lay of the land, it’s helpful to try and understand the purpose of each application. While they do have some overlap, the applications were created separately and Microsoft defines the purpose and features of each application differently.
OneDrive: Microsoft defines OneDrive as an online document/file storage hub. It’s most commonly used by both individuals and business teams looking for a centralized headquarters to access, save and store files. OneDrive is also configured to allow file-sharing and versioning, which allows it to serve as more than a digital filing cabinet. Additionally, Microsoft has two versions of the OneDrive app – one for individual consumers and one specifically designed for business optimization, adequately named OneDrive for Business. OneDrive is also built into the Office 365 online platform.
SharePoint: Microsoft defines SharePoint as a collaboration tool for businesses that helps team members work better together. SharePoint allows business teams to open, share and access files and allows team members to work on the same document, together, in real-time. SharePoint also allows for process streamlining and has data and app management tools. Microsoft has an on-premise version of SharePoint as well as a version that’s built into Office 365 for the Cloud.
Confused Yet? Let’s Explore the Key Categories of Difference
Simply reading the definitions isn’t enough to fully wrap our brains around the differences between OneDrive and SharePoint and the benefits of each for business owners. By looking at the key areas where OneDrive and SharePoint are different, business owners will have an easier time making decisions about software investments.
On-Premise vs. Cloud
Here’s the thing: Microsoft’s Office 365 comes with both OneDrive and SharePoint built in. This leaves many wondering – what’s the point in investing in standalone solutions like SharePoint Server if you can just invest in Office 365 and get the same features plus way more? But we shouldn’t jump to that conclusion quite so fast. Some IT administrators prefer on-premise solutions because the locally installed software allows for more control and security. On-premise SharePoint deployments on company servers allow administrators to control the look and feel of the platform.
However, there are downfalls to on-premise deployments as well. Implementing SharePoint on company servers means administrators are in charge of purchasing and managing updates, monitoring systems, and responding to security breaches. It should also be noted that businesses who choose to deploy SharePoint as a stand-alone, on-premise solution are able to purchase OneDrive separately, although all its features are already built-into SharePoint.
Security, Encryption & Compliance
For many business owners, document safety, auditing, and regulatory compliance are huge concerns. For these business owners, SharePoint’s collection of granular controls and user access capabilities are a huge benefit when trying control internal security and client data. While Office 365 and OneDrive both use encryption to keep documents safe from prying eyes, SharePoint is the only solution that offers an additional layer of security provided by a standalone server. However, OneDrive in Office 365 does offer granular access control as well, so administrators can designate access and assign user permissions. Microsoft’s cloud security is top of the line and supports TLS and SHA-2 protocols. In the Cloud, Microsoft encrypts all business data upon transfer to and from server locations and stores it, with encryption, on the Microsoft server as well.
Document and Resource Management
OneDrive for Business has all of the original document offerings as SharePoint. This includes workflows, auditing, templates and version control. However, OneDrive does not include business marketing tools like a website and social media connections – features that are built into the SharePoint infrastructure. With OneDrive, a business owns the account and employees are assigned personal accounts within the larger business account. This allows individual team members to produce and store documents before they are shared office-wide.
SharePoint offers a huge collection of tools for company-wide document and file management and collaboration. SharePoint Online and SharePoint Server offer collaborative workflows and advanced granular permissions to help businesses effectively and efficiently move content from idea to completion. Furthermore, as noted, business marketing is made easy in SharePoint Server with a variety of features to ensure intranet corresponds with branding. These branding tools are not featured in the online version.
Website, Apps & CMS
SharePoint is used by countless companies to develop, manage, and maintain their company website, internal documentation system, and company web applications. The CMS element in SharePoint allows businesses to publish documents directly to the company website or even make them centrally available for review and download by clients, associates and team members.
Companies also rely on SharePoint’s business intelligence and internal analytics features to develop custom applications for both internal and external use. Companies can build customer-facing websites, FAQ & Help applications or employee portals directly from the SharePoint infrastructure.
OneDrive simply doesn’t offer these various web optimization features. While OneDrive offers the ability to email links to documents, the documents cannot be published directly to the web from OneDrive’s infrastructure. So, while documents can be made available to your team with OneDrive, a full Office 365 subscription or another CMS/website platform – like SharePoint – is required to publish work straight to the web.
Workflows, Dashboards, Calendars, and Extras
One Drive offers companies the ability to control team access to documents for storage and sharing and it tracks versions. However, when it comes down to it, OneDrive is essentially a digital-file storage and optimization system and does not include the dynamic extra features available in SharePoint Server or through a full out Office 365 subscription.
SharePoint offers business teams a dynamically collaborative workspace that includes dashboards, calendars, tasks, notifications, and updates. SharePoint keeps these features located centrally, in a company portal that is linked directly to company websites and external applications. Additionally, SharePoint sites can be created and customized for each team member with different levels of security, so access and information are well-organized and easy to manage. Finally, companies can set up a larger corporate portal where company-wide file libraries can be searched and business notifications can be delivered in real-time.
The Short Answer is, There is No Right Answer
So, when it comes down to it, it becomes clear that OneDrive for Business and SharePoint are not exactly the same, yet not entirely different. The real differences are determined by the way a company decides to deploy and use SharePoint. For organizations looking for a company portal that offers project management, human resources tools, and web optimization, SharePoint is the clear winner.
OneDrive is more suited for companies looking to implement a basic solution for storage and occasional file-sharing capabilities. Since OneDrive is fully integrated with the Cloud through Office 365, business teams have the ability to sync files to any given device, which make anytime, anywhere access incredibly easy.
Overall, the best software solution for any business is one that supports business goals and inspires team members to be productive. For companies who have acclimated to the Cloud, an Office 365 subscription will give you the best of both worlds – not to mention Microsoft will handle your updates. However, for companies who are comfortable offline, using on-premise solutions, SharePoint offers branding tools and user interface control that Office 365 doesn’t.
Is your company trying to weigh the similarities and differences between SharePoint and OneDrive? Use this outline as a guide and be sure to make a strategic decision based on the unique needs and demands of your corporate structure.
If you’re still having a hard time deciding between the two solutions, reach out to a local technology firm for guidance and consultation. When making investment decisions about business IT, it’s never a bad idea to bounce ideas off the pros.
by Felicien | Dec 4, 2017 | Education
Outlooks Shareable Calendar and How It Fits into Aspects of Everyday Life
A shared calendar is one step in the direction of having all involved on the same page. It is little more frustrating than trying to work on a project or develop ideas when everyone is not equally informed. With Outlooks shared calendar these issues are a thing of the past, and keeping everyone informed and up to date has never been easier. The shared calendar option is one that is relatively new and boasts a number of positive impacts on everyday life.
Easily Share Important Information
Outlook has designed their sharable calendar to be incredibly user-friendly. Through Office 365 users are able to find and share their calendar events with ease. By first opening Microsoft Office 365 and then continuing to “view all apps” users will find their calendar. Here the option to add or edit events is available. Also available is the share option. After selecting the share option, you will be prompted as to who you would like to send this email to. You can also choose what details of the event they will be able to see. This might mean they can view all the details, only the titles, and dates, or other adjustable options which the sender chooses.
This is extremely easy for the recipient as well. They must only accept the invitation to view the details of the event. This way both the sender and recipient are easily able to share calendar events including the desired details through the simplicity of a few clicks of the mouse.
Keep Everyone on the Same Page
It is important that those involved in an event or job are aware of what is going on. This might mean that the calendar is used to keep track of due dates, important events or timelines for developing ideas or projects. By sharing calendar events with those who need to be aware of these events you can ensure that everyone is kept up to date on what is going on.
The calendar might be used to plan events that would otherwise take too much time to share by word of mouth. It is much easier to communicate with large groups of people through email rather than taking time out of their day to discuss something they might not remember. By inviting people to events or sharing other aspects of the calendar the reminder of the information is there waiting in the email for the recipient to look over as many times as they like. Furthermore, it is useful in keeping those that you may not see on a daily basis informed, even the sender and recipient are separated by many miles.
Useful for Business or Personal Life
Outlooks sharable calendar is useful in multiple aspects of life. Not only can you plan a meeting for your business, but you could also invite your family to a holiday celebration at your house. The only limiting factors are who you have on your email list. Using the sharable calendar in various aspects of life means that this tool is something that could make everyday life that much easier.
This functional app lets users control aspects of both personal and business life in the same area, meaning that there is no need for separate software. The ease of using the same process to keep track of multiple kinds of events means that there is more time to ensure these events are carried out as desired, whether that be for work or play.
Outlooks sharable calendar is something that could be worked into the lives of most. Anyone who has a need to keep track of dates, times or events in their lives would find the use for this calendar. This is proven to be true especially when considering the distance between those who are trying to communicate and time management. The simplicity of Outlooks calendar and the accessibility is provided to both the send as well as the recipient make this an app that everyone should be taking advantage of.
