The Aerostream Bulletin

Security Bulletin: BlueBorne – Bluetooth security vulnerabilities

Eight Bluetooth vulnerabilities have been identified and collectively called BlueBorne. These vulnerabilities are currently known to affect Windows, Linux, Android, Apple iOS and other smart devices.   What this means The Blueborne vulnerabilities could allow a remote (but physically close) unauthenticated attacker to access a vulnerable device, without any authentication or user interaction. If you have a vulnerable device, with Bluetooth enabled, an attacker who is within range of your Bluetooth device may be able to gain access to your device and run malicious code, without your intervention or knowledge   Prevention In order to protect yourself from this vulnerability, these are the steps that CERT NZ recommends you take immediately to protect your devices. Ensure you’ve patched all devices. CERT NZ recommends that you apply all security updates to all systems and software. Disable Bluetooth on the device if it isn’t required. If it isn’t possible to disable Bluetooth, check with the vendor or product manufacturer if an update is required and when it will be implemented. Be careful when enabling Bluetooth in public as it has a range of around 10 metres, which could put the device at risk as Bluetooth attacks can be implemented remotely. Additional information for businesses: Ensure staff are aware of this issue. Remind them to patch and only turn on Bluetooth on their devices if it is required. Special consideration should be taken for devices and systems that are reaching end of life. CERT NZ recommends that these are updated to a supported version immediately. If updating isn’t possible, it’s important to identify the risks of continuing to use these systems and... read more

Volunteering our tech skills at Te Puea Marae

Located in South Auckland, Te Puea Memorial Marae has opened its doors as a safe haven for the homeless of Auckland. Focused on helping families, children and the elderly, the marae has stepped up to help social services tackle Auckland’s homelessness crisis. From sleeping in cars and garages, the Manaaki Tangata program seeks to help families into temporary or permanent housing.  In the winter of 2016, Te Puea helped place 130 families in homes, thanks to the efforts of 1,200 volunteers. As they prepared to do the same in 2017, a group of individuals from Auckland’s tech community, including Aerorock, stepped in to upgrade the marae’s infrastructure. Access to the Internet and computers is an essential way of helping these families reach the resources they need – but it can be daunting for the average person to even set up a router, let alone build a whole network from scratch. Te Puea had enough on their plates already and are doing a fantastic job, so we were happy to offer our expertise. Fun fun fun! Volunteering our tech skillz at Te Puea Marae.@rmi @rafaelmagu @duckalini @NatDudley @Amy_Hoops pic.twitter.com/KCC5S3KQHH — Jason Danner (@jpdanner) July 15, 2017 We’d refurbished several laptops for the residents and social support staff to use. There are endless forms to fill out and resumes to write – all they have to do is run Office, so you don’t need flash kit! Even on these old machines, patching through Windows Update to keep everything secure is the most important part… with help from the smallest, furriest member of the team. Patching a bunch of old laptops and... read more

Dropbox Smart Sync – Great New Feature

Dropbox has been adding some really great new features to its Dropbox Business file sharing service. One of our favourites is Smart Sync. With Smart Sync, the Dropbox folders take up drastically less space on your computer’s hard drive. They do it by replacing each file with a placeholder that looks just like the file, but takes up next to no space. When you access one of these files, Smart Sync automatically downloads it and then opens it in the app you choose. This nifty feature can save gigs of space on you hard disk. The real beauty is that as others add folders and files to Dropbox, they take up no space on your computer until you use them. Smart Sync can be switched on or off at the folder or file level. Combined with Selective Sync (which has been available for years), Dropbox Business gives you complete control over how much disk space it consumes. This example shows Smart Sync in action, reducing the disk space used by a whopping 98%! More info about Smart Sync is available here. More info about Selective Sync is available here.... read more

Welcome Pikelet!

We’re pleased to announce that Aerorock has a new Service Delivery Specialist on board. Pikelet McDonald joined the team earlier this month, working with Jason on technical support. She’s also involved on a variety of internal projects. Pikelet brings along an impressive level of experience with PCs, Macs, Linux and Web technologies. She enjoys tucking into a good technical challenge, whether it be solving a thorny user problem or running a security check on a WordPress website. In her spare time Pikelet likes to hang out with her cat, drink craft beer, draw whimsical things, watch football and tinker with hi tech stuff. Please join us in welcoming Pikelet to the Aerorock... read more

Saving Time Through Automation And Integration

Running a business requires a lot of time and energy. With more important things to worry about, you don’t need the unnecessary burden of having to manually transfer information from one system to another. It is incredibly time-consuming, not to mention error-prone! Yet, this is a major problem faced by many businesses. Fortunately the cloud offers you the gift of saving time through automation and integration. Thankfully, you can increase the efficiency and productivity of your business by automating basic processes between your systems. This saves you enormous amounts of time, which can then be spent on tasks which add value to the business. Not to mention, reduces the likelihood of errors occurring and information being left out. Of course, with such a broad range of online apps available on the market, getting the different apps in your business talking to one another is not always a straightforward procedure. Some systems integrate automatically, but others often require a third app called “middleware” to tranfer information from one to the other. We’ve identified a few options for integrating your software systems below: API – Automatic Programming Interface In most cases, a user interaction occurs directly with a cloud programme through a user interface. A growing number of programmes include a second type of interface – an Automatic Programming Interface (API). APIs allow apps to interact with one another, without the user having to do anything. The Connected Accounting System Xero’s accounting software uses APIs and app integrations efficiently to help streamline the process of bookkeeping and filing returns. For example, using bank feeds APIs, Xero can talk directly with your bank, so transactions... read more

Going Digital: Is Cloud Technology Right For My Business?

As you consider going digital, it’s important to ask this fundamental question: is cloud technology right for my business? Let’s examine the pros and cons. Cloud technology refers to apps and services you access through the Internet. As more businesses switch on to “going digital”, the use of cloud technology has seen massive growth in recent years. To help you determine if going digital is right for your business, we thought we’d explain just what “going digital” means as well as weighing up the pros and cons – so you can make informed decisions about the IT solutions, best for your business. What Does It Mean To ‘Go Digital’? Going digital encompasses the idea of making business easier through streamlined IT solutions. This is typically achieved through cloud-based IT services, such as collaborative document management, online data storage and online services. Mobile devices have also experienced tremendous growth as business tools too and technology has adapted to pair the two. Going digital also refers to better practices and infrastructure for online security, reducing the likelihood of cyber-attacks resulting in damage to your systems or data loss. The Pros of Going Digital Anytime, Anywhere Access – “Going digital” means you are no longer tied to a particular computer or geographic location to complete daily tasks. Simplified Infrastructure – Replacing expensive servers and desktop software with online services that can be accessed through a variety of devices, frees up budgets for other IT solutions and decreases the stress and burden of Involuntary IT Managers. Resilience & Business Continuity – You don’t have your business tied to server in the office. If there’s a... read more

How To Create A Great Master Password

To use a password manager safely, you need to know how to create a great master password. In my previous article, How To Manage Your Passwords, I discussed the importance of using strong and unique passwords. I also pointed out that a good password manager is the best way to safely create and use strong passwords. But the password manager uses a master password to protect all your other passwords. That master password needs to be strong. So, you need to make the master password something that’s easy for you to remember, but very hard for someone else to guess. A good rule of thumb is to use a password that’s at least 10 characters long. The more characters the better. But, if you’re like most people, remembering a long password is really difficult. The best approach I’ve found so far is to use a pass phrase for your master password. The pass phrase is a sequence of words that you can remember. The words can be a passage from a book you like, or the lyrics to a song, or anything other phrase that comes to mind. It just needs to be something you’re likely to remember but something others are not likely to guess. For instance, let’s take the old typing drill “now is the time for all good men to come to the aid of the party“.  This phrase is 64 characters long, too much! But it’s still useful. Just pluck out a portion of it. For instance, “now is the time” or “come to the aid” would be good alternatives. To make the pass phrase even stronger, spice... read more

Is Your Android Infected With Gooligan?

What the heck is Gooligan? Googlian is a recently uncovered type of malware that stole the credentials to gain full access to users’ Google accounts after they installed a dodgy app on their Android phone. Currently there are more than 1 million Google accounts that have been breached. This issue was uncovered by CheckPoint, who have written a really excellent blog about it: More Than 1 Million Google Accounts Breached by Gooligan   How do you know if your Google account is breached? You can check if your account is compromised by accessing the following web site:  https://gooligan.checkpoint.com/.   I’ve been breached!! What do I do?! If your account has been breached, the following steps are required: A clean installation of an operating system on your mobile device is required (a process called “flashing”). As this is a complex process, we recommend powering off your device and approaching a certified technician, or your mobile service provider, to request that your device be “re-flashed.” Change your Google account passwords immediately after this process.   How can I prevent Gooligan? You get infected with Gooligan by downloading a dodgy app from places other than the Google’s App Store. Only Android version 4 and 5 are vulnerable, but if you’re unsure of your version you should check if your account is compromised anyway. We also recommend retiring old Android devices as they’re often vulnerable to nasty bits of malware. We recommend using Google Nexus or Google Pixel devices as Google quickly updates them with the latest security updates &... read more

How To Manage Your Passwords

Passwords are a nightmare. Unfortunately, until something better comes along, you need them to protect pretty much everything you do online: from email, to Facebook to online banking. Conventional wisdom says to use a strong and unique password for each of your online accounts. A strong password is one that’s very difficult to guess. A unique password is one that’s used for one account only. Do all your online accounts have strong and unique passwords? If not, welcome to the club. Most of us use passwords that are easy to guess, because they’re also easy to remember. We also tend to use the same password across multiple accounts, as yet another way to cope with the madness. With so many online accounts theses days, how can you possibly be expected to have a strong and unique password for each one? You can’t! At least – not without some help. Fortunately help is at hand. It’s call a password manager. Essentially a password manager is program that acts like a secure vault to store all of your passwords. Our favorite is called LastPass. The password manager also comes with a password generator, that will dish up super secure passwords on request. These passwords contain nothing but random gibberish, like G6^k5%mAL1$i. Not very user friendly, but then it doesn’t need to be. The password manager will remember it for you. The idea is to replace all your weak, duplicate passwords with these brutes, and store all of them in your password manager. There’s just one catch. The password manager requires a master password. It’s like the key to the vault. Since this is the password... read more