The Aerostream Bulletin

Dropbox Smart Sync – Great New Feature

Dropbox has been adding some really great new features to its Dropbox Business file sharing service. One of our favourites is Smart Sync. With Smart Sync, the Dropbox folders take up drastically less space on your computer’s hard drive. They do it by replacing each file with a placeholder that looks just like the file, but takes up next to no space. When you access one of these files, Smart Sync automatically downloads it and then opens it in the app you choose. This nifty feature can save gigs of space on you hard disk. The real beauty is that as others add folders and files to Dropbox, they take up no space on your computer until you use them. Smart Sync can be switched on or off at the folder or file level. Combined with Selective Sync (which has been available for years), Dropbox Business gives you complete control over how much disk space it consumes. This example shows Smart Sync in action, reducing the disk space used by a whopping 98%! More info about Smart Sync is available here. More info about Selective Sync is available here.... read more

Welcome Pikelet!

We’re pleased to announce that Aerorock has a new Service Delivery Specialist on board. Pikelet McDonald joined the team earlier this month, working with Jason on technical support. She’s also involved on a variety of internal projects. Pikelet brings along an impressive level of experience with PCs, Macs, Linux and Web technologies. She enjoys tucking into a good technical challenge, whether it be solving a thorny user problem or running a security check on a WordPress website. In her spare time Pikelet likes to hang out with her cat, drink craft beer, draw whimsical things, watch football and tinker with hi tech stuff. Please join us in welcoming Pikelet to the Aerorock... read more

Saving Time Through Automation And Integration

Running a business requires a lot of time and energy. With more important things to worry about, you don’t need the unnecessary burden of having to manually transfer information from one system to another. It is incredibly time-consuming, not to mention error-prone! Yet, this is a major problem faced by many businesses. Fortunately the cloud offers you the gift of saving time through automation and integration. Thankfully, you can increase the efficiency and productivity of your business by automating basic processes between your systems. This saves you enormous amounts of time, which can then be spent on tasks which add value to the business. Not to mention, reduces the likelihood of errors occurring and information being left out. Of course, with such a broad range of online apps available on the market, getting the different apps in your business talking to one another is not always a straightforward procedure. Some systems integrate automatically, but others often require a third app called “middleware” to tranfer information from one to the other. We’ve identified a few options for integrating your software systems below: API – Automatic Programming Interface In most cases, a user interaction occurs directly with a cloud programme through a user interface. A growing number of programmes include a second type of interface – an Automatic Programming Interface (API). APIs allow apps to interact with one another, without the user having to do anything. The Connected Accounting System Xero’s accounting software uses APIs and app integrations efficiently to help streamline the process of bookkeeping and filing returns. For example, using bank feeds APIs, Xero can talk directly with your bank, so transactions... read more

Going Digital: Is Cloud Technology Right For My Business?

As you consider going digital, it’s important to ask this fundamental question: is cloud technology right for my business? Let’s examine the pros and cons. Cloud technology refers to apps and services you access through the Internet. As more businesses switch on to “going digital”, the use of cloud technology has seen massive growth in recent years. To help you determine if going digital is right for your business, we thought we’d explain just what “going digital” means as well as weighing up the pros and cons – so you can make informed decisions about the IT solutions, best for your business. What Does It Mean To ‘Go Digital’? Going digital encompasses the idea of making business easier through streamlined IT solutions. This is typically achieved through cloud-based IT services, such as collaborative document management, online data storage and online services. Mobile devices have also experienced tremendous growth as business tools too and technology has adapted to pair the two. Going digital also refers to better practices and infrastructure for online security, reducing the likelihood of cyber-attacks resulting in damage to your systems or data loss. The Pros of Going Digital Anytime, Anywhere Access – “Going digital” means you are no longer tied to a particular computer or geographic location to complete daily tasks. Simplified Infrastructure – Replacing expensive servers and desktop software with online services that can be accessed through a variety of devices, frees up budgets for other IT solutions and decreases the stress and burden of Involuntary IT Managers. Resilience & Business Continuity – You don’t have your business tied to server in the office. If there’s a... read more

How To Create A Great Master Password

To use a password manager safely, you need to know how to create a great master password. In my previous article, How To Manage Your Passwords, I discussed the importance of using strong and unique passwords. I also pointed out that a good password manager is the best way to safely create and use strong passwords. But the password manager uses a master password to protect all your other passwords. That master password needs to be strong. So, you need to make the master password something that’s easy for you to remember, but very hard for someone else to guess. A good rule of thumb is to use a password that’s at least 10 characters long. The more characters the better. But, if you’re like most people, remembering a long password is really difficult. The best approach I’ve found so far is to use a pass phrase for your master password. The pass phrase is a sequence of words that you can remember. The words can be a passage from a book you like, or the lyrics to a song, or anything other phrase that comes to mind. It just needs to be something you’re likely to remember but something others are not likely to guess. For instance, let’s take the old typing drill “now is the time for all good men to come to the aid of the party“.  This phrase is 64 characters long, too much! But it’s still useful. Just pluck out a portion of it. For instance, “now is the time” or “come to the aid” would be good alternatives. To make the pass phrase even stronger, spice... read more

Is Your Android Infected With Gooligan?

What the heck is Gooligan? Googlian is a recently uncovered type of malware that stole the credentials to gain full access to users’ Google accounts after they installed a dodgy app on their Android phone. Currently there are more than 1 million Google accounts that have been breached. This issue was uncovered by CheckPoint, who have written a really excellent blog about it: More Than 1 Million Google Accounts Breached by Gooligan   How do you know if your Google account is breached? You can check if your account is compromised by accessing the following web site:  https://gooligan.checkpoint.com/.   I’ve been breached!! What do I do?! If your account has been breached, the following steps are required: A clean installation of an operating system on your mobile device is required (a process called “flashing”). As this is a complex process, we recommend powering off your device and approaching a certified technician, or your mobile service provider, to request that your device be “re-flashed.” Change your Google account passwords immediately after this process.   How can I prevent Gooligan? You get infected with Gooligan by downloading a dodgy app from places other than the Google’s App Store. Only Android version 4 and 5 are vulnerable, but if you’re unsure of your version you should check if your account is compromised anyway. We also recommend retiring old Android devices as they’re often vulnerable to nasty bits of malware. We recommend using Google Nexus or Google Pixel devices as Google quickly updates them with the latest security updates &... read more

How To Manage Your Passwords

Passwords are a nightmare. Unfortunately, until something better comes along, you need them to protect pretty much everything you do online: from email, to Facebook to online banking. Conventional wisdom says to use a strong and unique password for each of your online accounts. A strong password is one that’s very difficult to guess. A unique password is one that’s used for one account only. Do all your online accounts have strong and unique passwords? If not, welcome to the club. Most of us use passwords that are easy to guess, because they’re also easy to remember. We also tend to use the same password across multiple accounts, as yet another way to cope with the madness. With so many online accounts theses days, how can you possibly be expected to have a strong and unique password for each one? You can’t! At least – not without some help. Fortunately help is at hand. It’s call a password manager. Essentially a password manager is program that acts like a secure vault to store all of your passwords. Our favorite is called LastPass. The password manager also comes with a password generator, that will dish up super secure passwords on request. These passwords contain nothing but random gibberish, like G6^k5%mAL1$i. Not very user friendly, but then it doesn’t need to be. The password manager will remember it for you. The idea is to replace all your weak, duplicate passwords with these brutes, and store all of them in your password manager. There’s just one catch. The password manager requires a master password. It’s like the key to the vault. Since this is the password... read more

Kiwicon X

Kiwicon is Christmas for the information security (infosec) community. This year, a jolly Metlstorm (Adam Boileau) guided us through two days of infosec bliss including: unique security talks, physical & digital security challenges, fire, lasers, alien abductions, and an acapella rendition of Badger badger badger.   .@Kiwicon begins not with a whimper but with a bang. And @Metlstorm saying the forbidden words: CISSP, Risk Register, ISO, PRA. #kiwicon pic.twitter.com/ex413cjt1M — Kate Pearce (@secvalve) November 16, 2016 Earthquakes, alpacas, lasers and fire – only at #kiwicon pic.twitter.com/kz98vCwOD3 — Jakub Kałużny (@j_kaluzny) November 17, 2016 The Crüe (the group of friends who organize Kiwicon) have spent the last 10 years building a truly epic conference. What started 10 years ago as a few speakers and about 80 attendees in a university lecture theatre now fills the Michael Fowler Centre with well over 2000 infosec enthusiasts. There are a few things that truly set Kiwicon apart: The energy & enthusiasm of the Crüe & volns (volunteers) The single track format so there is no concern about missing talks No vendor talks An incredibly friendly & inclusive environment (helped by a strong code of conduct & the Crüe’s demonstrable willingness to stand up and enforce it) This was my third year at Kiwicon. Every year I’m impressed at the breadth of topics and depth of knowledge presented, but this year the selection of talks was truly staggering. Talks like: subverting RFID building access cards, how internal security teams deal with international breaches, revealing 0day exploits (unpatched vulnerabilities), pushing the boundaries of what you can do with Docker, how your security team should be... read more

Whaling – A New Type of Email Scam

Earlier we explored the phenomenon of email phishing in an article called Does Your Email Smell Smell Phishy? Now there’s a new type of phishing attack called Whaling. Phishing involves carefully crafted email messages designed to trick you into clicking on malicious links. Some of these links download malware onto your computer. Others send you to what looks like your online banking, but is actually a convincing imitation designed to relieve you of your logon details. Whaling targets C-level executives with fraudulent messages that achieve a new level of credibility. The perpetrators exploit vulnerabilities of the Internet email protocol to send messages that look in every way like they’re coming from someone you know and trust – often another executive in your organisation. A Whaling message can contain some or all of these telltale signs: The sender appears to be a high level executive who is making an unusual request. Sometimes you’re asked to make an international payment right away, or to accept a wire transfer request. In another version, you’re asked to reveal some sort of confidential information. Sometimes the sender asks you not to communicate with others about the matter. The request bypasses normal channels. The request might contain errors in grammar or syntax indicating the sender is non-native. The Reply-to address is something other than the sender’s email address. Don’t become a Whaling victim Here’s what you should do to avoid becoming the victim of a Whaling expedition: Be vigilant. If something about the message doesn’t feel right, consider it potentially fraudulent. DO NOT reply to the message. Instead, forward it to the sender to verify it’s authenticity.... read more