Finally, The End of Adobe Flash

Security, Software, Web Wise

As I am typing this, 1000’s of companies across the world are actively disabling and uninstalling all instances of Adobe Flash. For Microsoft Windows 10 machines, Microsoft provided an update (KB4577586) that must be installed, to uninstall, its previously well-integrated 3rd party Adobe Flash product. Google Chrome Browsing already is removing it in its December 2020 update.

It was announced three years ago the day would come for the end of Flash, and here we are. Back in the day, I even dabbled in designing some flash components for use in websites. But luckily that was soon replaced with new web standards (HTML, CSS, JavaScript) which became the norm and are suitable for mobile devices, which Adobe Flash was not.

Some brief history for you history buffs.

The internet was once a land of text blocks and dreary backgrounds. But everything changed in late 90’s when a company called Macromedia acquired an animation tool called FutureSplash and rebranded it as Macromedia Flash 1.0.

Then In 2005, Adobe acquired Macromedia for $3.4B and set out to make it even more ubiquitous. The true downfall of Flash began in 2007, when Apple decided not to support it on the new iPhone. In 2010, Steve Jobs penned the famous open letter “Thoughts on Flash,” which laid out a viscious critique of the technology:

  • Rapid energy consumption
  • Poor performance on mobile devices
  • Security dependence on one company (Adobe) made it a huge risk

Flash simply wasn’t made for the rising mobile world. And soon, new web standards (HTML, CSS, JavaScript) became the norm.

Fast forward to 2017 when Adobe announced it would discontinue Flash. It offically ended end of 2020 (Dec 31, 2020). Just like there are still pockets of Windows 7 devices out there, there will more likely be pockets of Flash for those applications that built around it vs the other way around.

So if your reading this and you haven’t yet, make sure to install Microsoft’s update (KB4577586) and the latest Google Chrome Browser to remove the security holes, Adobe Flash provides free of charge, to Windows devices.

Password Protection Tips: How to Protect Your Investments from Online Threats

Security, Web Wise, Website Tips

Regardless if you run a business or organization, you will no doubt have a slew of passwords to gain access to various online platforms. If you’re a client of ours, you will typically have several depending on your situation and services purchased. 

For example, one login is needed for the secure client billing and account area, where you can see what services are active, purchase additional services, view invoices and pay invoices etc.. Another login may be to access your website’s CMS [ Content Management System ] so you can make updates to the website’s content to keep it fresh and updated. Another login will be used for your domain email if you have business email services active with us.  

Now imagine if you handed those logins to a hacker with mischievous intents. They could do some damage very quickly, such as defacing your website, changing all passwords so you no longer have access, sending spam email, and more resulting in a temporary suspension for all services until resolved. A costly headache for sure.  

Strong passwords [ How to create a strong password ] serve as a main line of defense for Northwoods Web Designs customers and their various login accounts.  So why are strong passwords recommended? 

Because cybercriminals have a variety of tools and techniques at their disposal to crack passwords, including the following. Fortunately, there are steps you can take to avoid falling victim to these tactics as provided below.

Keyloggers: One of the most effective tools cybercriminals employ is keylogger malware, which records what you type and sends this information back to them. Because keylogging can be used to directly steal passwords, the best way to address it is to avoid infection with such malware in the first place. Keep your system (pc & phone) up to date with security patches, use antivirus and antimalware programs, and don’t click on suspicious links that appear in emails or pop-ups.

Password dumps: Security breaches provide potential attackers with a treasure-trove of data including user IDs, passwords, birthdates and even Social Security numbers. To minimize your risk, never reuse old passwords or share them between different accounts, and change your passwords annually or when required by Ascension.

Brute force attacks: An inelegant but effective password cracking technique involves attempting to log onto an account with a list of commonly used passwords, such as 123456 and p@ssword, which unfortunately are still used by some today. For accounts that will lock users out after multiple failed attempts, cybercriminals use a tactic called password spraying, which involves spreading out their guessing attempts over a longer period of time to avoid detection. 

Complex, long passwords remain the best way to thwart such attempts. Attackers start with common passwords and phrases such as password123 or iloveyou, so avoid these as part of your passwords. Northwoods Web Designs recommends passwords that are at least eight characters in length and contain three of the following whenever possible: upper- and lower-case characters, numbers and special characters such as ! or %. 

Password resets: Another way cybercriminals bypass passwords is using the forgot password feature. To ward against this tactic, keep your account recovery information up to date. Use only confidential information as the response to security questions an account asks you to answer, avoiding information that might appear on social media sites such as your dog’s name or your favorite hobby. 

By understanding the tactics used by cybercriminals will help showcase how important it is to use strong passwords and be aware of what you may be clicking on when on your computer or phone, to assure your passwords are secure and your investments are safe. 

Have you ever been compromised before? We would like to hear your story, let us know in the comments section below.

Don’t Be Scammed – Beware of Web Services Scam Email

Security, Spam Hall Of Shame

If you own a website and have contact information available (who doesn’t, you do want people to engage with you right?) you have probably received emails like this. Generally spam traps get them, but sometimes a real human typed it up and send it out so they come through.

How to tell if this is a scam or simply spam mail? 

  • First major flag to tell the email is a scam, is  if someone wants to provide services and they use a free email account (@aol, @gmail, @hotmail etc..) run away, fast. This was was using a free/random account. (I didn’t know was still a thing :)).
  • Second major flag is there is no phone number listed.
  • Third major flag is there is no address listed. And by law, random solicited emails are required to have the business address listed, and an unsubscribe button available.

These are typical sent out (from scripted program ran on computer) to try to get you to reply by email, which one, lets them know there is a real person behind that email, in which they will engage and try to obtain more information to either use maliciously or sell to other companies for other services you do not need.

Better yet, just add these email addresses to your list of spam/block filter and you will already be ahead of the game. |  all spam emails...


Read More

Don’t Be Scammed – Ignore The Domain Registry Expiration Spam Letter

Security, Spam Hall Of Shame

If you own a domain name or someone has it registered on your behalf you will probably come across these devious spam letters in the mail.

They come from fraudulent domain registrars others who prey on people who don’t fully understand the domain registration service or directory listings in full.  So folks like this Domain Registry (from Jersey City, NJ) send letters in the mail to everyone that has a domain name stating their domain is about to expire and renew now.

And because they know businesses and nonprofits are busy, many simply send these in the mail to their accounting folks (I know actual clients who did) and they get their money, many times without even providing any service.

We continue to get asked about these from our clients or others, which tells me they have clearly deceived their letters pretty well to try to trick some domain owners into thinking a domain renewal invoice payment is needed.

So I first wrote about this other iDNS mail letter a couple of years ago, but my clients and I are still receiving these, and from other company’s. Which is a problem. Why? Because it means many of you are still falling for the scam and paying these fraudulent scammers 300-500% higher cost to own the registration to your domain. And worst, you lose access to your domain ownership if you do the transfer.

This is considered unsolicited aggressive spam. Why is this considered Spam? Because it is unsolicited (you didn’t ask for it) and is a fraudulently deceiving letter, making you think the world is going to end if you don’t transfer your domain name to them. In which afterwards, they (somebody you don’t know) owns your domain name registration. In which they can jack your price even higher or hold your domain hostage to force you to pay or sign up for other related services.

So we want to provide this information to protect you, whether you have registered your domain name with Northwoods Web Designs or some other provider. Here is the word for word mailing that you may receive. Hoping you are finding this from searching, ultimately protecting yourself from this spam company.

These companies who send these letters, such as this one from 924 Bergen Ave, Suite #289, Jersey City, NF (Domain Registry),  attempt to convince you into transferring or renewing your domain using their service. Which on average is 500% above the market rate for domain name services. 
Read More

Save You Scam – Ignore the Your Computer Was Infected and Now Pay Me Blackmail Scam

Security, Spam Hall Of Shame

Here is a pretty decent cyber blackmail scam that can probably get the best of folks.

It is in a form of a blackmail via email stating they infected your PC, stole your personal info and recorded you on your webcam and for proof they provide a real password you have actually used  (or still do).

The blackmail comes into play as they are requesting you pay them via bitcoin or else they will send out the webcam recorded video(s) and all personal information. **DON’T FALL FOR THIS SCAM**

Yes, it is a real password that they include in the subject line along with “save you” verbiage. It truly is a password that you may have used and probably tied to the email account your receiving the email to.

But how did they get your info? Easy, with all the data breaches that have happened in the past several years, our data, including passwords have been leaked into the dark-web for crappy folks to buy and try to use and take advantage of folks just like this.

They are leveraging old data to promote fear into falling for the scam. Do note, if you still use the password they listed in the email for ANYTHING, go and change any accounts that are still using that password just for best practice.

So we want to provide this information to protect yourself. Here is the word for word mailing that you may receive. Hoping you are finding this from searching, ultimately protecting yourself from these malicious folks who are too lazy to work for the money.
Read More