Tuesday, October 15, 2019

Modern Password Security Policies

How secure are your passwords? 
Today's passwords need to be a lot more complicated to be effective.

by Merlin Benningfield, Managing Partner - Fast Rhino, LLC

Pull your house key out of your pocket and take a good look at it. Now put it back in your pocket and grab a pen and paper. Could you draw the notches or teeth exactly as they appear on your key?  Most people answer that question with a resounding, "Of course not!".  My next question is, "Why?".  The answer is because the notches in the key are complicated, and for good reason. 

Passwords are modern day keys. No one expects people to remember the exact shape of their house keys, so why do people think they should somehow remember their passwords, especially since most of them have several?  If you have a password that you can remember, chances are it isn't a very good one.  

Let's look at some modern password policies you should be following today (bear in mind that based on how fast technology is moving, this list will need to be updated regularly):

Password Length:  12-14 characters (the old requirement of "8 character" passwords are easily broken by computers now).

Character Types: You should use all of the following types of characters in your password: 
  • Upper case letters
  • Lower case letters
  • Numbers
  • Special Characters ($, @, *, ?, etc.)

Uniqueness: It is not recommended that you use the same password twice, since it is common that once a hacker has successfully stolen a password, they immediately try using it elsewhere.

How often do I change them?: As a rule, you should be changing your passwords once every 90 days to help defend against data breaches.  Companies are targeted by hackers all the time and if you have an account with one of these companies and their network is breached, its possible your account information (username and password) are stolen and then sold on the dark web.   No matter how complicated your password, a data breach could reveal it.  The idea is that if you are regularly changing your passwords, a data breach might not affect you since it takes time to steal, distribute and then use the stolen account data. Most data breaches include millions of records, so the criminals don't usually  This rule provides a bit of time you will have changed it before it can be used against you.
Documenting all your passwords in an organized fashion so that you can easily find them is a good idea, however keeping that list safe is important.  Password managers can be a good way of storing and accessing your passwords also, but many are cloud-based, which should also be a consideration regarding security.

The bad guys are not sitting in their underwear late at night lounging around in their grandmother's basement trying to break into your account one password attempt at a time.  They've gotten a lot smarter and are now using super computers with extremely fast processors running brute force logarithms.In summary, the majority of passwords we used last decade are not strong enough to stop these brute force attacks.  If we want to protect ourselves, we have to change our defensive computing strategies.

Tuesday, February 19, 2019

Fast Rhino's 15 Year Anniversary

Celebrate Fast Rhino's
15 Year Anniversary
and take 15% off any service call!
Offer may not be used with any other discount
and does not apply to bench work or products.

Thursday, November 15, 2018

Fast Rhino named Arizona’s Top Rated Local® Computer IT Services Award Winner

Top Rated Local® is pleased to announce that Fast Rhino is a 2018 award winner for computer IT services in Arizona!

Posted on
by Top Rated Local

From malware removal and data recovery to system diagnostics and troubleshooting, when you need computer IT services in Tucson, no company beats Fast Rhino.

Fast Rhino has earned dozens of online reviews with an average rating of 4.89 stars, an impressive 94.86 Rating Score™ and a 2018 Top Rated Local award for being rated among the top 10 computer IT service companies in all of Arizona!
Here is just one of the many five-star reviews they’ve received from their happy clients:

“I had a problem with Error Code 43, tried to find a solution online and ended up disabling my server connection. I called Fast Rhino, and within a day, Merlin from Fast Rhino arrived at my door and solved the problem. He was professional, knowledgeable and solved the problem within minutes. I highly recommend Fast Rhino!” – Wendy J

Not Your Average Computer IT Services Company

Clients at Fast Rhino are pleasantly surprised to learn that they offer a lot of services that other companies do not, and best of all, clients get a ton of services included in one low price. For example, when a client buys a computer at Fast Rhino, set-up, delivery, data transfer, installation, the first year of anti-virus software and a full, one-year warranty are all included.

Another thing that sets Fast Rhino apart is that they don’t force their clients to wait around for them by giving them appointment windows. When they say they’ll show up at 8 AM, they’ll show up at 8 AM.

The team at Fast Rhino is incredibly experienced, and they work hard to keep their clients informed so they feel good about their purchase. They live and breathe by their value proposition: Experience. Enjoyable. Computing.

We asked the owner of Fast Rhino, Merlin Benningfield, why they do what they do. Here’s what he had to say:
“We understand computers and know that many people need someone who not only understands but also who cares about their needs. There is an old saying that we live by every day and keep in mind with every customer interaction, ‘Customers don’t care how much you know; customers want to know how much you care.’

You can read more of the article here.

Wednesday, May 30, 2018

2018 Summer Promotion

This summer is the time to buy a computer from Fast Rhino!
Now until September 1st, 2018 get a great deal on any of our certified pre-owned systems or get a $50 gift card you can use towards any product or service when you purchase any NEW Fast Rhino computer. 

Thursday, September 21, 2017

Credit Monitoring or Credit Freeze?

by Merlin Benningfield, Managing Partner - Fast Rhino, LLC

In today's volatile world of digital hacks and data breaches,the chances of having your identity stolen is becoming more and more a certainty than just a possibility.  So how do you protect yourself?

A common way in which criminals can ruin your life is by gaining access to enough personal information about you that they can then apply for credit under your identity.  Your name, address, date of birth, and social security number can be enough information to apply for credit, perform tax refund fraud, medical services fraud, etc...   and this information is quickly finding itself available to criminals on the dark web.

There are a host of companies now that promote credit monitoring services, which may sound like an effective and affordable solution, however, they only detect fraudulent use of your credit file after the fact. A better solution would be to implement a credit freeze.  This helps lock down your credit record and prevents anyone from accessing it without you first "thawing" it.

The United States Public Interest Research Group (USPIRG) published a comprehensive document (PDF) discussing the importance of why you should consider placing a freeze on your credit report before your information is stolen. They also have some good advice regarding the recent Equifax breach and how you can protect yourself in that regard.

As I continue to say, the bad guys are using the Internet against us.  The more we learn about their tactics, the less likely we are to become a statistic.

Saturday, March 4, 2017

WWW Now Stands for the Wild Wild West

by Merlin Benningfield, Managing Partner - Fast Rhino, LLC

For more than a dozen years, Fast Rhino has identified and removed thousands of threats from our client's systems.  It has since become a daily routine due to the alarming growth rate of both the volume and type of infections we are encountering.  We cannot express how important it is to incorporate defensive computing skills during your Internet travels. What we once knew as the "World Wide Web" has quickly morphed into the "Wild Wild West".

The bad guys are rapidly learning how to turn the Internet against us and use it as a tool to attack our computers and mobile devices. Those of us who do not adapt and educate ourselves will quickly become targets and eventually statistics of their online crime.

If you were to attend a defensive driving class, you would learn to follow some basic rules when behind the wheel, such as looking both ways before proceeding through an intersection, keeping a good eye on your blind spots and using your turn signals before turning.  These are just a few of the actions that could help you avoid an unwanted accident out on the road.  Defensive computing also requires you to implement some basic rules designed to help prevent your system from getting infected in this new Wild Wild West.

One of the most common ways we see systems getting infected is via the browser. We all use our web browsers to search for various information over the Internet.  Some of us may feel that since we only visit "mainstream" web sites, we are safe from any sort of threat. This is a compete misconception.  If you believe that you are immune from malicious software simply because you only visit a few select web sites and you have a name brand anti-virus program, you are mistaken.  Times have changed and so has the Internet.

Just like in the real world, if you were to go downtown, there may be dark alleys, red light districts or gambling halls that you might avoid to stay out of harm's way.  We've all been programmed to believe the same is true when traveling over the Internet.  This programming is false.  You can now get "mugged" in broad daylight visiting popular destinations that you thought were safe to visit.  Using defensive computing skills can help you protect yourself even if you decide to stroll down a questionable path.

So what are some elements of defensive computing?  The list is ongoing but here are just a few:

Use a Script Blocker:  If you only do one thing on this list, this is probably the most important. Blocking potentially dangerous scripts is one of the most effective ways to defend against common web-based infections.  When used properly, a script blocker protects your web browser from contracting infections from tainted web sites. This type of attack is growing exponentially because so many people don’t yet know about the dangers of scripting language and how it being used against us.  If you are using a web browser without a script blocker, you are simply asking for trouble.  Learn more about script blocking for Firefox here and for Chrome here.

Avoid Links and Attachments in Email: People tell me on a daily basis that they don’t open or click on associated links/attachments of emails sent by strangers.  That's a good start, but they should seriously question the emails from people they do know, as well.  Infectious email links and attachments commonly spread via circles of association such as through address books. This means the odds weigh more on you getting infected by opening an attachment or clicking on a link within an email that is from someone you know.

Question Everything: Just because something you see online seems legitimate, does not make it so. The Internet is full of scams and compelling imitations designed to take you for a ride.  You are playing it safe by not clicking, downloading, installing, etc.. when prompted by something with which you do not  have 100% confidence.

Keep Your Security Products Up To Date: Having a comprehensive anti-virus program and anti-malware program are good preventatives, however, if they are not updated regularly, they can lose their effectiveness against newly distributed threats.

Never Allow a Stranger Remote Access: Regardless of whether they initiate the conversation or you do, it is unwise to allow anyone with whom you do not have a personal relationship to remotely access your computer. This is by far one of the most common tactics used by criminal organizations to extract money from willing participants.

Use Different Email Addresses for Specific Purposes:  A large number of our clients only have one email address.  This is simply inviting spam over to harass you. We all at one time or another are asked for our email address by someone or some entity who we don't necessarily know or trust.  This process puts our email address at risk of being sold to spammers and increases our exposure to receiving infected emails.  Anyone can create free email accounts today (ie.. Outlook.com, Yahoo.com, Gmail.com, etc…) and use these different accounts for specific reasons.  If you have a personal email address you check daily, you probably don’t want it getting inundated with spam.  So the solution is to only give that email address out to people you trust.  For other scenarios, use a different, free email address. This way if you are purchasing something online or filling out some web form that wants your email address, you can give them a different email address, thereby cutting down on your personal email address' exposure.

In summary, these are just a few defensive computing tips that can help keep you safer while navigating the Wild Wild West.  Stay tuned to our blog for more!

Saturday, November 19, 2016

The 12 Online Scams of Christmas

by Merlin Benningfield, Managing Partner - Fast Rhino, LLC

On the first day of Christmas my scammer cheated me with a $300 Fee.

As we approach the holidays, more and more scams emerge in person, through snail mail and online. For as long as people continue to fall for their scams, the perpetrators will continue to set their traps to take advantage of the uninformed.

On the second day of Christmas my scammer cheated me with Fraudulent Support and a $300 fee.
One of the most common online scams to which we see people fall victim, is fraudulent support.  These scammers will trick you into thinking there is something wrong with your computer and then they attempt to gain remote access to your system. This type of scam can happen if you receive a phone call, if you call a technical support number but you don't realize the number belongs to a criminal organization (there are a growing number of these imposters), or if you get some sort of notification on your computer screen that suggests you call some phone number. As a rule, do not let anyone remote onto your computer unless you have a personal relationship with them. Do not enter any codes into your computer at the behest of anyone you do not know.

On the third day of Christmas my scammer cheated me with Fake FedEx Tracking, Fraudulent support and a $300 fee.
Shipping carriers like FedEx, UPS and USPS report a 15%-20% increase in the number of packages that are sent during the holiday season.  The bad guys take advantage of this by sending out emails which mimic these carriers and try to trick you into clicking on links or attachments to find out the status of a late or missing "shipment".  These scams are quite effective because they place pressure on the emotions and curiosity of the recipient.

On the fourth day of Christmas my scammer cheated me with Key Logging Malware, Fake FedEx Tracking, Fraudulent Support and a $300 fee.
Key loggers are tiny programs that can be installed on your system without your knowledge. They are designed to record keys strokes as you type into your keyboard and then send this information to an anxious criminal just waiting to get your logins, passwords, credit card numbers, etc.  A good malware and rootkit scanner can help keep this type of threat off your system. In addition, we recommend you implement safe computing practices to help avoid contracting these sorts of infections in the first place. 

On the fifth day of Christmas my scammer cheated me with Rogue Anti-virus, Key-Logging Malware, Fake FedEx Tracking, Fraudulent Support and a $300 fee.
Thieves will stop at nothing to steal something of value and what better way than to mislead you into believing there is a virus or some other threat on your computer? For a fee, you can buy the necessary software to clean up your system… however the software is actually malicious in nature. Question any program that states it can fix all your computer's problems. There are way too many "snake-oil" programs out there that will actually do more harm than good to your computer.  

On the sixth day of Christmas my scammer cheated me with Phony Look-A-Like Web Sites, Rogue Anti-virus, Key-Logging Malware, Fake FedEx Tracking, Fraudulent Support and a $300 fee.
Your printer doesn’t work.  You do a web search for “printer support” or you might even add the manufacturer’s name to your query.  Up pops a whole list of sites to chooses from, each claiming to offer help for your printer.  Many of these support sites can pose as the official manufacturer’s web site. And these “Look-A-Like” sites usually provide a toll free number to call, which can also add to the deception. Needless to say, this "Look-a-Like" site belongs to a scammer.

On the seventh day of Christmas my scammer cheated me with Social Engineering, Phony Look-A-Like Web Sites, Rogue Anti-virus, Key-Logging Malware, Fake FedEx Tracking, Fraudulent Support and a $300 fee.

Social Engineering is the psychological manipulation of people in order to trick them into performing actions or divulging confidential information. It relies on human interaction, however, when mixed with technology, it can become even easier to pull off. These con artists can take advantage of people who may not be familiar with the specific ins-and-outs of technology; and let’s be honest, considering how fast technology is moving, it can be a bit confusing sometimes. Remember that if it sounds too good to be true or if it seems suspicious, stop and ask someone else before proceeding. It could save you a lot of trouble and money in the long run.

On the eighth day of Christmas my scammer cheated me with Evil Ransomware, Social Engineering, Phony Look-A-Like Web Sites, Rogue Anti-virus, Key-Logging Malware, Fake FedEx Tracking, Fraudulent Support and a $300 fee.
Personally, I believe that there is a special place in Hades for the people behind today's Ransomware. Get infected with this and watch all your files become instantly inaccessible with military-grade encryption. At this point, even the use of a super computer running for a decade cannot decrypt your files. The data kidnapper then simply provides a ransom note demanding hundreds or even thousands of dollars before providing you with the decryption key.  Your best bet is to keep your data backed up and disconnect your external drive when it is not in use. 

On the ninth day of Christmas my scammer cheated me with Corrupt Malvertising,
Evil Ransomware, Social Engineering,
Phony Look-A-Like Web Sites, Rogue Anti-virus,
Key-Logging Malware, Fake FedEx Tracking, Fraudulent Support and a $300 fee.

Malvertising occurs when crooks hide exploits and malware inside of legitimate-looking ads that can be submitted to major online advertising networks. Malvertising can be in the form of pop-ups, drive-by downloads, embedded content, etc. We've seen a growing number of malvertising results with clients who are using web sites with rotational ads delivered by companies like Ad Choices. We highly recommend either using a script blocker or an ad blocker to avoid the pitfalls associated with these ad networks that do not properly vet their advertisers.

On the tenth day of Christmas my scammer cheated me with Tricky E-mail Phishing, Corrupt Malvertising, Evil Ransomware, Social Engineering, Phony Look-A-Like Web Sites, Rogue Anti-virus, Key-Logging Malware, Fake FedEx Tracking, Fraudulent Support and a $300 fee.
Phishing scams basically imitate popular social web sites, auction sites, banks or other financial institutions claiming that the user needs to verify their username and password. The scam basically attempts to capture your credentials or other identifying information. These emails and their related web sites look and feel almost identical to the legitimate entity, which is why it is such a successful con. Always question any emails that ask for identifying information. Legitimate companies do not practice these policies of asking for account information via e-mail.

On the eleventh day of Christmas my scammer cheated me with Intimidating Scareware,
Tricky E-mail Phishing, Corrupt Malvertising,
Evil Ransomware, Social Engineering, Phony Look-A-Like Web Sites, Rogue Anti-virus,
Key-Logging Malware, Fake FedEx Tracking,
Fraudulent Support and a $300 fee.

Common types of scareware can imitate notices from such government agencies as the FBI, CIA, Department of Justice, etc.. Traditional scams of this type have claimed that the user has downloaded illegal materials and that to avoid jail time, the user should pay “fines” via Bitcoin, which is a form of electronic currency and keeps the receiving party anonymous, which works out perfectly for these cybercriminals.

On the twelfth day of Christmas my scammer cheated me with Scripts That Attack My Browser, Intimidating Scareware, Tricky E-mail Phishing, Corrupt Malvertising, Evil Ransomware, Social Engineering, Phony Look-A-Like Web Sites, Rogue Anti-virus, Key-Logging Malware, Fake FedEx Tracking, Fraudulent Support, and a $300 fee.
Although the majority of web developers use script languages for good, unfortunately there are some developers who take advantage of the script capabilities and use it for evil purposes. Script attacks are the number one way to get infected just by visiting web sites. A script blocker is a primary component of safe computing practices.