In the present technology-driven society, laptop or notebook has been a part and parcel of our daily life. We do a lot of activities on it to make our life more comfortable and hospitable. Starting from train timetable checking to ticket booking till buying goods online, we use a laptop or notebook.

Being handy and lightweight, we carry it with us to execute many simple to complex tasks easily with the aid of it. This is why when our laptops face issues like overheating, malfunctioning and shutting down suddenly, we cannot concentrate on any work until we get it fixed or repaired. It becomes our headache.

How laptop service centers help us

To help us get rid of these issues, many laptop service centers have come to the scene. A significant number of these service centers are called dedicated service centers. A dedicated service center is a company authorized service center. It offers multiple services for a particular brand. A dedicated laptop service center never works for the other brands. Sometimes, it is directly controlled by a company. Besides, the company can hire a contractor or a third-party vendor to offer uninterrupted services on behalf of it. The contractor solves various issues faced by the users of a particular brand. In many cases, it never takes money from a customer- if the issues come within the warranty periods. In that case, the tech support professionals take the signature of a customer and deliver the product.

Offsite and on-site services

As the consequence of it, we get to see many dedicated laptop service centers belonging to various reputable companies like Dell, Acer, Asus, Lenovo, Samsung, Toshiba, Compaq, HCL, etc. If your laptop or notebook does not work properly or you need to solve an overheating issue, you should visit a dedicated service center. Based on the manufacturing company, you just need to find one located very close to your home. If you have faced the issue within the warranty period, you do not need to pay for it. Besides, in order to enjoy all benefits- you need to check the facilities ensured by the company at the time of purchasing the notebook.

There are many notebook manufacturing companies offering on-site services. It means a company representative will come to your place in order to fix the issue at free of cost (within the warranty period only). You just need to bring the matter to their attention. To receive service at your place, you need to call them at their toll-free number or drop a mail. You will receive a call on behalf of a service center representative or directly from the company to confirm the email receipt and understand your problem better.

During the time of conversation over the telephone, the customer support executive will ask your product number and model number. After that, they will forward your matter to the concerned department. Once your matter is processed, you will receive a call or an SMS. This call or SMS will let you know the expected time and the name of the person coming to fix the issues. The company representative will ask you to show the bill. After checking and verifying it with your given information, he will start the work.

Computers have become the part and parcel of every business unit, and as these are sensitive gadgets that often need repair, upgradation, and periodic maintenance. Your business is no exception for sure but do you know how you can find the best computer maintenance and repair support? If you are not fully aware of it, know the essential details of repair and maintenance before you hire a service and verify the needs with your available resources.

Check if service provider is endorsed by manufacturers’ certification

Some computer repairs facilities enjoys their manufacturers’ endorsement as preferred service providers. Check if the service provider you have selected is an authorized and preferred counter for computer repairs. Also check if the technicians working there have done their course on computer repairing. As computers are getting complex every day, only trained technicians can manage repairing job with professional proficiency. Specifically you should ask if the repair facility is equipped enough to offer servicing for the brand of computer you are working with. For example, if you are using Dell, check if the technicians are Dell certified.

Faster turnaround time

When you need repairing service support, it is obvious that you want to get the job done fast. You need to clarify with the repair facility if they can get their job done in short turnaround time. Before speaking to your shortlisted vendor, you also need to check at random with other repair shops about the average repair time and accordingly evaluate if your vendor is offering the right turnaround time. Alternatively, ask your service provider if they are capable to offer you one-day repair service.

On site repairing support

Although computer and laptops are portable, but it always wise to call an onsite support service because it saves time and you need not to take away your system out of your premise. Ask your repair service provider if they can offer you on site service: it will be a better option for you.

Service warranty is a must thing

Before you find and finalize your computer repair service provider, check if they offer you service warranty. Unless service warranty is offered, there is high chance that service quality of your vendor can be compromised. Additionally check if the company offers replace guarantee of spare parts if anything they damage during repair work. According to market standard, repair facilities offer 6-12 months warranty; without service warranty long term cost efficiency of your computer maintenance may not stand profit yielding.

Service charge should be affordable

Service charge and its affordability is one of the vital factors for selecting a vendor for computer repairs and maintenance. Check the service charge for the repair jobs proposed by your vendor. Unless it is moderate and justified, in the long run, it might get difficult for you to use a costly service. Also check if the service provider is available 24×7 because you do not know when you may need the support.

These are the essential facts you need to know about computer maintenance and repairs because a service provider with all these facilities can only be the best option for your business use.

Google & Your Website – A Blind Alliance

Assume you have a website “onlineshopperdotcom” and when you search it on Google with keywords “online shopper website” you might get a sneak peek on the page results of your website and other websites relating to your keyword. That’s quite universal as we all urge to have our websites searched and indexed by Google. This is quite common for all e-commerce websites.

A. Your website “onlineshopperdotcom” is directly allied with Google.

B. Your website & your web server (where you have all usernames & passwords saved) are directly allied with each other.

C. Alarmingly, Google is indirectly allied to your web server.

You might be convinced that this is normal and may not expect a phishing attack using Google to retrieve any information from your web server. Now given a second thought, instead of searching “online shopper website” on Google, what if I search “online shopper website usernames and passwords”, will Google be able to give the list of usernames and passwords for online shopper website? As a security consultant, the answer will be “MAYBE, SOMETIMES!”, but if you use Google dorks (proper keywords for accessing Google), the answer will be a big “YES!” if your website ends up with mislaid security configurations.

Google Dorks can be intimidating.

Google pops in as a serving guardian until you see the other side of it. Google may have answers to all your queries, but you need to frame your questions properly and that’s where GOOGLE DORKS pitches in. It’s not a complicated software to install, execute and wait for results, instead it’s a combination of keywords (intitle, inurl, site, intext, allinurl etc) with which you can access Google to get what you are exactly after.

For example, your objective is to download pdf documents related to JAVA, the normal Google search will be “java pdf document free download” (free is a mandatory keyword without which any Google search is not complete). But when you use Google dorks, your search will be “filetype: pdf intext: java”. Now with these keywords, Google will understand what exactly you are looking for than your previous search. Also, you will get more accurate results. That seems promising for an effective Google search.

However, attackers can use these keyword searches for a very different purpose – to steal/extract information from your website/server. Now assuming I need usernames and passwords which are cached in servers, I can use a simple query like this. “filetype:xls passwords site: in”, this will give you Google results of cached contents from different websites in India which have usernames and passwords saved in it. It is as simple as that. In relation to online shopper website, if I use a query “filetype:xls passwords inurl:onlineshopper.com” the results might dismay anyone. In simple terms, your private or sensitive information will be available on the internet, not because someone hacked your information but because Google was able to retrieve it free of cost.

How to prevent this?

The file named “robots.txt” (often referred to as web robots, wanderers, crawlers, spiders) is a program that can traverse the web automatically. Many search engines like Google, Bing, and Yahoo use robots.txt to scan websites and extract information.

robots.txt is a file that gives permission to search engines what to access & what not to access from the website. It is a kind of control you have over search engines. Configuring Google dorks isn’t rocket science, you need to know which information to be allowed and not allowed in search engines. Sample configuration of robots.txt will look like this.

Allow: /website-contents

Disallow: /user-details

Disallow: /admin-details

Sadly, these robots.txt configurations are often missed or configured inappropriately by website designers. Shockingly, most of the government & college websites in India are prone to this attack, revealing all sensitive information about their websites. With malware, remote attacks, botnets & other types of high-end threats flooding the internet, Google dork can be more threatening since it requires a working internet connection in any device to retrieve any sensitive information. This doesn’t end with retrieving sensitive information alone, using Google dorks anyone can access vulnerable CCTV cameras, modems, mail usernames, passwords and online order details just by searching Google.

Headlines continue to abound about the data breach at Facebook.

Totally different than the site hackings where credit card information was just stolen at major retailers, the company in question, Cambridge Analytica, did have the right to actually use this data.

Unfortunately they used this information without permission and in a manner that was overtly deceptive to both Facebook users and Facebook itself.

Facebook CEO Mark Zuckerberg has vowed to make changes to prevent these types of information misuse from happening in the future, but it appears many of those tweaks will be made internally.

Individual users and businesses still need to take their own steps to ensure their information remains as protected and secure as possible.

For individuals the process to enhance online protection is fairly simple. This can range from leaving sites such as Facebook altogether, to avoiding so-called free game and quiz sites where you are required to provide access to your information and that of your friends.

A separate approach is to employ different accounts. One could be used for access to important financial sites. A second one and others could be used for social media pages. Using a variety of accounts can create more work, but it adds additional layers to keep an infiltrator away from your key data.

Businesses on the other hand need an approach that is more comprehensive. While nearly all employ firewalls, access control lists, encryption of accounts, and more to prevent a hack, many companies fail to maintain the framework that leads to data.

One example is a company that employs user accounts with rules that force changes to passwords regularly, but are lax in changing their infrastructure device credentials for firewalls, routers or switch passwords. In fact, many of these, never change.

Those employing web data services should also alter their passwords. A username and password or an API key are required for access them which are created when the application is built, but again is rarely changed. A former staff member who knows the API security key for their credit card processing gateway, could access that data even if they were no longer employed at that business.

Things can get even worse. Many large businesses utilize additional firms to assist in application development. In this scenario, the software is copied to the additional firms’ servers and may contain the same API keys or username/password combinations that are used in the production application. Since most are rarely changed, a disgruntled worker at a third party firm now has access to all the information they need to grab the data.

Additional processes should also be taken to prevent a data breach from occurring. These include…

• Identifying all devices involved in public access of company data including firewalls, routers, switches, servers, etc. Develop detailed access-control-lists (ACLs) for all of these devices. Again change the passwords used to access these devices frequently, and change them when any member on any ACL in this path leaves the company.

• Identifying all embedded application passwords that access data. These are passwords that are “built” into the applications that access data. Change these passwords frequently. Change them when any person working on any of these software packages leaves the company.

• When using third party companies to assist in application development, establish separate third party credentials and change these frequently.

• If using an API key to access web services, request a new key when persons involved in those web services leave the company.

• Anticipate that a breach will occur and develop plans to detect and stop it. How do companies protect against this? It is a bit complicated but not out of reach. Most database systems have auditing built into them, and sadly, it is not used properly or at all.

An example would be if a database had a data table that contained customer or employee data. As an application developer, one would expect an application to access this data, however, if an ad-hoc query was performed that queried a large chunk of this data, properly configured database auditing should, at minimum, provide an alert that this is happening.

• Utilize change management to control change. Change Management software should be installed to make this easier to manage and track. Lock down all non-production accounts until a Change Request is active.

• Do not rely on internal auditing. When a company audits itself, they typically minimize potential flaws. It is best to utilize a 3rd party to audit your security and audit your polices.

Many companies provide auditing services but over time this writer has found a forensic approach works best. Analyzing all aspects of the framework, building policies and monitoring them is a necessity. Yes it is a pain to change all the device and embedded passwords, but it is easier than facing the court of public opinion when a data breach occurs.