ES Consulting Blog

ES Consulting, based out of Ohio, has been serving the US since 2001, providing IT Support services such as technical helpdesk support, computer infrastructure support, and IT consulting to small and medium-sized businesses.

Hacking Group Claims to Have Stolen NSA Cyber Weapons

Hacking Group Claims to Have Stolen NSA Cyber Weapons

Every security professional’s worst nightmare consists of the National Security Agency (NSA) being hacked. While there’s no proof that the NSA itself has been hacked, there is some evidence to suggest that some of the exploits used by the agency are up for grabs on the black market. What this means is that a lucky group of hackers could potentially get their hands on some very dangerous tools.

0 Comments
Continue reading

3 Built-in Windows 10 Security Tools that Keep Hackers at Bay

3 Built-in Windows 10 Security Tools that Keep Hackers at Bay

Windows is perhaps the most widely-used computing tool in the workplace, and as such, it remains a huge target for hackers of all kinds. Criminals are always trying to uncover vulnerabilities in the operating system, but this time around, Microsoft has truly outdone themselves. Windows 10’s built-in security, according to hackers at the Black Hat conference in Las Vegas, allows for the most secure Windows operating system in several years.

0 Comments
Continue reading

Couple Exploits Vulnerability With IRS Filing System, Steals $1M, Goes to Jail

Couple Exploits Vulnerability With IRS Filing System, Steals $1M, Goes to Jail

The Internal Revenue Service is one organization that you don’t want to mess with. Thanks to their antics filing fraudulent tax returns through the often-exploited Get Transcript site managed by the IRS, Anthony and Sonia Alika have to do some time in the slammer; and that’s not even mentioning what they have to pay the IRS in restitution.

0 Comments
Continue reading

Tip of the Week: Why Routinely Changing Your Password May Be a Bad Idea

Tip of the Week: Why Routinely Changing Your Password May Be a Bad Idea

You’ve heard it said that it’s a best security practice to routinely change your passwords. The idea here is that, if a password were stolen, then it would lose its value when the user goes to change it. While this sounds like solid logic, new research shows that it may actually be better NOT to change your passwords.


This may be a hard pill to swallow for IT administrators who have always required users to change their passwords every few months or so. However, seeing as this practice could make accounts less secure, it’s worth considering.

The idea behind this theory is that, whenever a user goes to change their password, they’re often rushed or annoyed and end up creating a new password that’s less secure. The Washington Post puts it like this: “Forcing people to keep changing their passwords can result in workers coming up with, well, bad passwords.”

Think about it, how often have you changed your password, only to change it from a complex password to one that’s easier to remember? Or, have you ever kept the same password and just added a number at the end of your new password? This covert move will do little to deter a hacker. Carnegie Mellon University researched this topic and found that users who felt annoyed by having to change their password created new passwords that were 46 percent less secure.

Plus, let’s consider the hypothetical situation of a hacker actually stealing your password. Truth be told, once they’ve gotten a hold of your login credentials, they’ll try to exploit the password as soon as they can. If they’re successful, they’ll pose as you and change the account’s password, thus locking you out of it. In an all-too-common situation like this, the fact that you’re scheduled to change your password at the end of the month won’t change anything.

Additionally, ZDNet points out yet another way that regularly changing passwords can make matters worse: “Regularly changed passwords are more likely to be written down or forgotten.” Basically, having a password written down on a scrap piece of paper is a bad security move because it adds another way for the credentials to be lost or stolen.

Whether you do or don’t ask employees to change their passwords is your prerogative. However, moving forward it would be in everybody’s best interest to focus on additional ways to secure your network, instead of relying solely on passwords. This can be done by implementing multi-factor authentication, which can include SMS messaging, phone calls, emails, and even biometrics with passwords. With additional security measures like these in place, it won’t matter much if a hacker stole your password because they would need additional forms of identification to make it work.

To maximize your company’s network security efforts, contact ES Consulting at (419) 756-1869.

0 Comments
Continue reading

When DDoS Attacks and Ransomware Combine, the Results are Ugly

When DDoS Attacks and Ransomware Combine, the Results are Ugly

Ransomware, the malware variant that has appeared more and more frequently has struck again, this time targeting users of Microsoft Outlook in a zero-day attack. A malware variant of Cerber (a ransomware) was recently utilized in a large scale attack on users of the messaging program, sent via phishing emails to corporate users.

0 Comments
Continue reading