Vulnerability Of Two-Step Authentication Revealed

January 9th, 2014

Logging in on tablet

Two-step, or two-factor authentication is a generally trusted way to secure online accounts to ensure that only the account holder can access them. A recent hack on Blizzard’s World of Warcraft online game has exposed a vulnerability many had previously overlooked, however. Antone Gonsalves at Network World details how the attack took place and how it can be prevented in the future.

Two-step authentication requires a user to log-in to their account with their username and password. Then, a second passcode or PIN is supplied to users via text message, email or other means. That second code must also be input to give users access to their accounts. This two-step method is used to verify users anytime they use a new device to log-in.

It seems like a foolproof method for keeping hackers out of accounts that don’t belong to them, but the recent World of Warcraft hack demonstrated how a ‘man-in-the-middle’ attack provides a way around two-step authentication.

First, a trojan infected users on a popular online forum related to World of Warcraft. That trojan allowed for a man-in-the-middle attack, which allows criminals to intercept data and information a user believes they’re entering into a website. In this case, users attempted to log into their accounts using two-step authentication, but were really only giving hackers the information they needed to break into the accounts themselves. This also locked the actual users out of their own accounts.

Similar attacks have been observed on banking sites, where two-step authentication is also commonly used. Experts say these attacks highlight the weakness of most two-step authentication methods, which is the use of in-band authentication or using the same channel to input all information.

Because users are asked to enter their username, password and original generated code at the same time, over the same channel, it makes man-in-the-middle attacks extremely effective. Instead, experts suggest sites use two separate channels. For example, log-in to your account online with your usual information, then users would be prompted to enter a one-time PIN into a mobile app on their smartphone. Another suggested method is to send automated text alerts to users when someone tries to log-in using their information. If the IP address or geographic location doesn’t match their own, users would be able to reject the log-in attempt.

The lesson for users and businesses alike is that even two-step authentication doesn’t keep accounts completely secure. Hackers are getting more intelligent in their attacks all the time and technology that was once thought unbreakable now has vulnerabilities.

If your computer is infected with malware, or you’d like to investigate better security methods for home or business, call Geek Rescue at 918-369-4335.

Is Windows 7 Still Good For Business?

January 9th, 2014

Windows 7

Microsoft’s support of Windows XP will be coming to an end in April. Most organizations already migrated to Windows 7, however. But, with the end of XP and Windows 8 already on the market, the clock is now ticking on Windows 7. Kris Lall of Attachmate writes that your business doesn’t need to panic and move to Windows 8 just yet. Here’s why.

  • Standard For Business

Comparing Windows 7 to XP isn’t that encouraging considering XP is being put out to pasture, but XP was regarded as the standard for businesses for about eight years. Windows 7 just started its reign as the standard operating system. Currently, independent software vendors are mostly developing applications for Windows 7, not 8. Part of the reason for that is Windows 8’s need for a touchscreen for the best experience. Most enterprises aren’t prepared to change hardware in order to accommodate the latest operating system. For now, Windows 7 is a trusted platform with support from Microsoft pledged for at least another seven years.

  • What About Mobile? 

Mobile devices are becoming more common for use in business, which opens the door for Windows 8 integration. With the bring your own device trend, it’s likely that even without an official effort to usher in Windows 8 on mobile devices, it’s probably already being used by some employees. A move to Windows 8, at least for mobile devices is inevitable so it’s a good idea to start preliminary testing. Using Windows 8 for mobile and Windows 7 for desktop is a solution some companies are already adopting.

The decision to be an early adopter of Windows 8 isn’t a bad one, but if you’d rather wait before you need to migrate to a new operating system, Windows 7 is expected to be a safe option for a long time.

For help implementing new technologies, improving security or other IT business needs, contact Geek Rescue at 918-369-4335.


Advice For Better Passwords

January 8th, 2014

Password padlock

For many of your online accounts, a password is the only thing keeping criminals out. This makes users incredibly reliant on passwords, but many still make mistakes when choosing one. Kirsten Dunleavy at the Bullguard blog explains “the password management paradox” and how to best choose your passwords.

  •  Unique Passwords

The best practice for securing each of your accounts is to choose a unique password for each of them. This way, if one account is hacked, your other accounts are still safe and secure. If you use the same password for multiple accounts, one account getting hacked could give a criminal access to all of your information. The issue associated with creating unique passwords, however, is that users can’t remember all of them. This is the paradox of password management because if you can’t remember your passwords, it makes them less secure. Users take actions that weaken the strength of passwords like writing them down, or storing them unencrypted, continuously having to have passwords emailed to them or reset by admins or ignoring a prompt to update an old password.

  • Memory Tricks

You need to use different passwords for each account, but you can still use some tricks to help you remember them. Using memorable phrases for each account is one way, but unless that phrase applies directly to the account, it might be hard to keep track of which password goes with which site. Another way is to pick one, strong password and then alter it based on what site you’re using it with. So, the first seven or eight characters of every account might be the same, but the last few characters are specific to that account. Maybe add Y!00 for Yahoo accounts or GO0 for Google accounts. Whatever trick you use, remember that it’s important to use upper and lower case letters, numbers and symbols in each password.

  • Password Managers

Users’ many problems with passwords has led to the rise of password managers. These services are often free and will store all of your passwords for you. Many will even offer to log-in to stored accounts automatically when you visit the corresponding website. So, you can make each password strong and unique and not have to worry about forgetting them. Your passwords are encrypted and stored behind one master password. Make this your strongest password and make sure it’s one you’ll remember. Use a long phrase and replace letters with numbers or symbols.

Although biometrics and two-step authentication are both being used more, passwords are going to be the main tool used to secure online accounts for a long time. Make sure that you’re using them effectively.

At Geek Rescue, we specialize in security. To improve security on your computer, at your home or office, or fix the damage of malware or viruses on your machine, call us at 918-369-4335.

New Form Of Ransomware Will Soon Infect Computers

January 8th, 2014

Infected computer concept

Ransomware is malware that takes control of a user’s computer and demands a payment to decrypt files. The most famous example of malware is currently Cryptolocker, which first began infecting users last fall. Since then, similar forms of ransomware have been springing up more and more, like the copycat Cryptolocker that targets P2P users. Danielle Walker of SC Magazine reports that the latest form of ransomware hasn’t yet been released, but is expected to be even more dangerous than Cryptolocker.

The name of the new malware is Prison Locker or Power Locker. Security experts first learned of its existence by monitoring underground forums where hackers gather to produce and sell their malware.

Prison Locker performs similarly to other ransomware. When a user is infected, a display window opens that can’t be exited. Other functions of Windows are disabled, as well as the user’s Escape key, Task Manager and Control-Alt-Delete. A user is locked out of their own computer and told they have to pay to regain control. While they’re locked out, files are also encrypted making it impossible for users to access their own data.

The reason many are calling Prison Locker and bigger threat than Cryptolocker is its use of more complex encryption. Prison Locker uses multiple encryption levels. The first of them, called BlowFish, generates a new key for each file it encrypts. That means it has to be broken, or decrypted, one file at a time. In addition, each BlowFish key is encrypted through another method with a unique key for each computer infected. All of this encryption is perceived to be “unbreakable”.

The current asking price for Prison Locker is $100, which suggests it will be widely used soon. The other takeaway from these reports is that ransomware is on the rise. Because of its invasive nature and the ability to directly profit off of each infection, criminals will be using ransomware more often and producing more throughout 2014.

If your computer is infected with any type of malware, call Geek Rescue at 918-369-4335 for help.

Three Keys To Effective Access Management

January 7th, 2014

Password screen

Taking charge of access management for your company is a vital step towards better security. Very few members of your organization need access to all of the applications and data on your network and access management ensures that each employee is given access only to what they need. This significantly decreases the likelihood of a data breach and allows you to keep closer tabs on who is accessing data and how they access it.

Cloud computing and the bring your own device trend make data security more difficult than ever before. Effective access management is crucial in tandem with these new technologies. David King of IT Manager Daily published a list of policies all businesses should follow to limit access to critical data and prevent data breaches.

  • Communicate Role Changes

The more employees you have, the more roles change. Communication between departments is important so that when an employee’s role changes, due to a promotion, firing or change in projects, their access changes too. Problems arise from individual users having access to data they no longer need. Especially in the case of workers who are no longer with the company, access changes should be a priority and made immediately.

  • Regular Reporting

Staying up to date on who can access what data and how and where they’re accessing it is a big time investment, but it’s necessary. Without regular checks on data access, you’ll be caught unaware when a problem occurs. Many times, warning signs of an impending breach, or at least a potential vulnerability, exist days or weeks before any data is actually stolen. Data being accessed during off-hours or being accessed off-site are warning signs that someone is accessing data that shouldn’t be. They don’t tell you definitively that there’s a problem, but they suggest you should look into the matter.

  • Password Security

Part of access management is ensuring that employee accounts are only being used by those employees. Educating workers about the dangers of weak passwords is important. Make sure each employee understands what a strong password consists of and is using one. Also, prohibit the sharing of passwords or inheriting accounts from others. This weakens your efforts to limit access to certain employees and opens loopholes that workers can exploit after they’ve left the company.

Data breaches can be extremely costly to any type of business. Investing in security now can save you later.

For help improving all facets of data security at your company, call Geek Rescue at 918-369-4335.

Preventing And Overcoming Browser Hijacking Malware

January 7th, 2014

Lock and chain on browser

Browser hijacking refers to malware that’s capable of changing your browser’s settings without your knowledge. Often, your homepage or default search engine will be changed, new bookmarks or pop-ups added. Spotting the effects of browser hijacking malware is usually easy, but it’s best to avoid infection altogether. Mary Alleyne of Jupiter Support published a list of ways to avoid becoming a victim of hijackware.

  • Effective Antivirus Programs

As with any malware, an up-to-date, trusted antivirus program is the key to stopping most infections. Anything you download, even if it’s from a seemingly trustworthy site, should be scanned before you open it. Many antivirus programs also offer constant scanning in the background that will alert you immediately if malware, viruses or trojans have infected your system.

  • Disaster Recovery

Unfortunately, malware is updated and new pieces released at a rate too fast for antivirus programs to keep up with. This means that even the best antivirus programs can’t be relied on to catch every piece of malware. Since there’s always a chance that your computer will be infected with a browser hijacker or other malware, take precautions and make a plan for how you’ll recover. Back-up important data and look into other security software that will aide your antivirus program.

  • Change Security Settings

Most popular web browsers offer higher security if you’re willing to sacrifice some functionality. In Internet Explorer, these settings are available under ‘Internet Options’ on the ‘Security’ tab. While setting the security level to ‘High’ will prevent your browser from automatically executing some code, including activeX instructions that allow most browser hijackers to function, it will also prevent some websites from working properly. For trusted sites however, you’ll be able to add them to an exceptions list that restores full functionality to only those sites.

  • Change Browsers

Almost all browser hijacking malware is specifically coded for one browser. This means that malware that works for IE won’t work for Firefox or Chrome and vice versa. The simplest way to avoid the problem if you’re infected with hijackware is to use a different browser. But, the problem won’t be fixed and shouldn’t be ignored. Switching browsers is a simple way to end the hijacking, but you’ll still want to try to get rid of the malware causing it.

More in-depth fixes like editing the ‘Hosts’ file for malicious entries and searching the registry for specific websites also help overcome browser hijacking malware, but require a little more expertise.

If your computer is infected with malware, Geek Rescue fixes it. Bring your device to us, or call us at 918-369-4335.

What Could A Cyber Attack Cost You?

January 6th, 2014

Money down the drain

Even with all of the news stories about the latest hacks, such as Adobe, Snapchat and Target, there are still some individuals who don’t fully grasp what’s at stake. Jose Pagliery of CNN Money explains how much becoming a victim of a cyber attack could cost you.

In the case of the attack on Target, debit and credit card information was stolen. It’s easy to understand why you would want to keep that information out of the hands of criminals. But, this type of attack and fraud usually isn’t as costly as others. That’s because most people pay close attention to bank accounts and credit card bills and will notice anything out of the ordinary. Then, it’s an easy process to report the fraud and cancel the card.

It’s actually much worse for users when their log-in information and passwords are stolen. It doesn’t even have to be an account that houses any valuable information. Because about half of internet users use the same password for multiple accounts, even stealing the log-ins for a message board could lead to a much bigger breach in security. With one password, criminals can find an email associated with that account. They then will try to break into that email and, if successful, can take a number of potentially valuable actions.

Think about all of the old messages still stored in your inbox. Many of those could contain information that a criminal could use to steal your identity or your money. Those old messages could also lead hackers to other accounts you have online, which could allow them access to your social security number, or bank accounts. Even gaining access to your phone account could allow them to order a new device and rack up big charges.

With access to your email, criminals also have access to your contacts. They can send emails with malware attached to try to infect other users. Worse still, they can contact friends and attempt to scam them out of money or information.

There is a seemingly endless list of malicious tactics a criminal can take if they’re able to gain access to just one of your many online accounts. Keeping those accounts and your computer safe is worth your time. You need to use strong, unique passwords for each account you create. If you have potentially valuable information stored in your email, back it up elsewhere and delete it. Keep close tabs on all of your accounts so that you’ll be able to quickly tell if one has been compromised and take the necessary action.

At Geek Rescue, we help improve security for your home or business. We also fix devices with malware infections, broken hardware or any other issues. Come by or call us at 918-369-4335.

Yahoo Users Infected By Malicious Ads For Four Days

January 6th, 2014

Malware on arrow

The latest headlines making malware attack concerns Yahoo users. A security firm based in the Netherlands, Fox IT, reported over the weekend that Yahoo’s advertising servers were compromised. Faith Karimi and Joe Sutton of CNN report that malicious ads were shown to a number of users.

Users who visited Yahoo’s website between December 31st and January 3rd are at risk of a malware infection. Yahoo has publicly stated that users in North America, Latin America and Asia were not affected and most infections are limited to the UK, France and Romania.

Those users who were affected were served malicious ads directly from Yahoo thanks to an exploit kit that installed malware on Yahoo’s servers. Researchers warn that users didn’t even need to click on ads to risk an infection. At an estimated 9-percent successful malware infection rate, about 27-thousand users would be infected every hour these ads were allowed to run. Yahoo was not able to remove the malicious ads until they had been displaying for nearly 4-days.

Only PC users were at risk, however. The malware could not infect Mac users or those using mobile devices.

If infected the malware is capable of a number of actions. Click fraud, which consists of malware opening web browsers and clicking on ads to generate revenue, is one of the least severe threats. The malware can also remotely control a computer, disable security software and steal log-in information and passwords.

Even though this particular threat did not seem to infect any computers in the US, it should serve as a warning to all internet users. Yahoo is generally a trusted website, but was compromised by criminals and began infecting users with malware. This can happen to any site you typically visit. In order to stay safe, you need an up to date, trusted antivirus program in place.

If your computer has been infected by malware or you’d like to improve security on your devices, call Geek Rescue at 918-369-4335.

Cryptolocker Copycat Threatens P2P Users

January 3rd, 2014

Working on laptop

Cryptolocker was perhaps the most talked about piece of malware during the final months of 2013. After infecting an estimated 300-thousand computers in its first three months of existence, it should be no surprise that Cryptolocker is now launching copycat malware. John E. Dunn of Tech World reports that Crilock.A, otherwise known as Cryptolocker 2.0 began infecting users just before Christmas.

Security experts say that it’s likely that version 2.0 stems from a copycat rather than the same group responsible for the original Cryptolocker because it’s not as complex. Rather than spreading through malicious emails, 2.0 infects users by posing Microsoft Office or Adobe Photoshop files on peer to peer file sharing sites. This is a much smaller target audience but also makes it less likely that Cyptolocker 2.0 will be reported to authorities.

In many ways, however, Cryptolocker 2.0 performs the same way the original does. After infecting a machine, it encrypts files with certain extensions and demands a ransom to decrypt them. 2.0 targets a wider range of files than the original also. This is likely because of the users being targeted. Music, image and video files are all included on the encryption list.

Cryptolocker 2.0 is also capable of spreading to removable drives. Anything connected via USB could be infected. This isn’t a new capability for malware, but could prolong the malware’s life.

Included in Cryptolocker 2.0 are other components that launch separate attacks. One is used for DDoS attacks. Two others are designed to steal Bitcoins.

Similarly to the original Cryptolocker, overcoming an infection and regaining your encrypted files is difficult. The best protection is to avoid an infection in the first place. Thankfully, in the case of Cryptolocker 2.0, for now avoiding an infection is as easy as avoiding peer to peer file sharing sites. Although, there is always the possibility that other users will be targeted at a later date.

If your computer is the victim of a malware attack, call Geek Rescue at 918-369-4335.

The Dangers Of Having Your Phone Number Stolen

January 3rd, 2014

Dialing smartphone

Recently, social network SnapChat has been making headlines for all the wrong reasons. Nearly 5-million users’ accounts were compromised and criminals made off with usernames and phone numbers. That has left many to wonder, what does a hacker want with my phone number? Quentin Fottrell of Market Watch set out to answer that question.

The most obvious reason why a hacker having your phone number would be a bad thing is the same reason you’re hesitant to give out your number in the real world. They might just use it. Malware and phishing attacks on smartphones increased steadily throughout 2013. When a criminal learns your phone number, you’re significantly more likely to receive malicious text messages. These can either be an annoyance, or a serious problem based on the type of messages being sent and your reaction to them.

Another problem that many users fail to realize is that your phone number is associated with a number of your online accounts. Particularly on social media, knowing a user’s phone number can help you find their profile. Finding their profile allows you to associate their name, birth day and other information to that phone number. Armed with that knowledge, a criminal could easily steal your identity and break into a number of important accounts. Since phone numbers don’t change often, one could argue that they’re more valuable online than even physical addresses and email addresses.

This doesn’t mean that you should never give out your phone number to any website. You shouldn’t make it public on any social media profiles, but there are other instances where it actually enhances security. In the case of two-factor authentication, your phone number is used to a second level of security to safeguard important accounts for email and banking sites. Security experts advise you to feel free to give out your phone number online if it’s for a specific use.

Unfortunately for SnapChat users, there’s no way to use the service without giving up your phone number.

At Geek Rescue, we specialize in security. If you’d like to improve the security at home or at the office, give us a call at 918-369-4335. We also fix devices that have been infected by malware.