March 18th, 2014
Phishing scams are a common threat of the internet. If users aren’t careful, they can easily be tricked into giving away log-in credentials and other valuable information without even realizing they’re being scammed. At Gizmodo, Adam Clark Estes reports on one of the latest and trickiest phishing scams to hit the web.
The reason this scam is so tricky is because it manages to avoid some of the usual tell-tale signs of phishing. It begins with an unsolicited email arriving in your inbox. The email has the subject line “Documents” and contains a link to Google Drive. On the surface, receiving an email from someone you don’t know that’s called simply “Documents” sounds suspect. But, the Google Docs link is legitimate and points to a google.com URL. What’s the harm in following the link and finding out if this document is really meant for you?
Unfortunately, that’s the thinking of many users. When you follow the provided Google Drive link, you land on an official looking Google log-in page. In fact, it’s an exact replica of an actual Google log-in page. The only difference is that it asks you to enter both your email and password, even if you’re already logged in to your Google account. Many users won’t think twice about entering their information, but noticing this subtle inconsistency is key to avoiding a scam.
Logging in to this spoofed page does take you to a legitimate Google document, but attackers already have your password.
This is another example of how online threats are becoming more intelligent and harder to avoid. For phishing scams like this one, it’s important to remember to avoid following links in your email. Many times, you can visit a website directly, rather than following a provided link. This way, you’ll be sure to land on the actual site rather than a malicious copy.
This scam uses Google Drive because users trust a page with Google’s recognizable logo and branding and because users can’t access a document in Drive without following the link. If you receive an email inviting you to view a file in Drive, be sure you verify who sent it before following the link.
If you’ve been the victim of an attack and need help recovering data, removing malware or improving security, call Geek Rescue at 918-369-4335.
March 17th, 2014
Each year, people gather in Vancouver for what’s called a hackfest. Experts attempt to break through the security of popular applications to reveal potential vulnerabilities. This year, web browsers were the focus with each of the most popular browsers being hacked successfully with at least one exploit. As Sebastian Anthony of Extreme Tech reports, Mozilla’s Firefox experienced the most security problems and four zero-day exploits were found.
A zero-day exploit refers to a way to successfully attack an application that’s discovered by someone outside of the manufacturer. These are dangerous exploits because they are revealed before the manufacturer has an opportunity to patch them. This leaves users vulnerable for days or weeks.
The vulnerabilities in Firefox are said to allow hackers to “do just about anything with your computer” when attacked correctly. These attacks all stem from convincing users to visit malicious websites specifically created for attacks.
Mozilla’s web browser has always been considered less secure than the other leading browsers. It was first included in the hackfest in 2009 and has been successfully exploited every year except 2011. In the past three years, however, all four major browsers, Chrome, Internet Explorer, Safari and Firefox, have all been successfully hacked at least once. Seeing four successful exploits in a single year is still a surprise.
Experts point to Firefox’s lack of a sandbox for its primary security shortcomings. A sandbox is a way of segregating one application from the rest of the system. This way, a successful exploit on the application doesn’t make the rest of your system vulnerable. Chrome, Safari and Internet Explorer, since version 9, all have implemented sandboxes. Firefox still does not use one, which allows attackers to exploit the browser to gain access to other applications and functions of a user’s computer.
All of the exploits discovered during the three day hackfest are reported to the browser manufacturer so they can be patched. Even so, it’s important to remember that no browser offers you perfect security. All have vulnerabilities that can be exploited if you aren’t careful or don’t have the correct security infrastructure in place.
If you’ve been the victim of an attack of would like to explore better security options, call Geek Rescue at 918-369-4335.
March 14th, 2014
Once each month, Microsoft releases a batch of patches to close security vulnerabilities and fix bug and compatibility issues in their products. Last month, just days after the monthly patch release, an exploit was discovered and publicized for Internet Explorer 10. That exploit stayed vulnerable until this week when March’s patch release included a fix. This situation, as Antone Gonsalves of Network World points out, reveals the flaws in the current patching schedule for Microsoft and many other software manufacturers.
Not only was a known exploit unpatched for weeks, but that exploit was also made public. That means those with the means and motivation to attack unprotected users knew exactly how and where to strike.
After a few days, Microsoft did release a temporary solution in their “Fix It” tool. Unfortunately, very few users know how to access that tool, which leads to low numbers of installations. So, while a temporary fix was available, it was neither widely publicized or used.
The other option for overcoming this particular vulnerability was to upgrade from IE 10 to IE 11. For most individual users, this was a viable solution. However, for enterprise level users, changing web browsers company-wide often takes more time and planning.
Meanwhile, attackers struck multiple websites in multiple countries on multiple continents.
Despite this specific shortcoming in the patch schedule, Microsoft is actually ahead of many other software companies in this regard. For example, while Microsoft routinely releases new patches and updates once per month, Oracle releases updates quarterly and Cisco releases updates only twice per year.
The best solution suggested so far is to remove Internet Explorer from this monthly patching schedule. While it’s more than enough to update most applications once per month, IE faces a high number of attempted attacks and exploits each day. It’s much more likely that a critical vulnerability will be found and immediately exploited in IE than other applications. Even with a faster patch release, however, some IT departments might struggle to stay up to date and fully patched.
For those companies affected by unpatched vulnerabilities, there are some ways to better protect yourselves while you wait for the application manufacturer. Segmenting network assets, limiting user permissions and using application whitelisting are all ways to significantly improve security and lower the chances of a devastating and costly attack.
For help implementing an improved security infrastructure, call Geek Rescue at 918-369-4335.
March 12th, 2014
In September, Apple released iOS 7. Since then, users have been waiting for the next update that would fix bugs and introduce new features. There have been plenty of stories predicting what the update would contain, but no one could know for certain. This week, iOS 7.1 was officially released and in just a couple of days, adoption is already close to 10-percent for eligible devices. Eric Zeman of Information Week reports on the iOS update and what’s new for iPhone, iPad and iPod Touch users.
Many users complained that their device reset unexpectedly after updating to iOS 7. This soft reset wouldn’t delete any apps or saved data, but would interrupt whatever activity the user was currently engaged in. One of the primary goals of the update to 7.1 was to fix this annoying bug. So far, users are reporting that the reset problem has been solved.
Apple’s virtual personal assistant received an upgrade in iOS 7.1. While Siri will still actively listen for voice commands, there’s an added option of manually control when Siri needs to pay attention. Users can hold the Home button down while they give a command and release it when they finish directing Siri. There are also a number of new voice options for Siri in a variety of languages.
Apple is still excited about the possibilities of iTunes Radio and continues to roll out new features for it. In iOS 7.1, users are able to make purchases easier from their mobile devices. Previously, users can now purchase music directly from the “Now Playing” screen in iTunes Radio and even buy entire albums. Users are also able to subscribe to iTunes Match directly from their iPhone or iPad. The search function for iTunes Radio was also tweaked to make it easier for users to access it quickly.
Perhaps the most anticipated addition included in iOS 7.1 allows iPhone and iPad users to integrate their devices with their cars. Before you get too excited, know that cars that support CarPlay aren’t even on the market yet. Some upcoming 2015 models are expected to include that feature. In the meantime, Apple’s devices are already ready to go. Users with CarPlay will be able to use Siri, navigation, messaging and access their music.
As always, it’s recommended that you back-up your device before installing a significant update like this one. Downloading and installing iOS 7.1 reportedly takes about 10-minutes over a WiFi connection.
If your device has issues that an update won’t fix, bring it to Geek Rescue or call us at 918-369-4335.
March 10th, 2014
A common piece of security advice is to regularly update your antivirus program to protect against the latest threats. New malware is formed every day and it’s difficult for security applications to keep up, but it’s impossible if they aren’t updated daily. Alastair Stevenson illustrates the need for up to date definitions with his report at V3 that three new threats emerge every second of every day.
That statistic comes from security company McAfee’s Threat Report from the fourth quarter of 2013. Part of that report reveals that McAfee learned of 200 new attacks every minute, which likely means that the number of new attacks being launched is actually even higher.
Overall, in just the fourth quarter in 2013, 200-million malware variants were found by McAfee. That’s 90-million more than was found during the same time span in 2012. Experts believe one reason for this significant increase in malware production is the increase in “Point of Sale” malware, which refers to variants that are available to be purchased online by anyone and used without a need for expertise. This allows nearly anyone to launch an attack.
Malware isn’t targeting PC users alone, however. The report states that nearly 2.5-million new forms of malware targeting Android mobile devices was collected. That’s significantly lower than the amount of malware targeting PC users, but it’s nearly double the output of mobile malware from just a year prior.
Ransomware, the malware that encrypts or locks down files on your PC and demands payment to give you access to them, also saw a large jump in number of attacks in 2013. After 1-million observed forms of ransomware attacks in 2012, 2013 saw about 2-million.
The clear lesson here is that security on your personal devices and your company’s network is becoming even more important as more attacks are being produced and those attacks are becoming more intelligent.
For help improving security or help recovering from an infection or attack, call Geek Rescue at 918-369-4335.
March 10th, 2014
Recently, Apple has been making headlines for the wrong reasons. Multiple security flaws have been reported that affect users of both iPhones and iPads and Macs. While in the past, a lower number of targeted attacks made Apple’s operating systems safer environments than Microsoft’s Windows these reports suggest that Apple doesn’t necessarily have a more secure operating system. At Network World, Bob Violino takes a closer look at OS X, the operating system used on Macs, to expose the potential security flaws within.
How often an operating system is patched and updated often makes the difference in keeping attacks at bay. Unfortunately for Apple device users, support is usually only given to the current operating system and the previous version. This leaves a number of users with older machines in the lurch. Currently, users of OS X Snow Leopard from 2009 are already missing out on some updates and the critical security patches they are given access to come slowly. This is in contrast to Windows users who typically enjoy support for much longer. Windows is ending support for XP users this April after nearly 13 years.
Many users aren’t certain about how to properly secure their computer. Even more advanced users may not be aware of points where they are most vulnerable. To help users protect themselves, security configuration guides from the manufacturer are extremely helpful. Unfortunately, no recent version of OS X has been provided with a configuration guide from Apple. This leaves users in the dark about proper security and leads to many believing they’re more secure than they actually are.
As mentioned in the first section, updates are key in protecting users from attacks. Apple has been slow to update OS X, however, especially concerning its open source components. Slow updates mean that users could be vulnerable to a known exploit. Even if it doesn’t affect security, compatibility and other issues aren’t being fixed in a timely manner.
- Easy To By-Pass Passwords
OS X includes a feature that’s designed to make working with your Mac more convenient. Any attached disk that includes an installed version of OS X can be used to boot the machine. Unfortunately, this allows someone to by-pass the password required to log-in on your machine by booting from an attached disk. This only comes into play if your laptop or computer are stolen, but it still a concern.
This isn’t a exhaustive list of potential security issues with OS X, but it illustrates that there’s additional security required for most users.
If you’re having problems with your Mac, bring it to Geek Rescue for a fix. If you’d like to explore security options to protect yourself from future attacks, call us at 918-369-4335.
March 7th, 2014
A recent survey on computer security revealed not only alarming numbers of victims of cyber crime, but also high numbers of users who have little to no security in place. The University of Kent, which is located in the UK, surveyed about 1500 adults in their study. Admittedly, it’s a small sample size so the numbers could be a little skewed. Even so, there are surprisingly high rates of malware infections, specifically with ransomware, as John Hawes of Naked Security reports.
CryptoLocker, a headline-making form of ransomware that encrypts files on victim’s computers and demands payment to release them, one in 30 of the survey’s respondents. Even worse, about 40-percent paid the ransom to have their files decrypted.
Those figures only pertain to CryptoLocker specifically. For all forms of ransomware, about one in 10 respondents confirmed they’ve been a victim. Even if you assume those numbers are slightly inflated, that’s a shocking amount of ransomware cases.
It’s particularly troubling when you combine the amount of cyber attacks with the amount of users who fail to put proper security measures in place. The survey also found that more than half of users weren’t using an up to date anitvirus or anti-malware program. About a third of respondents reported they had no firewall in place on their network and about the same number failed to use proper password practices for maximum security on online accounts.
With that in mind, it’s no surprise that about a quarter of users in the survey were identified as being the victim of some sort of “cyber-dependent crime” with malware infections and phishing scams being the most popular.
Unfortunately, when it comes to the number of malware incidents, the actual number of infections is usually higher than what is reported. This is because malware, by its nature, stays hidden on most systems particularly those with less than ideal security. Users may report that they’ve never been the victim of a malware infection, but in reality it’s difficult to say for certain.
The takeaway from this study and others like it is that no one is immune from cyber attacks. Malware can strike any of us, but those with less security in place are asking for trouble.
If you’ve been infected with malware, or would like to improve security at home or at your business, call Geek Rescue at 918-369-4335.
March 4th, 2014
Many iPhone, iPad and Mac users rely on the ‘Lost Mode’ feature to keep their device safe in the event that it’s misplaced or stolen and to be able to find it. ‘Lost Mode’ contains a security vulnerability, however, that a recent open-source hacking project is able to exploit to access the device and all of the data stored there. Paul Ducklin of Naked Security delves into the details.
‘Lost Mode’ is able to be activated by users of Apple devices when they log in to iCloud on another device. If your device is on, you can see approximately where it’s located. You can also tell the device to reboot, which will result in the device locking upon restart and requiring a four-digit code to access it. That code, also known as a “system lock PIN”, is chosen by the user when ‘Lost Mode’ is activated.
The idea is that if your device has been stolen or found by someone else, that person won’t be able to steal your information or even use or sell your device because of the lock. The recently released “iCloud Hacker” project demonstrates why the system lock isn’t as secure as it seems.
“iCloud Hacker” isn’t overly complicated in its attack. Since it knows that a 4-digit PIN is required, it simply tries every combination of numbers until it finds the right one. This would be possible for any human to perform also, but incredibly tedious. Apple devices don’t lock or shutdown after a certain number of failed log-in attempts, but after six failed attempts, a user must wait 5-minutes before trying again. This delay means that it could take weeks for a human to break into a device.
With “iCloud Hacker”, the human element is eliminated and codes are tirelessly inputted until one is successful. It also works around the 5-minute wait time by rebooting the device after six attempts.
Many are calling for Apple to improve security associated with ‘Lost Mode’, but there’s actually a fundamental security problem contained in any lost device. An intelligent criminal doesn’t even need to break the lock on your device. Instead, they only need to remove the hard drive and put it into another device. There, they can read and copy everything on it.
This prevents a criminal from using your device themselves or selling it to someone else, but your data and information is still very much at risk. Especially dangerous is the possibility that your hard drive is copied, returned to your device and your device is returned to you. With the lock still in place, many users will believe that their device and data are safe, when in actuality a criminal has all of their data.
Whether you’re using ‘Lost Mode’ or not, it’s important to encrypt your stored data. On your Mac, enable ‘Full Disk Encrpytion’ and you’ll add an extra layer of protection. There’ll be another password required to use your device and you’ll be given a 24-character recovery key in case you forget your password.
If you’d like to improve the security on any of your devices, or your device is in need of repairs, call Geek Rescue at 918-369-4335.
March 4th, 2014
There are dozens, hundreds or even thousands of important files stored on your computer’s hard drive. What happens when vital files are deleted by accident? Files can be infected with a virus, corrupted or lost due to hardware damage. Or, you may just delete an entire folder only to realize later that you need some of the files stored in it. As Andy O’Donnell of About reports, a deleted file isn’t necessarily lost forever.
First, it’s important to understand what happens when you tell your computer to delete a file. This is important not only for recovery purposes, but also for security.
Windows users delete a file and send it to the Recycle Bin, which they’ll empty later. Once the Recycle Bin is emptied, most users have lost any means of accessing or recovering those files. But, they may not be completely deleted. In many cases, the actual data is still on the hard drive and only the pointer record, which contains the location of the data, has been deleted.
Without the pointer record, users can’t see files in directories. To find them, you’ll need a special recovery tool, which can be extremely expensive and difficult to use effectively. But, for those with some expertise, deleted files can be found and recovered.
This leads to another problem, however. If files you’ve deleted could still be unearthed by experts that means anyone who steals your computer or buys it legitimately could potentially restore the files you thought you had deleted. That could lead to some costly incidents.
To protect yourself, remove the hard drive from any computer you’re planning to sell. That’s the only way to ensure that no one can find and restore data that you have tried to delete.
Other options aren’t fool-proof, but they are helpful. Use a tool to encrypt your entire hard drive. Regularly use the disk de-fragmentation tool. Format your hard drive before selling it and use a secure drive erase tool, which adds zeroes and garbage data to your drive to make recovery more difficult.
If you need to restore valuable files to your hard drive, call Geek Rescue at 918-369-4335 before spending hundreds of dollars on a difficult to use restore tool.
