March 10th, 2014
Recently, Apple has been making headlines for the wrong reasons. Multiple security flaws have been reported that affect users of both iPhones and iPads and Macs. While in the past, a lower number of targeted attacks made Apple’s operating systems safer environments than Microsoft’s Windows these reports suggest that Apple doesn’t necessarily have a more secure operating system. At Network World, Bob Violino takes a closer look at OS X, the operating system used on Macs, to expose the potential security flaws within.
How often an operating system is patched and updated often makes the difference in keeping attacks at bay. Unfortunately for Apple device users, support is usually only given to the current operating system and the previous version. This leaves a number of users with older machines in the lurch. Currently, users of OS X Snow Leopard from 2009 are already missing out on some updates and the critical security patches they are given access to come slowly. This is in contrast to Windows users who typically enjoy support for much longer. Windows is ending support for XP users this April after nearly 13 years.
Many users aren’t certain about how to properly secure their computer. Even more advanced users may not be aware of points where they are most vulnerable. To help users protect themselves, security configuration guides from the manufacturer are extremely helpful. Unfortunately, no recent version of OS X has been provided with a configuration guide from Apple. This leaves users in the dark about proper security and leads to many believing they’re more secure than they actually are.
As mentioned in the first section, updates are key in protecting users from attacks. Apple has been slow to update OS X, however, especially concerning its open source components. Slow updates mean that users could be vulnerable to a known exploit. Even if it doesn’t affect security, compatibility and other issues aren’t being fixed in a timely manner.
- Easy To By-Pass Passwords
OS X includes a feature that’s designed to make working with your Mac more convenient. Any attached disk that includes an installed version of OS X can be used to boot the machine. Unfortunately, this allows someone to by-pass the password required to log-in on your machine by booting from an attached disk. This only comes into play if your laptop or computer are stolen, but it still a concern.
This isn’t a exhaustive list of potential security issues with OS X, but it illustrates that there’s additional security required for most users.
If you’re having problems with your Mac, bring it to Geek Rescue for a fix. If you’d like to explore security options to protect yourself from future attacks, call us at 918-369-4335.
March 7th, 2014
A recent survey on computer security revealed not only alarming numbers of victims of cyber crime, but also high numbers of users who have little to no security in place. The University of Kent, which is located in the UK, surveyed about 1500 adults in their study. Admittedly, it’s a small sample size so the numbers could be a little skewed. Even so, there are surprisingly high rates of malware infections, specifically with ransomware, as John Hawes of Naked Security reports.
CryptoLocker, a headline-making form of ransomware that encrypts files on victim’s computers and demands payment to release them, one in 30 of the survey’s respondents. Even worse, about 40-percent paid the ransom to have their files decrypted.
Those figures only pertain to CryptoLocker specifically. For all forms of ransomware, about one in 10 respondents confirmed they’ve been a victim. Even if you assume those numbers are slightly inflated, that’s a shocking amount of ransomware cases.
It’s particularly troubling when you combine the amount of cyber attacks with the amount of users who fail to put proper security measures in place. The survey also found that more than half of users weren’t using an up to date anitvirus or anti-malware program. About a third of respondents reported they had no firewall in place on their network and about the same number failed to use proper password practices for maximum security on online accounts.
With that in mind, it’s no surprise that about a quarter of users in the survey were identified as being the victim of some sort of “cyber-dependent crime” with malware infections and phishing scams being the most popular.
Unfortunately, when it comes to the number of malware incidents, the actual number of infections is usually higher than what is reported. This is because malware, by its nature, stays hidden on most systems particularly those with less than ideal security. Users may report that they’ve never been the victim of a malware infection, but in reality it’s difficult to say for certain.
The takeaway from this study and others like it is that no one is immune from cyber attacks. Malware can strike any of us, but those with less security in place are asking for trouble.
If you’ve been infected with malware, or would like to improve security at home or at your business, call Geek Rescue at 918-369-4335.
March 4th, 2014
Many iPhone, iPad and Mac users rely on the ‘Lost Mode’ feature to keep their device safe in the event that it’s misplaced or stolen and to be able to find it. ‘Lost Mode’ contains a security vulnerability, however, that a recent open-source hacking project is able to exploit to access the device and all of the data stored there. Paul Ducklin of Naked Security delves into the details.
‘Lost Mode’ is able to be activated by users of Apple devices when they log in to iCloud on another device. If your device is on, you can see approximately where it’s located. You can also tell the device to reboot, which will result in the device locking upon restart and requiring a four-digit code to access it. That code, also known as a “system lock PIN”, is chosen by the user when ‘Lost Mode’ is activated.
The idea is that if your device has been stolen or found by someone else, that person won’t be able to steal your information or even use or sell your device because of the lock. The recently released “iCloud Hacker” project demonstrates why the system lock isn’t as secure as it seems.
“iCloud Hacker” isn’t overly complicated in its attack. Since it knows that a 4-digit PIN is required, it simply tries every combination of numbers until it finds the right one. This would be possible for any human to perform also, but incredibly tedious. Apple devices don’t lock or shutdown after a certain number of failed log-in attempts, but after six failed attempts, a user must wait 5-minutes before trying again. This delay means that it could take weeks for a human to break into a device.
With “iCloud Hacker”, the human element is eliminated and codes are tirelessly inputted until one is successful. It also works around the 5-minute wait time by rebooting the device after six attempts.
Many are calling for Apple to improve security associated with ‘Lost Mode’, but there’s actually a fundamental security problem contained in any lost device. An intelligent criminal doesn’t even need to break the lock on your device. Instead, they only need to remove the hard drive and put it into another device. There, they can read and copy everything on it.
This prevents a criminal from using your device themselves or selling it to someone else, but your data and information is still very much at risk. Especially dangerous is the possibility that your hard drive is copied, returned to your device and your device is returned to you. With the lock still in place, many users will believe that their device and data are safe, when in actuality a criminal has all of their data.
Whether you’re using ‘Lost Mode’ or not, it’s important to encrypt your stored data. On your Mac, enable ‘Full Disk Encrpytion’ and you’ll add an extra layer of protection. There’ll be another password required to use your device and you’ll be given a 24-character recovery key in case you forget your password.
If you’d like to improve the security on any of your devices, or your device is in need of repairs, call Geek Rescue at 918-369-4335.
March 4th, 2014
There are dozens, hundreds or even thousands of important files stored on your computer’s hard drive. What happens when vital files are deleted by accident? Files can be infected with a virus, corrupted or lost due to hardware damage. Or, you may just delete an entire folder only to realize later that you need some of the files stored in it. As Andy O’Donnell of About reports, a deleted file isn’t necessarily lost forever.
First, it’s important to understand what happens when you tell your computer to delete a file. This is important not only for recovery purposes, but also for security.
Windows users delete a file and send it to the Recycle Bin, which they’ll empty later. Once the Recycle Bin is emptied, most users have lost any means of accessing or recovering those files. But, they may not be completely deleted. In many cases, the actual data is still on the hard drive and only the pointer record, which contains the location of the data, has been deleted.
Without the pointer record, users can’t see files in directories. To find them, you’ll need a special recovery tool, which can be extremely expensive and difficult to use effectively. But, for those with some expertise, deleted files can be found and recovered.
This leads to another problem, however. If files you’ve deleted could still be unearthed by experts that means anyone who steals your computer or buys it legitimately could potentially restore the files you thought you had deleted. That could lead to some costly incidents.
To protect yourself, remove the hard drive from any computer you’re planning to sell. That’s the only way to ensure that no one can find and restore data that you have tried to delete.
Other options aren’t fool-proof, but they are helpful. Use a tool to encrypt your entire hard drive. Regularly use the disk de-fragmentation tool. Format your hard drive before selling it and use a secure drive erase tool, which adds zeroes and garbage data to your drive to make recovery more difficult.
If you need to restore valuable files to your hard drive, call Geek Rescue at 918-369-4335 before spending hundreds of dollars on a difficult to use restore tool.
February 26th, 2014
It’s common knowledge that computers need to be protected with antivirus programs and other security tools to keep from being infected with malware and attacked by other means. Very little attention is given to protecting a router, however. Wireless routers have become common. A decade ago, many homes used wired connections to the internet, but with the rise of mobile devices came the rise in demand for wireless internet. The more devices are connected to a router, however, the more valuable a target it is for attackers. As many as 70-percent of these routers contain vulnerabilities and suffer from a lack of security. These factors explain why attacks on routers have been steadily increasing over the past year.
So, what’s at stake if your router is attacked? A compromised router allows a third party inside your firewall. From there, they’re able to monitor all activity and data being sent through the router. Emails, log-in credentials, credit card information and more is available to be intercepted and monitored. Steve Bell at the BullGuard blog published a few ways to improve your router’s security.
Just as it’s important to keep your computer’s operating system and antivirus program updated, it’s important to regularly check for router updates as well. Updates to the firmware may not be automatically pushed to your router, even if the update is able to eliminate a serious security vulnerability. That’s why it’s vital that you regularly check with the manufacturer’s website to see if any recent updates have been created.
The lack of security for most users browsers comes from a simple lack of knowledge of the device’s capabilities. Many routers come with an option to encrypt data, but it may not be turned on by default. Be sure to read through your router’s manual or browse through the settings to find useful security tools.
A quick look through settings can not only allow you to enable more robust security on your router, but it also can help you avoid attacks. The first change you need to make after setting up your router is to choose a new name, which is also called a service set identifier, or SSID. You’ll also want to change the password. Routers are sent out with default names and passwords. Attackers know these typical passwords because manufacturers use the same ones over and over. Changing them immediately improves security.
Router attacks are difficult for typical users to detect. That opens the possibility that a criminal could be monitoring your activity through a compromised router for months. To avoid that, you’ll want to take the necessary security precautions.
If you’d like help setting up a secure wireless network, or have been the victim of an attack, call Geek Rescue at 918-369-0745.
February 25th, 2014
Any time a new iPhone debuts, it makes worldwide news, but there is a sizable audience that’s equally interested in new Android smartphones. Samsung’s Galaxy line recently debuted its newest member, the S5, at an event in Barcelona. Al Sacco of CIO reported on the new specifications and features.
The Galaxy S5 is bigger than its predecessors, which was expected. It outweighs the GS4 by 15 grams. It’s also slightly taller, wider and deeper. The additional size and weight is partly attributed to a larger battery, which is 2800 mAh compared to 2600 mAh for the GS4.
The display on the S5 is also bigger, but not by much. At 5.1-inches, it has only gained 1-tenth of an inch on the previous Galaxy smartphone. Otherwise, not much has changed. There’s still a full HD Super AMOLED display at 1920×1080. The display on the new S5 is regarded as brighter at the highest setting, however.
Other manufacturers have made a 64-GB storage option for their newest, top of the line smartphones. The Galaxy S5, however, only has a 16-GB and 32-GB model. It does support external memory cards up to 64-GB.
The processor is where the S5 received the biggest upgrade. Inside, you’ll find a blazing fast 2.5 GHz quad-core processor as opposed to the 1.6 GHz chip found in the S4.
The camera on smartphones has become just as important as any conventional phone features. The Galaxy S5 features one of the best camera you’ll find with a front facing 2.1 MP camera and a 16 MP rear camera. As with any Samsung smartphone, there are also new camera features to play with. In the S5, there’s reportedly the fastest auto-focus in any smartphone and a tool to focus on one specific part of a photo and blur the rest.
The Galaxy S5 follows in the footsteps of the latest iPhones to offer biometric security. A fingerprint scanner is included in the home button to help secure your phone, but you’ll have to actually swipe your finger, rather than just holding it to the sensor.
Samsung is also making an effort to include features on their phones that are typically found in increasingly popular fitness bands. As part of their included S Health app, a heart rate monitor is built in to the smartphone.
There’s also a power saving function that everyone needs from time to time. Ultra Power Saving Mode disables non-essential functions in situations when you can’t afford for your phone to die, but the battery is critically low.
Finally, Samsung introduced Download Booster, which claims to allow WiFi and your LTE connection to work together to produce better download speeds.
There are sure to be plenty of additional testing and features revealed ahead of the Galaxy S5’s official release on April 11th.
In the meantime, whether you have the latest smartphone or an older model, Geek Rescue has you covered when something breaks. For hardware damage, malware infections and more, call Geek Rescue at 918-369-4335.
February 25th, 2014
There’s a security flaw in Apple’s mobile operating system, iOS. No, it’s not the same flaw that we reported yesterday. That widely publicized flaw allows attackers to intercept data being sent between your phone and web servers and an update that fixes it is already available for most affected users. This new flaw, as Lance Whitney of CNet reports, allows for the remote capture of “every character the victim inputs” on an iPhone or iPad.
The vulnerability was uncovered by security firm FireEye. A keylogging app is able to run in the background of any iOS 7 device because of a flaw in the Background App Refresh setting.
You may be wondering what the danger of a hacker being able to monitor every press of your touchscreen, or home button, or volume controls is. Attackers aren’t just able to monitor when you touch your screen, but precisely where on the X and Y axis. That means that passwords and log-in credentials could be stolen. Your phone’s lock screen could also be compromised. Think of everything you use your phone or tablet for and then consider how dangerous it would be to have a stranger looking over your shoulder the entire time.
Unlike the SSL vulnerability that was revealed recently, this iOS vulnerability requires a malicious app to be installed on the device first. Of course, there are a number of ways an app can make it’s way to your iPhone. Apps downloaded directly from the official App Store are usually legitimate, however. So, these malicious apps would likely come from 3rd party app stores or email attachments.
Apple has publicly stated that they’re working with FireEye to create a patch to fix the problem. In the meantime, users can close any apps running in the background by double-tapping their Home button. Close any apps you aren’t currently using. If there’s an app running that you don’t recognize, there’s a good chance that it’s malware.
If you have a device that’s been infected with malware, bring it to Geek Rescue or call us at 918-369-4335.
February 24th, 2014
Over the weekend, Apple released an update to its mobile operating system, iOS. Version 7.0.6 for iOS 7 devices and 6.1.6 for iOS 6 devices were seemingly rushed out to fix a bug that put users’ data at a significant risk. At Gizmodo, Brian Barrett explains why iOS users should update their devices as soon as possible.
The bug, or security vulnerability, that Apple is now attempting to fix involves a flaw in the operation of SSL, which stands for Secure Sockets Layer. Using SSL allows for private and secure communications between your web browser and the servers it need to communicate with to access different websites. When you see the small lock icon appear in your browser’s address bar, that means that SSL is functioning and securing your connection to the site you’re currently on.
Without SSL, everything you send to a server and receive back is up for grabs. SSL verifies that your browser is contacting the correct server for the website it’s displaying, but the Apple bug prevents that from happening. This opens the door for what’s called “man in the middle attacks”, which refers to a third party intercepting data intended for someone else. So, your log-in credentials for any online account you have, payment information for an online purchase, emails and a number of other potentially costly possibilities can all be stolen and monitored by criminals.
The vulnerability affects not only browser Safari, but also Calendar, Facetime, Keynote, Twitter, Mail, iBooks and more. Any time you’ve used one of these apps on an unsecured network, which could be anything from free WiFi in a coffee shop to the network at your job that doesn’t require a password, all the data you’ve accessed and submitted could have been intercepted.
This flaw has an update for devices dating back to the iPhone 3GS and fourth generation iPod Touch. Any devices older than that likely won’t have an update available to fix the problem. This is also an issue for Mac users with the OS X operating system. While there’s a known vulnerability for Macs, there isn’t currently a patch or update to fix it.
While exploits of this vulnerability only recently began being spotted, the SSL flaw has been in both iOS and OS X since September of 2012. For the past year and a half, data has been available through a fairly simple exploit on one of the most popular mobile devices. If you haven’t already updated, do so now. If there isn’t an update available for your device yet, avoid using the affected apps on any unsecured networks.
Security vulnerabilities are a serious concern for any device. If you’ve experienced an attack and have a device infected with malware, or want to explore additional security options, contact Geek Rescue at 918-369-4335.
February 21st, 2014
DDoS are a very real and potentially very costly possibility for any business. An attack capable of making your servers sluggish or unavailable could hit at any time and you need to plan for it. That involves both setting up a proper security infrastructure and planning for how to recover from and mitigate an attack. At TechWorld, Ellen Messmer published tips for what you need to know in order to be properly prepared for DDoS attacks.
A DDoS attack doesn’t come from nowhere and immediately render your servers useless. Instead, a you’ll be able to spot a surge in activity before any real damage is done. That is, if you’re regularly and properly monitoring traffic. If you don’t know what normal activity on your servers looks like, you won’t be able to tell when things are out of the ordinary. If you spot the early warning signs of a DDoS attack, taking the proper precautions can save you from any down time, or at least greatly reduce the damage done.
- Understand Different Attacks
Not every DDoS attack is created equal. There are variations in scope, with data transfer speeds running as low as 5Gpbs for small-scale attacks and upwards of 100-Gpbs for large scale attacks. Some attack specific applications, while others attack a network, website or multiple servers. The ways they produce the attack traffic also varies. Many DDoS attacks also come in conjunction with other types of attacks and are used solely as a distraction. Understanding the different types of DDoS attacks and being able to tell what type of attack you’re dealing with dictates how best to protect yourself.
Just as the nature of DDoS attacks varies, so too do the motivation of the hackers behind them. As mentioned, some DDoS attacks are distractions for more costly attacks and data breaches. Some extort you for money before they’ll stop the stream of malicious traffic. Some are aimed at specific targets because the attackers disagree with the victim’s opinion, or certain policies. It’s important to try to spot an attackers motivation before they strike. For example, holidays are a popular time for attacks because hackers believe companies will be more unprepared with fewer employees on watch. Similarly, if your company has been in the news lately, there might be an attack coming soon.
DDoS attacks can be extremely costly for companies. Even only a few hours of downtime can mean the loss of thousands of dollars of revenue.
For help protecting against attacks and monitoring for them, contact Geek Rescue at 918-369-4335.
February 21st, 2014
A DDoS attack, or Dedicated Denial of Service, interrupts the service a website or network is able to offer, usually by overloading servers with communication requests. In basic terms, the attackers send so much fake traffic to a server that it can’t function normally. As Zeljka Zorz reports for Net-Security, one recent DDoS attack used previously unknown methods to take down more than 300 domains.
The target of the attack was Namecheap, a web hosting service and domain registrar. The fact that a hosting company was the target of an attack isn’t noteworthy. Namecheap has a platform spread across three continents and claims that their infrastructure protects them against nearly daily DDoS attacks. This most recent and successful attack was bigger and different than any previous attempts, however. After overwhelming DNS servers, performance became sluggish or completely unavailable for more than 300 of their hosted domains.
Namecheap estimates the attack to be over 100 gigabits per second, which refers to an extremely high data transfer speed. While other attacks have been observed at 300 or even 400 Gbps for a brief time, the DDoS attack against Namecheap is still considered one of the largest in history. It would have to be to overwhelm such a large scale operation.
Even for a company with a robust security infrastructure and planning in place, this attack knocked them offline for about three hours, which usually equates to thousands of dollars in lost revenue for the affected domains.
DDoS attacks have been growing more common recently and have also improved their tactics. Reflection attacks, which allow for the exploitation of vulnerable servers to multiply the scale of an attack, have grown in popularity and made DDoS attacks more successful.
Specific details of the Namecheap attack have not been released, but from the description, it seems that another new tactic has surfaced.
If a company like Namecheap is vulnerable to DDoS attacks, every company has reason to worry. For help improving your company’s security infrastructure, call Geek Rescue at 918-369-4335.
