May 29th, 2014
Microsoft ended support for their operating system, Windows XP, on April 8th. Since then, users continuing to use XP have been at risk of attacks via known exploits because no patches are being released to fix them. One security expert has discovered a potential workaround, however. Gregg Keizer of ComputerWorld explains how users could trick Microsoft into delivering patches to their outdated operating system.
To understand this hack, you first need to get to know another Microsoft operating system, Windows Embedded POSReady 2009. In this case, POS stands for point of sale. This operating system was developed for use in cash registers, ATMs and other point of sale devices. It shares the same core as Windows XP, however. It also will enjoy support from Microsoft for another five years.
So, the security experts hack involved tricking Microsoft into thinking an XP system was actually an Embedded POSReady 2009 system. The updates and patches delivered aren’t developed specifically for XP, but the environment is close enough that they reportedly don’t cause crashes, blue screens or other errors.
Before you start thinking that this will keep your XP machine protected for five years, understand that neither Microsoft, nor the security expert who developed this hack, is sold on it effectively patching vulnerabilities. A Microsoft spokesman told the public that these patches intended for POSReady 2009 won’t fully protect XP users. Microsoft’s stance is that users need to upgrade to Windows 7 or 8 as soon as possible.
However, some businesses have built their entire infrastructure on XP and upgrading isn’t a simple option. For those individuals, wouldn’t doing something to protect themselves be better than nothing?
Doing something is certainly preferred, but implementing this hack might not be the smartest choice. Instead, switching web browsers from Internet Explorer to Chrome or Firefox should be an XP users first move. Both Google and Mozilla have continued support for their browsers used with XP. There are also security tools to implement that would help protect against the gaping, known security flaws in XP. It’s not a patch that ends the possibility of an exploit, but it is additional protection.
Whether your computer has been infected, or you’d like to improve security, call Geek Rescue at 918-369-4335.
May 28th, 2014
No doubt you’ve heard about and read about the capabilities, features and benefits of transitioning your business, or at least a portion of it, to the cloud. Before diving into it, however, you’ll need to carefully assess your needs. At Beta News, Andy Lancaster published a list of key areas to consider that will affect the transition to the cloud and the operations of it.
Most likely, your on-site IT solutions have been built to handle the peak workload of your operations. This means that much of the time, assets and resources are being wasted, which means money is being wasted. The advantage of the cloud in this context is that it is flexible and able to quickly scale up and scale down. A careful assessment of your assets and their use will allow you to accurately gauge your needs and plan for peak usage.
Transitioning to the cloud can be a tricky process. Before moving any of your storage or applications off of your on-site servers, you’ll want to carefully consider which will be best served on the cloud and what order they’ll need to transition. Not every application will offer benefits by being in the cloud and some may need to migrate at a different time than others. Planning ahead allows to save on costs, reduce downtime and results in a better, more stable environment.
Some applications can be moved directly from a physical server environment to the cloud with little to no alterations. Some require more attention, however. Effectively integrating some applications with the cloud may require “re-architecting” in order to efficiently host them. This could affect your decision to transition that application to the cloud so it’s important to consider this factor.
Security is a primary concern for businesses integrating with the cloud. You’ll want to consider where data will physically reside, how the data center is protected and who will have access and maintenance responsibilities. Also, think about how you handle security in your organization now and consider how integrating the cloud could complicate, or streamline those operations.
Most likely, you’re conducting regular back-ups and planning for disaster recovery in-house currently. Transitioning these responsibilities to the cloud frees up resources and IT staff. Be sure to consider how you’ll re-appoint staff and think about if you’ll be able to get rid of servers and other hardware.
Introducing the cloud to your company’s IT infrastructure can save time and money, but it needs to be done intelligently.
At Geek Rescue, we help you use the cloud effectively for the maximum benefit to your business. To find out more about cloud solutions, call us at 918-369-4335.
May 28th, 2014
Identity theft and malware infections are two of the biggest security related worries for internet users. Unfortunately, both often stem from a lack of security for social media sites. Facebook, Twitter and other popular social media platforms are continuously working to make users safer, but you can take some additional steps on your own too. At Gizmodo, David Nield offers a few tips for how to make your social media accounts nearly unhackable.
- Two-Factor Authentication
Most of your social media accounts require nothing more than a password to log-in. When you stop and think about how much valuable information is available to anyone with access to your account, however, you’ll likely decide that more protection is needed. With two-factor authentication, you’ll log-in with a unique PIN sent directly to you via text message or through a mobile app. No device will be able to access your account without first going through this process. For Twitter, head to the ‘Security and Privacy’ menu in ‘Settings’ to enable two-factor authentication. Similarly on Facebook, the option is found under the ‘Login Approvals’ section of the Security Settings page.
Instagram, Facebook, Twitter and many other social media sites allow users to add apps to their profiles for extra features. These may be related to games, photo sharing and editing or a number of other uses. These apps often create a security flaw that allows criminals to hack your account, however. While having no apps is the safest, that may not be realistic. If you’d rather not sacrifice apps entirely, regularly audit your apps and remove those that you no longer use or that the developer is no longer updating.
Phishing scams have infiltrated social media through instant messages, or in the case of Twitter, malicious tweets and profiles. Clicking on a bad link often leads users into trouble, but the most popular web browsers have some protections in place for these scenarios. Users must keep their browsers up to date, however, in order to be protected. Even with these security features, it’s a good idea to avoid any link you’re not absolutely sure about.
On the devices you use the most, your social media accounts are likely available without the need to sign in. No one wants to enter their password every time they check Facebook or Twitter on their smartphone, but what happens if your phone is lost or stolen. Now, whoever finds your device can look through your profiles, send out messages and steal whatever personal information is available. To limit this possibility, make sure to put a secure lock on your device. Require a PIN, password or pattern to be put in whenever the screen turns off.
In addition to these suggestions, it’s also a good idea to use a strong, unique password for each account and change it regularly, especially when there’s news of a large site being hacked.
If you’ve been the victim of an attack through social media, email or another source, bring your infected device to Geek Rescue or call us at 918-369-4335.
May 27th, 2014
Apple devices are extremely popular, which unfortunately makes them a target for theft. To combat this as much as possible, Apple includes features to help users find lost or stolen devices, but these features contain security vulnerabilities of their own. The latest reports, as noted by Loek Essers of TechWorld, center around the “Find My iPhone” feature and a form of ransomware.
When ‘Find My iPhone’ is enabled, users are able to track it to see its current location or lock the device and display a custom message. Users are reporting that their iCloud accounts are being hacked and ‘Find My iPhone’ enabled on their own devices, however. A message informing them that they’ve been hacked by “Oleg Pliss” is displayed and a $100 ransom is demanded.
Users have also reported that while they’re able to log-in to their Apple accounts, they’re unable to disable Lost mode and unlock the device on their own.
At least for some of the victimized users, the problem may stem from the eBay hacking from earlier this month. Some users admit they use the same passwords for their Apple account as they did for eBay.
For now, Apple has been silent on the issue and hasn’t officially suggested a way to unlock hacked devices. The only fix to be found so far is to restore the device to factory settings.
It’s not just iPhones that have been affected either. All Apple device have a similar feature to help find them when they’re lost or stolen and all are vulnerable to this same ransom tactic. So far, users in Australia, Great Britain and Canada have all reported being hacked, but no users from the US have had the same problem.
Before the problem spreads to the US, it’s a good idea to change your passwords, especially if you held an account at eBay that may have been compromised.
If any of your device are hacked, infected with malware, or break, bring them to Geek Rescue or call us at 918-369-4335.
May 22nd, 2014
Microsoft’s Silverlight plug-in, which has features similar to Flash and is used for a variety of rich media applications on websites, including Netflix, is leaving users vulnerable to exploits. As Mathew J. Schwartz reports for Dark Reading, outdated versions of Silverlight contain vulnerabilities that lead to malware infections.
Up until recently, vulnerabilities in Silverlight were largely ignored by attackers. In late April, however, a pair of security flaws came to light and drew the attention of a number of exploit kit developers. In many of these attacks, malicious code is hidden in ads displayed by legitimate advertising networks. When these ads are displayed on websites that a user with an outdated version of Silverlight visits, malicious files can be installed.
While these vulnerabilities only exist for users who have failed to keep Silverlight updated, it seems that there’s a large number of users vulnerable and a large number of successful attacks stemming from these flaws. Currently, Silverlight is the most popular target for exploit, according to a report from Cisco.
Part of that popularity stems from the development of exploit kits. These kits are basically attacks in a box that any individual can purchase and launch without the need for any real expertise. These particular Silverlight flaws have made the development of exploit kits fairly simple, which has meant that many are being created at a rapid pace.
Silverlight is the latest, but certainly not the only plug-in that has caused security issues. In 2013, 85-percent of successful attacks involved an exploit of a third-party plug-in like Java or Adobe products like Flash or Reader.
The biggest danger in these plug-in exploits is businesses who are shockingly unprepared for them. Only 29-percent of businesses who were hit with this type of exploit in 2013 were able to discover the breach themselves. In some cases, they were unaware until their client base informed them of a problem.
If you’ve been the victim of an attack and need help clearing the malicious files off your computer and network, or if you’d like to find out more about properly securing your company, call Geek Rescue at 918-369-4335.
May 22nd, 2014
Spam is a constant problem for email users and has been since the early days of email. Through spam, malware infections and phishing schemes torment users. Unfortunately, as Malcolm James reports for the All Spammed Up blog, the spam problem in the US is getting worse.
A report released by antivirus manufacturer Kaspersky that users in the United States receive more malicious emails than any other country. At nearly 14-percent of the world’s spam, the US leads this category by almost a full 4-percent over second place United Kingdom.
Over the past few months, the US has seen a sharp increase in spam emails. In the third quarter of 2013, US email users received about 10-percent of all spam, while users in the UK received the most at about 12-percent.
One noticeable trend is an increase in spam targeting mobile users. Most notably, spammers have begun sending messages that appear to be from popular mobile app developers. Messaging app ‘WhatsApp’ has been used in a number of email scams to spread malware. Even users who have never connected an app to their email address have been fooled. For many users, these messages are believable enough that they’re opened and an attachment downloaded to investigate further. Unfortunately, that’s all the action a user needs to take for malware to infect their system.
Overall, about two-thirds of all email messages are categorized as spam. This is actually down from the end of 2013, but about the same as this time last year. Experts warn that the total amount of spam is less consequential than the tactics the spammers are using. New, more intelligent tactics are allowing more spam to slip through filters and find their way into users’ inboxes, which creates more opportunities for users to mistakenly open these messages.
Geek Rescue helps you recover from and protect from spam. We offer services to help get rid of malware and better filter spam. Call us to find out more at 918-369-4335.
May 21st, 2014
A typical internet user has too many online accounts to manage a unique, strong password for each one. While passwords are still the primary form of security for many important online accounts, being able to realistically keep track of a different password for all of them, which is recommended, is nearly impossible. Ian Barker of Beta News published some tips on how to keep up with passwords when there are seemingly too many to manage.
A recent survey revealed that more than half of internet users have more than 20 active online, password protected accounts. Another 27-percent have between 11 and 20 online accounts. Can you keep 20 different passwords of varying length and using numbers, letters and symbols straight? For that matter, can you keep 11?
For most of us, the answer is a resounding ‘no’. This leads to bad habits. Reusing passwords is common. Using easy to guess passwords is too. This leads to accounts being compromised, which leads to identity theft and other serious problems.
One answer is to use a password manager. There are plenty of trustworthy managers available that will store all of your passwords behind one master password. Many managers even log you in automatically to your accounts. Less than half of internet users are using password managers, however.
The other option, and one that is much more realistic than keeping track of dozens of different passwords for different accounts, is to identify which accounts hold the most valuable information. Banking and credit card sites are obvious choices for your strongest passwords. Don’t overlook ecommerce sites that have your credit card information, address and other personal information stored on them. Also, consider how costly it would be for a criminal to gain access to your social media accounts. Finally, your primary email address, which likely is the destination for password reset messages from other accounts, is vital to protect properly.
Each of these accounts demands a long, strong, unique password to minimize the risk of it being hacked. Some, like email and social media, can even use two-factor authentication to up the security ante even more.
Other accounts, however, don’t need as much attention. An account for a message board, news site or other site where a username and password are the only information at risk don’t necessarily need strong, unique passwords. If these accounts are hacked, you won’t lose much.
For many users, concentrating solely on their most valuable online accounts limits the amount of important passwords to less than ten, which is much easier to manage.
If you’ve been the victim of an attack and need help recovering or help improving security at your home or business, call Geek Rescue at 918-369-4335.
May 20th, 2014
If you’re an iPhone user, you’re likely familiar with iMessage, an alternative to SMS messaging between Apple users only. You’re also probably familiar with iMessage issues, which seem to be numerous. At Lifehacker, Thorin Klosowski has some advice for how to overcome some of the most common problems encountered by iMessage users.
If you have an iPhone, you may also have an iPad and Mac. Apple counted on this loyalty when they built in the ability to sync iMessage to different devices. Unfortunately, it’s not so easy to get syncing to work correctly. If you’re having trouble, the first thing to check is whether the phone number and email on iMessage matches on each device. On your iPhone, go to the Messages Settings menu and select ‘Send and Receive’. On your Mac, with Messages open, check the Preferences menu. Now match up the email address and phone number shown on each device. If they’re not the same, that’s your problem. If they are, try restarting both devices.
Losing service on your smartphone is frustrating but it becomes worse when it completely breaks iMessage, even once service is restored. Some users have experienced this when they’ve attempted to send a message with no service. The message gets caught in a loop and those users are then unable to send or receive with iMessage even when their phone is otherwise back to normal. Many of their sent messages are even marked ‘delivered’ but other users don’t receive them. Fortunately, the fix is fairly simple. Either delete the entire message thread containing the message sent without service by swiping left, or delete just the individual message.
Soemtimes it doesn’t take a loss of service for iMessage to break. There are times when users report being unable to send messages even when there’s been no problems with their network. The first step is to check if Apple has reported any problems on their end. The reality is that iMessage goes down from time to time. If there’s no reported downtime, try turning off iMessage then turning it back on. Then, enable the ‘Send as SMS’ option in the Messages Settings menu. If neither of these allow you to send messages, try resetting your network under the General Settings menu.
If you’re having problems with your Apple device that you can’t fix yourself, call Geek Rescue at 918-369-4335.
May 20th, 2014
One major challenge businesses face in maintaining effective security is the trend of employees using their own devices for work. ‘Bring your own device’, or BYOD, refers to employees using any of their personal devices on your network. At the very least, your employees are likely using their smartphones. There are a number of reasons why this complicates things from an IT standpoint, but at IS Decisions, Francois Amigorena explains some ways to improve security in a BYOD environment.
A vital move to securing your network while employees are using multiple devices to access it is to prevent concurrent logins. Each employee is given specific credentials and are unable to log in with those credentials if they’re being used on another device. This potentially creates some issues with employees being logged in on their desktop and being unable to gain access remotely, but it also prevents lost or stolen device from being able to access the network freely.
In conjunction with login limitations, it’s important to implement time limits for employees’ active sessions. After a set time, the device would automatically prompt users to log in again using their credentials. This protects against the possibility of a logged in device being compromised.
Regardless of the device they’re using to access your network, most employees don’t need access to everything available on the network. It takes meticulous planning, but limiting what files and applications each user is able to access greatly increases security by reducing the potential for complete disaster. Even if a third party gains access through a lost device, they won’t be able to control your entire network.
If employees are regularly using your network with multiple devices, it’s important to keep a running log of those devices. This way, if an employees access requirements change, you can quickly change their permissions for all applicable devices. Likewise, should an employee leave the company, you can quickly end access for their devices to keep them from taking valuable data with them.
It’s important to always closely monitor the activity on your network, but this becomes more important when users are potentially bringing in threats on their own devices. Log in attempts from unrecognized devices, or log ins at odd hours, or sessions moving large amounts of data should all trigger flags. This will allow you to minimize damage.
BYOD is only one challenge that business owners face every day regarding their network’s security.
If you need help improving security at your company, call Geek Rescue at 918-369-4335.
May 19th, 2014
It’s a well-known concern that Android users are much more at risk for malware infections than iOS users. Just a month ago, a fake antivirus app made the rounds in the official Google Play store and victimized a number of users. Google has since offered refunds to those who mistakenly downloaded the malicious app, but it seems they haven’t sufficiently protected against a similar threat reappearing. Lucian Constantin reports at Network World that the Google Play store and the app store for Windows Phones have both recently had malware hidden behind recognizable brand names identified in their stores.
It’s a fairly recent development, but it seems criminal developers are launching malicious apps with well-known company names to further confuse users. This is a well-known tactic of email scams and phishing websites.
One developer account launched malicous apps under the names Avira Antivirus, Mozilla Firefox, Google Chrome, Opera Mobile, Internet Explorer and Safari. The same developer also has a Kaspersky Mobile antivirus app complete with the company’s logo. When downloaded, the app will even simulate a scan of the device’s files.
Making these fake apps more believable, and more costly to users, is that they aren’t free. The Kaspersky Mobile app costs about $4. Most users instinctively trust paid apps more than free ones. A number of free apps have been reported to be malicious, but there’s an implied value tied to something that costs money. It’s also much more believable to pay money for a high quality, big name security app than to get it for nothing.
Some of these apps have been downloaded more than 10-thousand times and even made it onto the “Top Paid” apps list that helps them be further distributed.
Because there has been no sufficient changes made to the Android and Windows Phone app stores, it’s likely that these fake apps will continue to pop-up. However, since many of them steal the exact name of legitimate apps from recognized industry leaders, there’s also likely to be more pressure put on both Google and Microsoft to enhance security.
If you’ve mistakenly downloaded a malicious app, or are having any other kind of trouble with one of your devices, call Geek Rescue at 918-369-4335.