January 2nd, 2014
Windows users have a tool included on their systems that sends a report to Microsoft any time an error occurs. This is to help Microsoft create patches and updates that resolve issues, but as Gregg Keizer of Computer World reports, these error reports are also helping hackers find vulnerable targets.
The problem with error reports is that they’re unencrypted. This means that anyone able to intercept that data on its way to Microsoft will be able to discover a wealth of information about the user and their computer. Information included in errors reports include what software is installed, what version of the operating system is running, the latest patches and updates installed, devices and peripherals plugged into the computer and reports on recent application and operating system crashes. This information has been described as “a blueprint” for how to attack a user and where security vulnerabilities exist.
The most common way to hackers to intercept this information is a ‘man in the middle’ attack, which allows a hacker to ‘sniff’ or monitor all activity conducted over your internet connection and steal any data transmitted.
A German newspaper recently reported that the NSA has already been stealing crash reports to make their attacks more intelligent. While this threat is unlikely to target too many individual users, businesses are certainly at a significant risk.
Windows sends error reports by default, but they can be turned off. Security experts, however, advise against this measure. The reason error reports are valuable to hackers is the same reason they’re valuable to your IT department. They highlight vulnerable areas of your network and help you patch them.
Instead of losing this diagnostic tool, improve it. Rather than sending reports directly to Microsoft, you can direct them to an internal server and encrypt the information before sending it on. This way, even if the report is intercepted, it won’t be able to be deciphered.
If you need to improve the security at your business, or have been the victim of a cyber attack and need help fixing the damage, call Geek Rescue at 918-369-4335.
January 2nd, 2014
Staying safe online requires the right security tools. It also requires the right knowledge of common threats. Knowing how criminals typically attack your computer educates you on how to prevent those attacks. Roger A. Grimes at Computer World published his list of the most devious attacks currently being used and how to protect yourself from them.
There a plenty of public places where people typically use free, public WiFi. Unfortunately, networks in places like coffee shops, libraries and airports are also common targets for hackers. They’re able to set-up fake wireless access points, or WAPs, that fool users. Users connect using a network with a believable name, but are actually giving a criminal access to all the data they transmit. This is an easy way for hackers to steal passwords, banking information and more. To protect yourself, be extremely wary of public WiFi. Don’t enter any financial information or visit any sites that require a password.
Cookies have been used by websites for years to make your browsing experience faster and more convenient. These text files store information so you don’t have to log-in every time you visit the same site, or otherwise streamline your experience. That information is dangerous if stolen, however. Hackers use a number of methods for stealing cookies. When they’re successful, they’re able to immediately gain access to certain sites and sometimes even gain payment information. Make sure that if you have cookies enabled, you’re only using HTTPS websites that use the latest encryption methods.
This is not only a common attack method, but also a simple one. Hackers use some social engineering to gain more downloads of malicious files and tempt more users to open those files. No one would want to download ‘malware.exe’, but when the file name is something more salacious or relevant to the user, many can’t resist. Some even use false file extensions to confuse users. The full file name may be ‘image.jpeg.exe’. The file is an executable application, not an image, but ‘.jpeg’ fools many users. To protect yourself, don’t download files that sound too good to be true and only download from trusted sources. If you aren’t expecting a file to be emailed to you, don’t open any attachments. Also, be sure to scan anything you download with your antivirus program before you open it.
Windows users have a DNS-related file named ‘Hosts’ in their ‘Drivers’ folder. Typically, there’s no reason for a normal user to interact with ‘Hosts’. It contains domain names that a user has visited and links them to their IP addresses. This is a way around having to contact DNS servers and perform recursive name resolution every time a popular site is visited. But, this opens the door for hackers to enter their own malicious entries into ‘Hosts’. By changing the IP addresses linked to common domain names, a hacker can redirect users to a spoofed version of a legitimate site. These malicious sites usually look very similar to the original, but are used to steal your data. This is a difficult attack to spot. If a site looks different than usual, avoid it. Don’t enter any information on a site that looks different than you’d expect. If you suspect you’re being maliciously redirected, examine your ‘Hosts’ file.
These are only a small collection of ways criminals can steal your data and infect your computer. For help improving your security, or fixing the effects an attack has had on your system, call Geek Rescue at 918-369-4335.
December 31st, 2013
If you use a smartphone or digital camera, you’re probably familiar with SD cards. They’re the small cards that store data using flash memory. For most users, they only think about their SD card when they’re transferring contacts to a new phone or removing pictures from their camera. As Stephen Shankland reports for CNet, however, a new technique exposed by security researchers has demonstrated how vulnerable SD cards are to “man in the middle” attacks.
A man in the middle attacks is true to its name. When data is transferred from one location or device to another, a third party intercepts that data in order to monitor, modify or copy it. This allows a criminal to gain access to valuable data like credit card information, or encryption keys. They could also substitute malicious files for trusted files in order to infect users with malware.
The vulnerability in SD cards exists in the cards’ microcontrollers. These are like built-in computers that manage the data stored on the SD card. By reverse engineering an SD card, researchers were able to install and run new firmware on the microcontroller then installed an application that would intercept data being sent by the device.
The specific attack used in the researchers’ demonstration doesn’t work for any flash-memory device because of variations in the microcontrollers, but this example exposes vulnerabilities for all devices using flash memory. This means similar attacks could be used to steal data from solid-state drives or eMMC storage for smartphones.
This is yet another example of the vulnerability of mobile devices. With millions of users and a general lack of security in place, mobile devices are an inviting target for hackers and new threats are emerging all the time. While this particular attack will need a change to the make-up of SD cards to close the vulnerability, other threats need only smarter user behavior. Remember that your mobile device faces the same risks as your PC and protecting it requires vigilance.
If any of your devices have been infected with malware, bring it to Geek Rescue or give us a call at 918-369-4335.
December 30th, 2013
The malware being used by hackers and their tactics are changing all the time. Throughout 2013, we’ve seen new threats emerge. Robert Lemos of Dark Reading lists some of the advanced attacks we saw in 2013 and how businesses should be changing their security infrastructure to protect against similar attacks in the future.
This form of ransomware began infecting users over the summer. Since then, it claimed an estimated 200-thousand victims in its first 100 days in the wild. Cryptolocker encrypts files stored on a user’s computer and demands a ransom before giving the key to decrypt. For businesses, educating users on how to avoid malware is imperative. Unlike some other forms of ransomware, Cryptolocker is not a bluff and will encrypt and destroy files if no payment is given. The best way to prevent that damage is to avoid malicious files from ever reaching your network.
This year, we saw more instances of attacks filtering through service and technology providers in order to reach their intended targets. This was demonstrated by the Syrian Electronic Army’s headline making attacks against the New York Times and other media outlets. In the New York Times attack, hackers tricked the domain registrar to transfer ownership of ‘nytimes.com’ to them. For businesses, this underscores the importance of selecting the right suppliers. Not only do you need to be wary of who you are working with, but you also need to be able to monitor them in real-time to stay ahead of any emerging threats.
Distributed Denial of Service attacks have been around for years, but 2013 saw them grow in size and scope and also become harder to recognize. Hackers use these attacks to flood websites and applications with requests, which either cause them to shut-down, or at least cause them to slow down and make it difficult to respond to legitimate requests. To increase the capabilities of DDoS attacks, hackers have begun to use reflection attacks, where mis-configured servers amplify the size of an attack. This is a threat that not only isn’t going away, but it’s increasing in frequency. Being aware of the capabilities of DDoS attacks and having a plan in place in case your organization is targeted is important.
These are threats that all businesses need to be prepared for and plan for. There are a number of ways to secure your organization, and each threat demands a different action.
For help with your company’s security, contact Geek Rescue at 918-369-4335.
December 23rd, 2013
Microsoft Security Essentials, which goes by the name Windows Defender for Windows 8 users, is built into the Windows operating system. It’s designed to give users protection from malware and other security threats, just as any antivirus or anti-malware application would. As Barry Collins reports for PC Pro, however, Security Essentials doesn’t provide adequate protection when compared to other antivirus options.
Security company Dennis Technology Labs tested nine security programs meant for use on personal computers on a machine running Windows 7. Eight of those tested detected and protected against at least 87-percent the malware samples used. Five security programs detected 98 to 99 percent of malware. Security Essentials protected against only 61-percent of malware threats.
These tests tell users that the free, built in option of Security Essentials can’t be relied on to keep your system safe from threats. According to Microsoft, it was never meant to be used as the sole security in place. Instead, it is meant to act in conjunction with other tools. With only 61-percent of malware detected, however, it seems unlikely that Security Essentials would be much help at all in assisting a more robust antivirus program.
Microsoft’s reasoning for not making Security Essentials a better security tool is sound. If every Windows user were able to use a free antivirus program that comes with their operating system, then all of them would likely use it and nothing else. That would eliminate diversity in the market, which would make it much easier for hackers to develop malware to specifically infiltrate systems running Security Essentials. With Security Essentials being viewed as an inferior tool, or at best a good assistant, users must decide on their own what third part antivirus program to put in place. Each of these has its own strengths and weaknesses and makes it more difficult to create malware that is capable of staying undetected for all users.
Though the thinking may be sound, Microsoft needs to do a better job alerting users about the nature of Security Essentials. Too many computers are using it as their primary antivirus protection, which leaves them incredibly vulnerable to attack. If you have no other security tools in place on your PC, look into trusted names like Norton and Kaspersky immediately.
If your computer has been infected by malware, bring it to Geek Rescue or give us a call at 918-369-4335.
December 20th, 2013
Security researchers have reported previously that hackers and some forms of malware can claim control of your computer’s webcam. In some instances of ransomware, the webcam is used to capture an image of the user in an intimidation attempt. In other cases, the webcam can be used without the users knowledge to spy on unsuspecting victims. Lucian Constantin of Network World reports that users with older Macs are particularly susceptible to this form of cyber attack.
On iMac and MacBook computers manufactured before 2008, first generation iSight webcams were used. These webcams have their LED light, which indicates when the webcam is in use, linked directly to the image sensor. When the LED is on, it means the webcam is capturing images, but hackers have found a way to alter the webcam’s firmware so the light doesn’t come on while the camera is active.
Not only does this allow spying on users without their knowledge, but being able to modify the webcam’s firmware also allows for malware to infect a Mac from a virtual machine. To do so, hackers would need to reprogram the webcam to act as a keyboard.
To defend against this type of attack, an extension could be created that blocks certain USB device requests. With a defense such as this in place, a hacker would need root access to alter the webcam’s behavior.
The most impenetrable defense would need to come in the form of a hardware redesign of the camera itself, which would make it impossible to disable the LED indicator. Researchers have already sent suggestions to Apple, but have yet to hear back.
Users who have an older Mac computer can take one easy precaution to prevent spying. That’s put tape, or a bandage, over the webcam. This doesn’t prevent malware infections, however that type of attack is extremely rare, at least for the time being.
If your device has been attacked or you’d like to improve your security, call Geek Rescue at 918-369-4335.
December 19th, 2013
If you’re on the ball this holiday season, you’ve probably already completed your online holiday shopping. For those who like to wait until the last minute, there’s still time with expedited shipping to find the perfect gift online. When you do shop online, it’s important to know how to stay protected to avoid scams, malware and identity theft. A post on the 2-Spyware blog details some of the threats to your security and what you’ll need to avoid them when shopping online.
Before you start surfing the web, check to make sure your antivirus program is up to date. You need to update your antivirus often because new malware is introduced every day and updating helps your antivirus identify and protect you from those latest threats. When shopping online, you’re more likely to visit sites you are unfamiliar with while searching for a deal. That makes it more likely you’ll visit a malicious site that’s designed to infect your computer with malware. Ecommerce sites also naturally experience more traffic during the holiday shopping season, which makes them more attractive targets for hackers than other times. This means that even trusted sites may be compromised.
If you’re shopping at sites you haven’t used before, you’ll probably be asked to create an account. It’s important to use a strong password that is long and uses upper and lower case letters, numbers and symbols so it’s difficult to hack. It’s also important not to use the same password for each account you create. Some of these sites may have less security than others, which means if their passwords are stolen and you use identical passwords for multiple sites, a hacker could gain access to all of your accounts.
Where you do your holiday shopping is also important. If shopping from home, make sure your network is secured and you’re using a firewall. Shopping while out and about it tempting, but it isn’t recommended. Public WiFi doesn’t offer any type of security. So, anytime you enter your account log-in and credit card information, that data can be monitored and stolen by a third party.
There are major sites like Amazon that you can trust to keep your payment information secure, but holiday shopping can sometimes lead you to untrusted sites in search of a deal. Some of these sites are completely legitimate, but don’t do enough to keep your information from being stolen. Other sites are scams claiming to sell popular items, but in reality they’re designed to steal your credit card information or infect your computer with malware.
Online shopping is convenient and a great way to quickly finish buying gifts, but it can also lead to costly cyber attacks.
For help improving the security on your computer or network, call Geek Rescue at 918-369-4355.
December 18th, 2013
In humans, early detection is important for treating viruses and other infections. The same goes for computers. Malware, viruses and other threats that infiltrate your system become more damaging the longer it takes to discover them. A post at Rediff points to some signs all computer users should look for that suggest your computer has been infected.
Email addresses are often hacked, but the good news is that it’s usually easy to tell when something’s wrong. Make a habit to check your sent messages and make sure they’re all emails you sent personally. If you have sent messages you don’t recognize, it’s likely that someone else has access to your account. If you’ve received a message from a contact that looks like spam, be sure to tell them that their email may have been compromised.
Most hackers will try to hide their actions, but some malware will still alter the look of your computer’s desktop. If your wallpaper has changed, or there are new icons you don’t recognize, there’s probably malware hiding somewhere on your system.
Malware has the ability to change your passwords, prevent you from accessing Windows tools like Control Panel and Task Manager and lock you out of your computer completely. If you notice your system performing strangely, even if it’s just slower than usual, it’s important to act quickly. Otherwise, you may find that you’ve lost control of your machine completely.
Malware infects computers in a variety of ways. Most commonly, it’s downloaded when a user opens a bad email attachment, or clicks on a bad link. Visiting untrusted websites and downloading programs from untrusted sources are also ways that malware can infect you.
There are two steps to avoiding malware. First, secure your computer. Install an antivirus program and use a secured network with a firewall in place. Then, be careful when surfing the web. Avoid potentially dangerous situations that could lead to a malware infection.
If your computer is infected by malware, bring it to Geek Rescue or call us at 918-369-4335. We’ll remove any harmful files and help you protect against future attacks.
December 17th, 2013
For business and even personal use, the cloud is earning the trust of more and more users. But, privacy and security remain major concerns. Victoria Ivey of CIO published a list of ways to maintain better security with the cloud, which mostly involve more diligence from users.
There are a seemingly endless number of options for how to use the cloud, but it’s not for everything. When it comes to storing data, your most valued, vital, important files should probably stay away. Cloud storage isn’t particularly insecure, but it doesn’t provide enough security for the data you absolutely cannot afford to lose.
Perhaps the most disregarded document in history is the user agreement. For cloud storage solutions, however, it’s necessary to wade through them. They contain important information about what your cloud provider offers and what level of protection you’re afforded. If you’d rather not read it, take some time to talk to your provider in-depth about the services. Knowing the details of your cloud service will help you use it better.
Passwords are a respectable security tool when used correctly. Unfortunately, most users insist on using a password they can easily remember and use no other considerations. This makes a password easily hackable. This doesn’t only apply to the cloud, but strong passwords are a must for every online account.
For added cloud security, use encryption on all data stored there. This way, if a third party does gain access to your cloud storage, there will be another layer of security in place to keep them from stealing data. There are a number of ways to encrypt files and some cloud providers will include encryption with your service. There have been cases where cloud providers have decrypted users’ data, however and allowed access to other parties. So, be cautious when choosing a provider and don’t blindly trust encryption services unless you’re the only one holding the key.
These are some basic, general tips for improved security with cloud computing. Research your provider and the services you’re signing up for and make sure you understand how the cloud works and how to best use it.
To find out what the cloud can do for you, call Geek Rescue at 918-369-4335. We offer a variety of cloud services and help you understand how the cloud is best utilized by your business.
December 16th, 2013
Two malicious applications, Win32/Winwebsec and Win32/FakePav, have been in the wild for years, but are troubling security experts thanks to their recent development. Both are fake antivirus programs, which go by ever-changing more common names like ‘Antivirus Security Pro”. They were first discovered in 2009 and 2010 respectively, but as Jeremy Kirk of Network World reports, only recently they’ve been observed using stolen digital security certificates.
Digital certificates are granted by Certification Authorities, or CAs, so legitimate developers can sign their applications and users can cryptographically verify that the application comes from a trusted source. When criminals steal these certificates, it makes it more difficult to catch their malicious programs before they damage a user’s system.
This isn’t a new practice. These bogus antivirus applications only just started using it to slip past security, however. Even more troubling is the way certificates are being stolen. Samples of this malware have been found carrying certificates from a number of different CAs from all over the world. Some of the certificates being used were as little as three days old.
The age of certificates is interesting because it reveals evidence that hackers are regularly stealing new certificates. It’s an ongoing problem. Previously, it had been thought that since stealing certificates is so difficult, older certificates were being used from successful attempts from long ago. In reality, it appears hackers are more successful than originally thought.
CAs are able to revoke certificates once they’ve been discovered being used with malicious software, but malware like these fake antivirus programs replace certificates periodically to stay ahead.
This poses a problem for both users and developers. For developers, having certificates stolen damages their credibility and can be expensive to replace certificates. For users, it’s harder to tell if an application can be trusted or not, which can result in the loss of data or the infection of your device is you choose wrong.
If you’ve downloaded a malicious program and are suffering from a malware infection, call Geek Rescue at 918-369-4335. We’ll fix your machine and help you prevent future attacks.