July 21st, 2014
Spam is a well-known problem for email users. In the past couple of years, it’s also become a problem being distributed over text messages on smartphones. Now, as Adam Clark Estes reports for Gizmodo, iPhone users have to be wary of spam being sent via iMessage.
Security firm Cloudmark recently warned users about iMessage spam. That warning seems to have been issued because of a massive spam campaign that aims to sell counterfeit goods to consumers.
Links are sent to users via iMessage directing them to websites dedicated to promising name brand goods, like Oakley and Ray-Ban sunglasses and Michael Kors bags for low prices. While some sites of this nature are designed to steal credit card and other personal information or infect users with malware, it appears these sites actually do deliver the goods. But, they’re not legitimate.
Currently, the campaign has only targeted users in the biggest cities in the US. The spam has been spotted in New York City, Los Angeles, San Diego and Miami. In fact, this campaign alone has reportedly accounted for nearly half of New York City’s SMS spam, which includes spam being distributed via text message.
There are good reasons why spammers would want to use iMessage for their campaigns, rather than text messages and email. With email, most users have effective spam filters that prevent them from ever seeing the message. Text messages cost spammers money, especially if they’re sending them internationally. Meanwhile, iMessage is free to use and allows for the targeting of users with little to no security in place.
While this particular campaign may not have targeted your area, you can be sure that iMessage spam is a growing trend. Be wary of any messages received from someone not in your contacts and don’t click on links sent to your smartphone unless you know what they are.
If your device has been attacked or infected with malware, bring it to Geek Rescue or call us at 918-369-4335.
July 15th, 2014
Since 2013, Cryptolocker, a particularly nasty form of ransomware capable of locking users out of their own files, has been terrorizing its victims. The US Department of Justice, however, has announced that the malware is no longer a threat. Robert Westervelt has more details at CRN.
The DOJ has been working on a global operation to track down those responsible for Cryptolocker and the associated Gameover Zeus botnet. They believe they’ve found the responsible party, a 30-year old Russian computer programmer. He remains at large, but the infrastructure used to operate the malware has been dismantled, which has made Cryptolocker incapable of encrypting files on computers it infects.
All told, the ransomware and botnet were able to infect hundreds of thousands of devices and cost victims more than $100-million.
While Gameover Zeus infections fell by 31-percent over the past month, spurred by a law enforcement seizure of servers used to communicate with the botnet, there remain over 100-thousand infected computers.
Unfortunately, Cryptolocker was far from the only ransomware infecting users. Copycats and other forms of the malware are still a threat to infect a user’s system, encrypt files then demand a ransom payment in exchange for decryption. Victims of ransomware of this nature have little defense once they’re infected. The best course of action is to make full back-ups of your files regularly so that you can restore them in the case of an infection.
Ransomware has actually been on the rise recently thanks to kits being made available for sale by hackers. These kits automate attacks so that those with less expertise are able to execute them.
If any of your devices are suffering from a malware infection, or other issues, call Geek Rescue at 918-369-435.
July 14th, 2014
Common advice to web users is to always use a unique password for each online account. By doing so, all of your accounts aren’t compromised if someone else learns one of your passwords. The main complaint that accompanies this advice, however, is that it’s impossible to remember dozens of passwords and which account they each go to. That’s why password managers have become so popular recently. A password manager stores your log-in credentials for any site and encrypts them. Users are able to access their passwords, or have the password manager log-in for them, by using one master password. As Zeljka Zorz reports at Help Net Security, however, this introduces more problems if the password manager itself is insecure.
A group of researchers at the University of California-Berkley set-out to test some of the most popular password managers available to find any vulnerabilities that would lead to a user’s log-in credentials being compromised. The five managers tested, LastPass, RoboForm, My1Login, PasswordBox and NeedMyPassword, all contained some form of vulnerability.
The vulnerabilities were found in different features of the products and the root causes of each also were different for each vulnerability.
After the flaws were reported, however, all but NeedMyPassword responded and fixed the issues within a few days. It should also be noted that the vulnerabilities found by the researchers have no evidence of being exploited in the wild. This means that while the potential for an attack existed, no attackers had found it before it was discovered and patched.
That’s an important characteristic of any application. While vulnerabilities are unavoidable, being proactive in finding them and fixing them before they’re exploited is vital.
For users, the news that password managers contain vulnerabilities is no reason to avoid them. It is important to keep track of the news of potential attacks and regularly change your master password, however.
Many attacks that compromise online accounts stem from malware that’s infected your device. For help recovering from an attack, cleaning your system or creating a more secure environment, call Geek Rescue at 918-369-4335.
July 11th, 2014
Gmail is one of the most popular email clients around and iOS devices are likewise incredibly prevalent. It stands to reason, then, that millions of individuals access their Gmail accounts on their iPhone or iPad. As Jeremy Kirk reports for Computer World, doing so leaves users vulnerable to data theft.
At issue is a lack of a vital security technology that would keep attackers from spoofing security certificates and gaining access to the encrypted communications being sent through Gmail. Any website or application that has users sending potentially valuable personal information uses digital certificates to encrypt that data. Attackers have been able to fake these certificates, however, and decrypt the data.
Google would be able to put a stop to these man-in-the-middle style of attacks by implementing a technology called certificate “pinning”. This involves hard coding legitimate certificate details into an application. While Google has known about this vulnerability since late February, they’ve yet to implement pinning.
Making this more odd is that this vulnerability only affects iOS users because Gmail for Android uses certificate pinning. This is being referred to as “an oversight by Google”.
For the time being, using Gmail on your iPhone is unsafe. There’s always a possibility of your messages being intercepted by a third party.
At Geek Rescue, we offer a number of email solutions for home and business, as well as support for mobile devices, including iPhones and Androids. If you’re having issues with technology, call us at 918-369-435.
July 9th, 2014
When it’s time to upgrade to a newer smartphone, what should you do with your old phone? If it’s too old, or no longer functioning, you’ll probably look into recycling it. But, if it’s still in good shape, you can sell it for good money. The problem is that selling your phone might also mean giving someone else access to your data. AT ZDNet, Jack Schofield reports that a recent experiment by security company Avast revealed how vulnerable even deleted data is on smartphones.
Avast bought 20 previously owned Android smartphones off of eBay to find out how much data they could recover from the previous owner. Even though the phones had been wiped and returned to factory settings, the team was able to restore emails, text messages, images, contacts and even a completed loan application rich with valuable personal information.
All of this was possible through the use of available forensic software.
So, is selling your old smartphone really worth it if you’re risking losing control of your personal data? Probably not. There’s also an added worry with more employees using their personal smartphones for business. Their company’s data could be at risk also if they decide to sell their old smartphone for a few extra bucks.
There are plenty of apps available that claim to be able to effectively wipe your phone, but it’s hard to find out which are actually able to do the job. Many experts suggest that the only way to truly erase what’s stored on your phone is to destroy the hard drive completely.
This vulnerability is bad news for those who want to sell their old devices, but it could be good news for those who have accidentally deleted or lost access to important data. In those cases, it’s likely that those files can be restored through the right process.
At Geek Rescue, we’re able to recover lost, deleted or corrupted files from all devices. We also help secure your device, or reset it to factory settings. Whatever your need, give us a call at 918-369-4335.
July 2nd, 2014
In the fall of 2013, hackers infiltrated Target’s point-of-sale system and were able to steal credit card information from thousands of customers. That large scale attack prompted a re-evaluation of security by most companies to attempt to better protect customer data at its most vulnerable points. As Jaikumar Vijayan reports for Computer World, however, more businesses were recently victimized by a similar POS attack that compromised customers’ credit card information.
Information Systems and Supplies (ISS) provides POS systems to restaurants in the northwest. Recently, they informed customers that those systems may have been compromised, which may have led to the theft of customer’s credit card information.
The breach in security stems from attackers gaining access to ISS’s admin account, which allowed them to log-in remotely to ISS customer servers and PCs. Through remote access, data stealing malware was planted on the POS systems, which is capable of stealing the numbers of any credit card used between since the end of February.
It’s unclear exactly how hackers first gained access to the ISS admin account, but it’s believed to be fallout from a phishing scam.
One password was used to log-in to each POS system managed by ISS before this attack. Since learning of the breach, ISS has instituted unique passwords for each customer system.
This attack holds lessons for both individual users and businesses. This is an example of why reusing passwords, or using a single password to access an entire network, is dangerous. If one password is all that stands between an attacker and all of your most important data, you’re likely to suffer a catastrophic attack. It’s important to implement multiple passwords, two-factor authentication and other security measures.
Last year, nearly two-thirds of successful data breaches were caused by security vulnerabilities introduced by third party applications. Many businesses assume that third party software is secured and maintained by the vendor who supplies it, but that’s not always the case. Unfortunately, this mistrust leads to attacks that are able to use third party software to infiltrate an entire network.
At Geek Rescue, we offer support and service to both individuals and businesses. For help recovering from an attack or improving security to prevent one, call us at 918-369-4335.
June 26th, 2014
A well-known online scam is directing users to malicious websites by sending them emails claiming to contain links to en e-card. Usually, the goal of these scams is to infect users with malware, but as Sean Butler reports for Symantec, the latest scam attempts to steal users’ money by promising a get rich quick scheme.
The email messages used in the scam appear to be sent from a legitimate e-card website, 123greetings.com. It contains only one sentence with a link to supposedly view your e-card. In most scams of this nature, this link would take you to a website where malware would be downloaded to your device. In this case, however, you are delivered to a site that’s made to look like 123greetings.com. Instead of malware, users are met with a long message that appears to be from a friend urging you to take part in a get rich quick scheme.
This spoofed version of the e-card site was only registered on June 17, according to WhoIs. From that site, users are sent to several other sites that all attempt to verify the authenticity of the ‘business opportunity’. Users are promised the chance to make thousands of dollars each week, but there’s a significant catch. It requires an initial payment of $97.
In addition to stealing a user’s money, contact details are also obtained, which could allow the spammers to attack the same individuals in future scams.
It’s never a good idea to follow links sent in unsolicited emails, but there are additional clues that this particular email isn’t legitimate. Most notably is the use of URL shorteners. Actual emails from 123greetings, aside from including much more than a lone sentence and link, include the full length with their domain name. The emails sent as part of this scam are shortened to obscure the true URL.
For additional tools that keep malicious emails like this out of your inbox, or for help recovering from a malware infection, call Geek Rescue at 918-369-4335.
June 24th, 2014
Moving part of your business’s operations to the cloud offers you a number of advantages, including more flexibility and mobility. It does introduce a few challenges related to security, however. Since employees are able to access more from more places, that means the possibility of criminals accessing important data increases. Another possibility is a crippling denial of service attack that makes any applications or data stored in the cloud unreachable. That’s what happened recently to a company hosted in Amazon’s Web Service Cloud. That attack prompted Tech World’s Brandon Butler to publish a list of tips for protecting any infrastructure as a service cloud.
- Two-Factor Authentication
The primary worry when data is available from anywhere is that log in credentials will be stolen or hacked allowing a third-party to access everything stored in the cloud. To prevent this from occurring, two-factor authentication is extremely useful. Rather than a simple log-in name and password, two-factor authentication requires a unique PIN for a user to log-in from an unrecognized device. This PIN is often sent to the user’s registered phone via text message. If an unrecognized device tries to log-in to the cloud, even with a recognized username and password, a PIN will be required, which should keep attackers out.
One of the keys to spotting a developing problem with the cloud is closely monitoring regular activity. You need to know what behaviors are normal so you can spot irregular or suspicious activity and investigate before any real problems develop. There are a number of tools available to help monitor activity like when and where users log in from. Keeping a close eye on these reports allows you to see when unknown IP addresses are attempting to gain access.
Unfortunately, no security tool can guarantee that no criminal will ever gain access to your data. In the event someone does gain access to the cloud, it’s important to have encryption in place so important data isn’t readily available to them. It’s also important to understand that not all encryption is created equal. While some is useful to protect your data in the event of a large scale attack against the whole system, that same encryption likely wouldn’t be effective should an individual user’s account be compromised.
As with anything else, if it’s important, it’s important enough to make copies. Making back-ups doesn’t improve security or protect you from an attack. It does, however, make attacks much less costly because recovery times are much shorter and much less data is completely lost. Some cloud services automatically back-up data stored there, but not all do. It’s important to know if your data is being backed up, or if you need to make arrangements yourself. You’ll also need to decide if everything stored in the cloud needs to be backed up regularly, or if there is specific, vital data that needs the most attention.
The cloud is becoming an invaluable tool for business and securing it properly is vital to the success of your operations.
For help implementing and securing the cloud, call Geek Rescue at 918-369-4335.
June 23rd, 2014
The Heartbleed bug, which was revealed in April as a serious threat to all websites using OpenSSL, has caused system administrators to scramble to update and patch servers. Even after months of work, however, a recent report found more than 300-thousand servers still vulnerable. At PC Mag, Stephanie Mlot explains why there are still websites can’t be trusted.
Errata Security conducted the scan that revealed 309,197 servers are still vulnerable to Heartbleed. That’s down from the 600-thousand vulnerable systems at the first report of the bug, but according to the security company, suggests some administrators have stopped any efforts to patch their servers. That likely means these vulnerable websites will remain until outdated technology is replaced, which could leave vulnerable servers in place for a decade.
This is a serious concern for web users because there’s nothing they can do to improve the security of these vulnerable site from their end. The best course of action is to regularly change passwords and be sure to use a unique password for each online account. Using this practice ensures that only one account is compromised if a criminal gets your log in credentials and regularly changing passwords ensures that compromised accounts won’t stay compromised for long.
If your servers haven’t been updated since news of Heartbleed broke, or you haven’t tested to see if you’re vulnerable, you’re running a significant risk.
At Geek Rescue, we handle security for both individual users and organizations. Let us be your IT team. Call us at 918-369-4335.
June 17th, 2014
A distributed denial-of-service attack, or DDoS, often makes headlines for attacks on large enterprises and popular websites. Victims of DDoS attacks come in all sizes, however. These highly targeted attacks can be launched against any organization to slow operations to a crawl or a standstill. When faced with a DDoS attack, it’s important to take the right actions in order to keep it from crippling your network. At Dark Reading, Kelly Jackson Higgins reveals what not to do in your preparations for potential attacks.
The absolute worst case scenario is assuming that your business won’t be targeted by a DDoS attack. There’s certainly a chance you could be right, but it’s a big gamble. If you are attacked without a plan in place, you risk being unable to serve your customers for weeks. Putting the proper security tools in place before an attack allows you to recover quickly, or in many cases avoid any damages or downtime. Too often organizations wait until an attack is already taking place to act. By then, the time required to mitigate the attack is multiplied.
Just putting precautionary measures in place isn’t enough, however. One infamous story explains how a large banking institution implemented a DDoS mitigation service, but when they put their plan into action for the first time, their entire network went down. Failing to properly test your mitigation system before it’s needed isn’t so different from having no system at all. In other cases, mitigation services have been known to slow down services. During an attack, this might be attributed as a DDoS side effect. Without proper testing, you may be doing harm to your own network and services.
- No Relationship With Your ISP
Your internet service provider is the first line of defense in most DDoS attacks. From a so-called “upstream” vantage point, ISP’s are able to see if malicious traffic is targeting a specific network or application. While you may be locked out of your own network due to an influx of traffic, your ISP could be able to limit that traffic or even stop it before it does any damage. Once again, once an attack has started it’s already too late. The key is to partner with your ISP early and ensure that they’re monitoring activity for signs of a possible DDoS.
DDoS attacks are able to knock services offline and prevent you from doing business and serving your customers. To find out what security measures are needed, call Geek Rescue at 918-369-4335.