Security Flaw In SD Cards Exposed

December 31st, 2013

SD card

If you use a smartphone or digital camera, you’re probably familiar with SD cards. They’re the small cards that store data using flash memory. For most users, they only think about their SD card when they’re transferring contacts to a new phone or removing pictures from their camera. As Stephen Shankland reports for CNet, however, a new technique exposed by security researchers has demonstrated how vulnerable SD cards are to “man in the middle” attacks.

A man in the middle attacks is true to its name. When data is transferred from one location or device to another, a third party intercepts that data in order to monitor, modify or copy it. This allows a criminal to gain access to valuable data like credit card information, or encryption keys. They could also substitute malicious files for trusted files in order to infect users with malware.

The vulnerability in SD cards exists in the cards’ microcontrollers. These are like built-in computers that manage the data stored on the SD card. By reverse engineering an SD card, researchers were able to install and run new firmware on the microcontroller then installed an application that would intercept data being sent by the device.

The specific attack used in the researchers’ demonstration doesn’t work for any flash-memory device because of variations in the microcontrollers, but this example exposes vulnerabilities for all devices using flash memory. This means similar attacks could be used to steal data from solid-state drives or eMMC storage for smartphones.

This is yet another example of the vulnerability of mobile devices. With millions of users and a general lack of security in place, mobile devices are an inviting target for hackers and new threats are emerging all the time. While this particular attack will need a change to the make-up of SD cards to close the vulnerability, other threats need only smarter user behavior. Remember that your mobile device faces the same risks as your PC and protecting it requires vigilance.

If any of your devices have been infected with malware, bring it to Geek Rescue or give us a call at 918-369-4335.

The Latest Advances In Advanced Cyber Attacks

December 30th, 2013

Cyber security concept

The malware being used by hackers and their tactics are changing all the time. Throughout 2013, we’ve seen new threats emerge. Robert Lemos of Dark Reading lists some of the advanced attacks we saw in 2013 and how businesses should be changing their security infrastructure to protect against similar attacks in the future.

  • Cryptolocker 

This form of ransomware began infecting users over the summer. Since then, it claimed an estimated 200-thousand victims in its first 100 days in the wild. Cryptolocker encrypts files stored on a user’s computer and demands a ransom before giving the key to decrypt. For businesses, educating users on how to avoid malware is imperative. Unlike some other forms of ransomware, Cryptolocker is not a bluff and will encrypt and destroy files if no payment is given. The best way to prevent that damage is to avoid malicious files from ever reaching your network.

  • Supplier Insecurity

This year, we saw more instances of attacks filtering through service and technology providers in order to reach their intended targets. This was demonstrated by the Syrian Electronic Army’s headline making attacks against the New York Times and other media outlets. In the New York Times attack, hackers tricked the domain registrar to transfer ownership of ‘nytimes.com’ to them. For businesses, this underscores the importance of selecting the right suppliers. Not only do you need to be wary of who you are working with, but you also need to be able to monitor them in real-time to stay ahead of any emerging threats.

  • The Growth of DDoS

Distributed Denial of Service attacks have been around for years, but 2013 saw them grow in size and scope and also become harder to recognize. Hackers use these attacks to flood websites and applications with requests, which either cause them to shut-down, or at least cause them to slow down and make it difficult to respond to legitimate requests. To increase the capabilities of DDoS attacks, hackers have begun to use reflection attacks, where mis-configured servers amplify the size of an attack. This is a threat that not only isn’t going away, but it’s increasing in frequency. Being aware of the capabilities of DDoS attacks and having a plan in place in case your organization is targeted is important.

These are threats that all businesses need to be prepared for and plan for. There are a number of ways to secure your organization, and each threat demands a different action.

For help with your company’s security, contact Geek Rescue at 918-369-4335.

Key Considerations For Buying A New Computer Monitor

December 30th, 2013

Pointing to monitor

When shopping for a new computer, there are a lot of factors most users consider. The speed of the processor, the size of the hard drive and the amount of RAM included are common considerations. But, what about the specs of the monitor? A powerful computer is great, but you have to have a monitor that’s right for your uses. Whitson Gordon at LifeHacker recently published a list of things to consider when buying a new computer monitor. The key here is that no monitor is perfect for everyone, but you can find one that’s perfect for you by considering how you’ll be using it most.

  • Size and Resolution

For many consumers, the size of their computer monitor is like the size of their television, bigger is better. But, in reality, there is a point when it becomes too big. Consider where your monitor will be and what type of work space you have. Don’t get a monitor too big for the space or you’ll find yourself using it uncomfortably. If you prefer to use more than one monitor at a time, that should weigh on the size of each also. Bigger monitors also demand a higher resolution or you’ll lose image clarity. For example, a 23-inch monitor with a 1080p display looks great, but the same resolution on a 27-inch monitor is noticeably less sharp.

  • Panels

The panel technology your monitor uses is also important to consider. Most LCD monitors will feature twisted nematic panels, or TN panels. They’re cheap and standard and offer some great specs. The refresh rate is high so you’ll enjoy a great experience when gaming or streaming video. The biggest complaint against TN panels is that they don’t offer the most accurate colors and are distorted at certain viewing angles. Vertical Alignment, or VA panels offer the truest blacks and more accurate colors than TN panels, but still suffer from distortion at some angles. In-plane switching panels are the top of the line option. For still images, they’re easily the best choice with accurate colors and wide viewing angles. But, they have a relatively low refresh rate so they’re not for everyone.

  • Anti-Glare

This seems like a minor concern until you sit down at your computer in the middle of the afternoon and can’t see what you’re doing. Anti-glare coating reduces glare from light coming from behind you, but it also decreases the quality of the image on your monitor. It becomes a little more dull and fuzzy due to the coating. If you’re planning to keep your monitor away from windows where glare isn’t a issue, you don’t need anti-glare coating. But, in other settings it’s a must and a slightly diminished display just comes with the territory.

  • Stand

The stand that comes with your monitor is another often overlooked feature. A poor quality stand, however, could keep you from adjusting your monitor to a comfortable position. Again, it’s important to think about how you’ll be using your computer. Some stands can only swivel vertically, while others also swivel from side to side. Some even allow you to flip your monitor into portrait mode. Don’t pay for features you won’t use, but be sure to get what you need.

There are plenty more features one could consider before buying a monitor, but by researching these four, you’ll have a good start on finding the best monitor for you.

If you have an existing monitor that just needs some work, bring it to Geek Rescue or call us at 918-369-4335. We fix all types of hardware problems.

Scareware Observed Targeting Android Users

December 24th, 2013

Virus warning

The amount of malware for smartphones grew exponentially throughout 2013. Because of its open source environment and number of users, Android phones were targeted most. Now, it seems some of the same tactics used for years by cyber criminals on PCs are transitioning to Android smartphones. Satnam Narang reports for Symantec that scareware has been observed attempting to trick users into downloading malware to their devices.

Scareware is a common practice used by hackers. By using social engineering, a criminal convinces a user that they’re facing an impending threat and need to buy or download a product to protect themselves. Usually, the scareware scam involves telling users that there is a virus or malware on their device and offering to remove it.

The latest scam observed targeting Android users involves mobile ads. They claim the user’s device has been infected by a trojan called MobileOS/Tapsnake. Tapsnake is a legitimate threat to Android users that’s been around since 2010, but it’s used here only to make the scam seem more credible. The ads include a button that claims to install a security app on your phone or scan and remove this threat. In actuality, you’re downloading malware.

Avoiding this type of scam should be simple. First, no online ad will scan your device and alert you of any malware it discovers. But, some unsuspecting users fall for it because they’re extremely worried about threats to their smartphone. This particular scareware displays on any smartphone, however. So, even iPhone users will be alerted that their Android device is at risk.

If you encounter on of these ads and are concerned about your phone, run your existing security app or download a trusted one from the Play store. To avoid accidentally downloading a malicious app, never download directly from a website.

If your smartphone has actually been infected by malware, bring it to Geek Rescue or call us at 918-369-4335.

How To Fix Android’s Biggest Flaws

December 23rd, 2013

Android with wrench

There are millions of Android users worldwide, but there are also plenty of annoyances that come with using an Android phone. Eric Ravenscraft at LifeHacker listed some of the most frustrating Android features and how to fix them.

  • Battery Life

Your smartphone’s battery dying in the middle of the day isn’t a problem limited to Android users, but it may be the one most complained about. As your phone gets older, the battery life tends to get worse. The obvious solution would be to buy a new smartphone. There are a number of newer options with either larger batteries or more efficient software that extends battery life. Not everyone wants to replace their phone just to get a longer lasting battery, however. And you don’t have to. You could also buy another battery instead. Either a second battery that you keep charged, or a larger capacity battery to replace your existing one. If you’d rather not spend any money, look at removing apps that cause the most drain, or download apps that help you control app’s battery usage. You can also disable bluetooth, GPS and WiFi capabilities when you’re not using them.

  • Bloatware

The apps and features that manufacturer’s load onto phones before you buy them are rarely useful. They’re referred to as bloatware or crapware by most and usually do nothing but take up space and resources. Unfortunately, you can’t always delete these apps, but you can disable them. Go to the app’s settings and you’ll find a ‘Disable’ button that will keep that app from taking up battery or updating. It will still take up storage space, however.

  • Notifications

So many apps are using notifications now that it’s hard to keep up with all of them. If you’re tired of wading through social media, game and email notifications, check for a ‘Notifications’ setting on each app. It may be in the app itself or in the Android app settings. Turning off notifications also reduces battery drain. If you can’t stop the notifications through a settings menu, there’s another way for Android 4.1 and newer users. In your ‘app manager’, uncheck the ‘show notifications’ option and you’re done.

Fixing these annoyances will improve your experience with your Android smartphone. If you have more serious issues, like broken hardware or a malware infection, bring your device to Geek Rescue or call us at 918-369-4335.

Microsoft Security Essentials Is Not A Primary Security Tool

December 23rd, 2013

Computer security concept

Microsoft Security Essentials, which goes by the name Windows Defender for Windows 8 users, is built into the Windows operating system. It’s designed to give users protection from malware and other security threats, just as any antivirus or anti-malware application would. As Barry Collins reports for PC Pro, however, Security Essentials doesn’t provide adequate protection when compared to other antivirus options.

Security company Dennis Technology Labs tested nine security programs meant for use on personal computers on a machine running Windows 7. Eight of those tested detected and protected against at least 87-percent the malware samples used. Five security programs detected 98 to 99 percent of malware. Security Essentials protected against only 61-percent of malware threats.

These tests tell users that the free, built in option of Security Essentials can’t be relied on to keep your system safe from threats. According to Microsoft, it was never meant to be used as the sole security in place. Instead, it is meant to act in conjunction with other tools. With only 61-percent of malware detected, however, it seems unlikely that Security Essentials would be much help at all in assisting a more robust antivirus program.

Microsoft’s reasoning for not making Security Essentials a better security tool is sound. If every Windows user were able to use a free antivirus program that comes with their operating system, then all of them would likely use it and nothing else. That would eliminate diversity in the market, which would make it much easier for hackers to develop malware to specifically infiltrate systems running Security Essentials. With Security Essentials being viewed as an inferior tool, or at best a good assistant, users must decide on their own what third part antivirus program to put in place. Each of these has its own strengths and weaknesses and makes it more difficult to create malware that is capable of staying undetected for all users.

Though the thinking may be sound, Microsoft needs to do a better job alerting users about the nature of Security Essentials. Too many computers are using it as their primary antivirus protection, which leaves them incredibly vulnerable to attack. If you have no other security tools in place on your PC, look into trusted names like Norton and Kaspersky immediately.

If your computer has been infected by malware, bring it to Geek Rescue or give us a call at 918-369-4335.

Older Macs Susceptible To Webcam Attacks

December 20th, 2013

Woman using Mac webcam

Security researchers have reported previously that hackers and some forms of malware can claim control of your computer’s webcam. In some instances of ransomware, the webcam is used to capture an image of the user in an intimidation attempt. In other cases, the webcam can be used without the users knowledge to spy on unsuspecting victims. Lucian Constantin of Network World reports that users with older Macs are particularly susceptible to this form of cyber attack.

On iMac and MacBook computers manufactured before 2008, first generation iSight webcams were used. These webcams have their LED light, which indicates when the webcam is in use, linked directly to the image sensor. When the LED is on, it means the webcam is capturing images, but hackers have found a way to alter the webcam’s firmware so the light doesn’t come on while the camera is active.

Not only does this allow spying on users without their knowledge, but being able to modify the webcam’s firmware also allows for malware to infect a Mac from a virtual machine. To do so, hackers would need to reprogram the webcam to act as a keyboard.

To defend against this type of attack, an extension could be created that blocks certain USB device requests. With a defense such as this in place, a hacker would need root access to alter the webcam’s behavior.

The most impenetrable defense would need to come in the form of a hardware redesign of the camera itself, which would make it impossible to disable the LED indicator. Researchers have already sent suggestions to Apple, but have yet to hear back.

Users who have an older Mac computer can take one easy precaution to prevent spying. That’s put tape, or a bandage, over the webcam. This doesn’t prevent malware infections, however that type of attack is extremely rare, at least for the time being.

If your device has been attacked or you’d like to improve your security, call Geek Rescue at 918-369-4335.

Subtle Changes Made With The Windows 8.1 Update

December 20th, 2013

Laptop updating

The update for Windows 8 has been available for about three months. Some of the new features are obvious, like the re-inclusion of the ‘Start’ button. But, as Ciprian Rusen of LifeHacker writes, there are a few interesting features that aren’t so evident. Not all of these are changes for the better, but all affect the way you’ll use Windows 8.1.

  • Privacy Controls

One of the biggest advances within Windows 8.1 is the ability to block the data apps from the Windows Store have access to. You can prevent apps from accessing your name and location. You can also turn off the advertising ID so you don’t get personalized ads using your information. Best of all, you can limit what apps have access to your microphone and webcam.

  • VPN Support

A virtual private network, or VPN, is a powerful tool for keeping your data safe when surfing the web. It’s particularly useful when you’d otherwise be on an unsecured connection like public WiFi. Windows 8.1 offers better support for VPNs than any previous version of the operating system. There are a number of new customization options when setting up your VPN and even included support for certain providers. Windows will even prompt you to sign into your VPN when an app attempts to access information best accessed over a secure connection.

  • Reading Mode For IE 11

Part of the updates included with the jump to Windows 8.1 was an update to Internet Explorer that introduces Reading Mode. Load any page with IE 11 and you’ll have a Reading Mode icon in the address bar. Using it will reload the page without distracting elements like ads to allow you to easily read the content you came for.

  • No Right-Click From Networks List

In Windows 8, users could right click on a Network and access customization options for that network connection or even use the ‘Forget Network’ option to remove the connection for the list. In Windows 8.1, this capability has been removed. Customization options for network connections haven’t been removed, they’re just more difficult to access.

  • SkyDrive Unavailable Offline

SkyDrive and Windows 8.1 have already had their problems, as reported by many users. A planned change with this update was to make SkyDrive documents only available with an internet connection. Files aren’t fully downloaded to your hard drive, so you’re only able to access them from the cloud with an active internet connection. A new column in the SkyDrive folder, called ‘Availability’, tells you if a file is ‘Available offline’ or ‘Online only’. This change is intended to help tablet users and those with very little available hard drive space. For those with more available space that want to avoid this irritation, changing the default to allow all files to be accessible while offline is easy to do through the ‘Settings’ menu.

Whether you’re running the latest version of Windows on a new PC or using an older computer, Geek Rescue has you covered for repairs. Whatever the problem you’re having is, call us at 918-369-4335 and we’ll fix it.

 

Users Report Windows 8.1 And SkyDrive Don’t Get Along

December 19th, 2013

Windows 8 on laptop

Microsoft released an update to Windows 8 about a year after the operating system first hit the market in October of 2012. A preview of that update has been available since June and many users have stuck with the beta version rather than updating fully. Microsoft is now warning that the beta version will expire in January, so users need to update before then. The problem is that users without Windows 8 on their machines will have to pay for the upgrade to 8.1. As Juan Carlos Perez writes for PC World, even more troubling are reports that Windows 8.1 causes issues with the SkyDrive cloud storage service.

Since installing the update, users have reported persistent error messages, slow performance, lost and corrupted files, sync problems and an inability to upload new files. All of these problems make cloud storage ineffective and un-usable.

A Microsoft spokesmen stated publicly that the company is aware of the problem some users are experiencing and are working with each of them individually to resolve it. However, of the more than 100 threads started about the SkyDrive issues on Microsoft’s Community forum, few have been given attention and a satisfying answer from moderators. The official company stance is that Windows 8.1 and SkyDrive work together fine for most users.

This opinion suggests that no patch is forthcoming from Microsoft that would fix the problem. That’s led many users to abandon SkyDrive for competing cloud storage services. That defeats the purpose of SkyDrive, since it was included in Windows for a seamless, hassle-free back-up and storage option.

This isn’t the first problem reported related to the update to Windows 8.1. In the weeks following its release, multiple bugs were found, including some users being unable to boot up there machines at all.

For those who have yet to update, it would be a good idea to back-up anything you have on SkyDrive with another cloud service. That way, if your system has issues, your files will be safe.

If your computer is having issues after a recent update, or for any other reason, bring it to Geek Rescue or give us a call at 918-369-4335.

 

Tips For Security While Shopping Online

December 19th, 2013

Online shopping image

If you’re on the ball this holiday season, you’ve probably already completed your online holiday shopping. For those who like to wait until the last minute, there’s still time with expedited shipping to find the perfect gift online. When you do shop online, it’s important to know how to stay protected to avoid scams, malware and identity theft. A post on the 2-Spyware blog details some of the threats to your security and what you’ll need to avoid them when shopping online.

  • Updated Antivirus

Before you start surfing the web, check to make sure your antivirus program is up to date. You need to update your antivirus often because new malware is introduced every day and updating helps your antivirus identify and protect you from those latest threats. When shopping online, you’re more likely to visit sites you are unfamiliar with while searching for a deal. That makes it more likely you’ll visit a malicious site that’s designed to infect your computer with malware. Ecommerce sites also naturally experience more traffic during the holiday shopping season, which makes them more attractive targets for hackers than other times. This means that even trusted sites may be compromised.

  • Strong Passwords

If you’re shopping at sites you haven’t used before, you’ll probably be asked to create an account. It’s important to use a strong password that is long and uses upper and lower case letters, numbers and symbols so it’s difficult to hack. It’s also important not to use the same password for each account you create. Some of these sites may have less security than others, which means if their passwords are stolen and you use identical passwords for multiple sites, a hacker could gain access to all of your accounts.

  • Secure Networks

Where you do your holiday shopping is also important. If shopping from home, make sure your network is secured and you’re using a firewall. Shopping while out and about it tempting, but it isn’t recommended. Public WiFi doesn’t offer any type of security. So, anytime you enter your account log-in and credit card information, that data can be monitored and stolen by a third party.

  • Trusted Websites

There are major sites like Amazon that you can trust to keep your payment information secure, but holiday shopping can sometimes lead you to untrusted sites in search of a deal. Some of these sites are completely legitimate, but don’t do enough to keep your information from being stolen. Other sites are scams claiming to sell popular items, but in reality they’re designed to steal your credit card information or infect your computer with malware.

Online shopping is convenient and a great way to quickly finish buying gifts, but it can also lead to costly cyber attacks.

For help improving the security on your computer or network, call Geek Rescue at 918-369-4355.