February 18th, 2014
Google Chrome is the most used web browser around, but many users don’t know half of its capabilities. Howard Wen of CIO looked specifically at the tools available for Chrome’s tabs that most don’t know about. Here’s a list of some helpful tab tricks and extensions.
It may not happen everyday, but there are times when you find yourself constantly refreshing a page. For those times, Chrome can help with the addition of an extension. There are multiple options, but all allow you to set a timer then sit back and let Chrome refresh regularly on its own.
Many Windows users already have the option of splitting the screen between two windows, but with the Split Screen extension for Chrome, you can display two websites in the same tab. There are multiple reasons why you’d want to or need to use split screen, but there’s one drawback. You have to enter the URLs of the sites you want to display manually, so there’s no option to quickly load favorites.
In the same vein as split screen is this extension that allows for even more customization. Tab Resize allows you to rearrange and resize up to four different Chrome windows so they all display on your screen at the same time. You can use the options that come with the extension, or make your own template for where tabs should go and how they should be sized.
The problem many of us encounter when using tabs to browse is that you end up with so many tabs open that it begins to hurt your systems performance. More tabs require more memory, which can eventually make your computer sluggish. To solve this problem, The Great Suspender, and other similar extensions, allows you to automatically suspend a tab that you haven’t used in awhile. This way, the tab won’t be using memory, but can be easily re-opened when you need it.
If you’re forced to abandon a project before you’re finished, but need to save all of your open tabs so you can pick back up later, you need the Project Tab Manager extension. This allows you to save all the open tabs in one click as bookmarks under a single folder that you name. There are similar extensions that save groups of tabs together so you can return and open all of them at once, or one at a time.
Chrome extensions add exceptional capabilities to the browser, but many users aren’t aware of them and don’t use them. It’s worth your time to head the the Google Web Store and look around for potentially helpful apps and extensions.
If you’re having issues with your computer or internet that an extension doesn’t solve, call Geek Rescue at 918-369-4335.
February 17th, 2014
It’s become well-known that more threats exist for Android users than exist for users of Apple devices. One of the reasons that malware often targets the Android operating system is because of the relative insecurity of the app store, Google Play. Malicious apps have repeatedly infiltrated Google Play and infected users. According to a post at GMA News, a number of malicious apps are currently available through the app store and they’ve already infected more than 300-thousand users.
Though the names of specific apps aren’t named, there are believed to be a number of apps responsible for malware infections. These apps typically pose as legitimate versions of other apps, or as different versions of popular, or trendy, apps. Most recently, the game Flappy Bird, which was taken out of app stores, has spawned a number of malicious copycats.
When a user mistakenly downloads one of these malicious apps, it steals the users phone number and uses it to sign up for a premium SMS service. This ends with additional fees being included on a user’s monthly bill. The attacker likely receives some sort of commission for bringing additional users to the service.
Part of this process involves the malware intercepting messages sent to a user’s smartphone and sending messages without the user’s knowledge. Because the premium service needs confirmation before it can begin to charge you, the malware must intercept the confirmation message containing a PIN, then send a message back with that PIN.
To gain access to a user’s phone number, the malware uses a vulnerability in the popular messaging app, WhatsApp. Even though users without WhatsApp could become download a malicious app and be infected, it’s not clear if the malware would have the same capabilities.
To avoid downloading an app that will infect your smartphone, be sure to carefully read the permissions the app requires. These malicious apps clearly state in their permissions that they read text messages and need a connection to the internet. While some apps needs those permissions legitimately, most do not. If an app asks for permissions they shouldn’t need, it’s best to avoid downloading.
If your smartphone is infected by malware, bring it to Geek Rescue or call us at 918-369-4335.
February 17th, 2014
A recently discovered form of malware is being called “the most sophisticated malware yet” by experts. As Timothy B. Lee reports for The Washington Post, this threat is capable of infecting almost anyone and of stealing almost anything.
Called Careto, this malware is actually a suite of tools used for collecting data from infected users. This highly targeted attack starts as a phishing scam. An email made to look like it’s from a major publication is sent to a user. Those that click on the provided link are taken to a malicious website that scans the user’s computer to find vulnerabilities.
Careto is capable of infecting a number of operating systems. Windows, OS X and Linux users are all at risk. Experts believe that mobile versions of the malware that target iOS and Android will be developed soon.
It’s when the malware has infected a user that the real trouble starts. Nearly everything a user does can be recorded by Careto. Network traffic is intercepted, keystrokes are logged, screen captures are taken, Skype conversations are monitored and all file operations are tracked. The malware can also sniff out encryption keys stored on a device.
The nature of the malware also allows for software or plug-ins to be added easily. This means additional capabilities are being added to steal other data or to add more features.
Because Careto is so complex, it’s difficult to detect, even if you’re running an up to date antivirus or anti-malware program. The best way to avoid infection is to be extremely cautious regarding links in emails. If a link is sent to you, it’s better to go to the site directly, rather than following the link. This eliminates the possibility that you’re being sent to a fake, spoofed, site.
If your computer is infected with malware, bring it to Geek Rescue or call us at 918-369-4335.
February 14th, 2014
There are a number of advantages to becoming a more mobile business. Employees are able to access data from virtually anywhere, which can make them more productive and give them access to vital information when meeting with clients. It’s also much easier for them to collaborate with others. There’s also the bring your own device trend that allows employees to integrate their own mobile devices into their work. All of these allow for more productivity and connectivity, but they also all introduce new security concerns. At Network World, Ed Tittel lists some best practices all business owners should be familiar with for dealing with mobile security.
With more smartphones being used worldwide and more valuable data being accessed with them, it stands to reason that they’re becoming a more valuable target for criminals. Attacks have been observed on both iOS and Android devices. For devices that are used to access company data, you can’t afford to let them connect to your network without proper security apps in place.
Typically, mobile communications are relatively easy for hackers to intercept. That’s why most experts recommend the use of a VPN, or virtual private network, to encrypt all communications between mobile devices and company servers. Cloud storage and an employee’s smartphone may both be properly protected, but when data is transferred between them there exists a vulnerability. Using a VPN eliminates that threat.
If a device is used to access company data, it should be secured with multiple forms of authentication. It goes without saying that smartphones should require a password to unlock, but newer devices also allow for fingerprint scanning or even facial or vocal recognition. In addition, companies need to plan ahead for cases when devices are lost or stolen. The ability to remotely lock and wipe lost devices is vital to security.
Once an employee begins using their mobile device for work, they lose the ability to use whatever software they choose. There must be some consideration to the security of the device and the company’s data. Completely blocking the downloading and using of third party software is one way. Another is to allow exceptions once IT or management is informed that an individual wants to download a third party application and it’s been cleared.
If you feel that you’ve put all the necessary precautions into place, you need to test to make sure there are no penetration points you’ve missed. How else will you be sure that your company’s data is protected from threats? Regular testing allows you to find vulnerabilities before the criminals do.
For help with the security at your business, contact Geek Rescue at 918-369-4335.
February 14th, 2014
This week, in the monthly edition of Patch Tuesday, Microsoft released a number of patches to fix vulnerabilities in Internet Explorer. Just days later, Microsoft has confirmed that a zero-day exploit is being used in an active attack campaign that targets IE 9 and 10. Brandan Blevins of Search Security reports more details.
The label ‘zero-day’ categorizes attacks that exploit vulnerabilities before a patch can be created. By definition, this is a case where attackers learned of a vulnerability before the developers.
The attack is also categorized as a “watering hole attack”, which means that a specific website is being targeted in order to infect the group that typically visits that site. In this case, the U.S. Veterans of Foreign Wars’ website has its HTML code tampered with in order to load a malicious web page for visitors. When that page loads, malware is downloaded and executed on the user’s machine.
The attack exploits what’s being called the “use-after-free” bug, which allows for one byte of memory to be modified at “an arbitrary address”.
Microsoft has not announced whether a patch will be rushed out to fix the vulnerability or if users will have to wait for March’s Patch Tuesday. In the meantime, there are two options for IE 9 and 10 users.
One is a complicated fix using Microsoft’s Enhanced Mitigation Toolkit Experience.
A simpler fix is to stop using IE 9 and 10 until a patch is released. Either change browsers to Chrome, Firefox or another popular choice, or upgrade Internet Explorer to version 11.
If your computer has already been infected with malware, bring it to Geek Rescue, or call us at 918-369-4335.
February 13th, 2014
Over the summer, Instagram users were warned about fruit spam, which consisted of images of fruit being uploaded to the social network that directed users to malicious websites. As Satnam Narang of Symantec reports, fruit spam has migrated to Snapchat, but still poses a danger to users.
The problem is not quite as simple as ignoring images sent using Snapchat that feature fruit or fruit based drinks. This Snapchat spam acts similarly to many email spam problems in that it infects a user, then sends spam to all of their contacts. In the past, Snapchat spam originated from fake accounts and was much easier to spot. Now, a trusted contact may be the one spamming you.
The Snaps urge users to visit frootsnap.com or snapfroot.com for the recipes of the drinks being shown. Instead, users land on a page made to look like a GroupOn product page that offers free diet pills. Users that attempt to buy the pills are directed to yet another website, which has been associated with excessive and fraudulent charges.
Unfortunately, the root of the problem has yet to be uncovered. It does not appear that users who click on the spam images are infected themselves, which means there is some other method for accounts to be hacked and spam sent from them.
Snapchat has released a statement saying that increased security measures have been taken and advise that users change and improve the strength of their passwords. While changing passwords seems to stop the spam originating from an account, deleting the app from your device does not.
Often, these types of scams originate from a malware infection. If you have a device that’s been infected with malware, or is just acting strangely, come by Geek Rescue or call us at 918-369-4335.
February 13th, 2014
In Cisco’s Annual Security Report, they claim that 99-percent of mobile malware targeted Android in 2013. Whether or not that’s completely accurate, it’s safe to say that more threats exist for Android users than their iOS counterparts. That doesn’t mean, however, that security shouldn’t be a concern for iPhone users. As Tom Brewster of The Guardian reports, there were 387 documented security flaws in iOS in 2012 compared to only 13 for Android. When iOS debuted, another 70 flaws needed to be patched. The existence of flaws doesn’t mean attacks on them are inevitable, but it does illustrate how vulnerable iOS users are. Here are a few ways attackers could attack Apple devices.
Even if the base of iOS itself isn’t vulnerable to attacks, the apps that users add often are. One prominent flaw is the allowance of developers to switch the internet address that apps use to acquire data. Hackers are able to exploit this flaw and associate an otherwise legitimate app with their own malicious site. This allows the attackers to execute a variety of malicious actions on a user’s device.
Legitimate apps often contains security vulnerabilities, but there’s only been one documented case of a malicious app being allowed into the official App Store. That likely won’t be the case for long, however. Researchers have already demonstrated ways for a harmful app to be approved by Apple and earn a spot in the app store. One demonstrated app works legitimately when tested by Apple, but is able to rearrange its code when it’s downloaded by users to steal data and remotely control certain functions of the the device.
Insecure WiFi opens up a number of possible attacks, regardless of what device you’re using to access it. Not only does data being sent to and from your device become vulnerable, but data stored insecurely on your device could also be vulnerable to an attack. While these dangers aren’t limited to iOS users, the perceived security of Apple devices often leads to iPhone users being more cavalier in the use of their device, which can lead to valuable data being stolen with little effort.
This is another threat that isn’t limited to iOS, but certainly is a threat worth understanding. The use of fake, or stolen, security certificates is a growing trend in cyber attacks and allows for malicious programs to be accepted and executed. For example, an email that appears to be from a legitimate source asks users to download an application, update or even just a document. Without a trusted certificate, users would be warned about the download. With a false certificate, or one stolen from a legitimate source, an application is accepted as trusted by the operating system and malware is allowed to infect your device.
Protecting against these vulnerabilities often requires users to be more careful about how they use their devices. Understanding that your iPhone isn’t completely immune from common threats is important.
If you find that one of your devices has been infected by malware, call Geek Rescue at 918-369-4335.
February 12th, 2014
Office 365 contains vital tools for businesses of any size. With so many companies relying on Microsoft’s applications, there’s a need for improved security to protect valuable data. As Alexandra Gheorghe reports for Hot For Security, Office 365 users will now be using two-factor authentication to keep the data used within applications safer.
Previously, data being stored in the cloud through Office 365 was protected only by a password, except for those users with administrative roles who have had access to two-factor authentication since June. Now, all users will have be able to use the enhanced security.
Before you are able to log-in, users will need to correctly enter their password, then use a separate, one-time code that’s sent to them via text message or app notification on their smartphone. Users also have the option of having Microsoft call their smartphone or office phone and simply hitting pound to authenticate. This will verify the device being used to access Office 365. To access your account from another device, the authentication process would have to be used again.
Two-factor authentication isn’t foolproof. Attacks that successfully compromised two-factor systems have already been observed in the wild. But, it’s considered much more secure than using a password alone. Since the aim is to protect data stored in the cloud, protecting it from remote access by unknown sources is important.
While two-factor authentication is not yet available for desktop applications, Microsoft is adding App Passwords to offer additional security for those users.
For help implementing Office 365 at your business, or for help improving your security infrastructure, call Geek Rescue at 918-369-4335.
February 12th, 2014
Every few months it seems a new game appears in the App Store and takes the world by storm. The latest trendy mobile app is Flappy Bird, which tasks users with navigating a bird through tunnels. The game became so popular, so quickly, that the developer pulled it from the App Store because he worried it was too addicting. That created a need, however, that can be exploited. CNet’s Don Reisinger reports that fake version of Flappy Bird for Android are popping up everywhere and infecting users with malware.
The first sign that these apps aren’t the official game is that they don’t appear in the Play Store. Instead, users are finding them in 3rd party app stores that don’t verify their apps and don’t promise the same security. The fact that the legitimate Flappy Bird app is no longer available has led many users to ignore warning signals, however.
In many cases, the app infects a user’s device with malware directly. In some observed cases, however, the app asks a user to send a text to a supplied number. This is likely done under the guise of registering the game. Or, the app may even be able to take control of a user’s device and send the app without the user’s knowledge. In any case, once a text message is sent to the app’s creator, they have everything they need to attack and control the device.
It appears the malware being spread with these fake apps doesn’t steal data, but rather is used to send text messages and make phone calls to premium numbers. This likely earns the hackers a commission for each call or message. For users, it drives up the cost of their next phone bill.
In this specific case, users need to understand that an official Flappy Bird app is no longer available anywhere. Any app calling itself Flappy Bird is a fake and likely an attempt to compromise your device.
When downloading any app, it’s best to download directly from the official app store, rather than taking your chances with an unverified app from a third party.
If your smartphone, tablet or computer has been infected with malware, bring it to Geek Rescue or call us at 918-369-4335.
February 11th, 2014
When buying new servers for your business, there are a number of factors to consider to ensure that you get exactly what you need. A new trend being adopted by IBM and HP could add some confusion and frustration to the process. As David King of IT Manager Daily reports, HP recently announced that firmware updates will only be available for its users who are under warranty or a support agreement. IBM has already made that change in policy.
This news means that in order to secure your servers, you’ll have to pay more than ever before. For small business who have already stretched their IT budget thin, this could be a real problem. To save yourself some trouble, and possibly some money, here’s what you need to consider before buying a server.
While IBM’s and HP’s service comes with an expiration date that requires you to pay more for continued support, other companies like Dell and Cisco have no such stipulations. That’s not to say that one company is a better option than another. Rather, the point is that a seemingly cheap server with a limited warranty may end up being more costly than a more expensive server with an unlimited service plan. Before making a purchase, the terms of service needs to be among your first concerns.
If you already have servers that will soon lose their support, or you decide that expiring support isn’t a deterrent for buying a server, there are options for when your warranty finally expires. Before you renew with the server’s manufacturer, check around with third party support companies that may offer better service for less money. A local company may be able to offer support that’s more personalized to your specific needs, rather than the one size fits all approach of the giants.
In order to recoup some of the money spent on new servers, many companies plan to resell them when they’re no longer needed. The value of old servers could take a major hit if the manufacturer no longer covers them. This suggests that servers from manufacturer’s with unlimited service plans will enjoy a higher resale value than those with an expiring service plan. Keep that in mind when you’re purchasing a server if you plan to sell it later.
If you have questions about your server needs, want to explore other options for support or would like to store your company’s data on off-site servers you don’t have to manage yourself, call Geek Rescue at 918-369-4335.