July 22nd, 2014
Many times, wireless routers and modems are forgotten end points. While close attention is paid to securing PCs with appropriate security tools, these devices are often left unpatched and vulnerable to attacks. As Lucian Constantin reports at Computer World, owners of Cisco devices are currently in the crosshairs because of an exposed security flaw that affects nine wireless devices for both home and business use.
The vulnerability is described as “a buffer overflow that results from incorrect validation of input in HTTP requests.” This means that attackers can remotely inject and execute code on a user’s connected device, which would likely allow them to infect the device with malware. On the Common Vulnerability Scoring System (CVSS), this security flaw was given the highest score possible, a 10.0. That score denotes that successful exploits of the flaw “compromise the confidentiality, integrity and availability of the targeted device.”
The devices affected are capable of functioning as routers or wireless access points, but experts report that the devices are vulnerable regardless of which mode it’s currently operating in.
For many flaws found for routers, there are workarounds or quick fixes that temporarily fix the problem until a patch is made available, but not for this specific flaw. The only fix is to apply an update directly from Cisco.
The affected devices are:
- Cisco DPC3212 VoIP Cable Modem
- Cisco DPC3825 8×4 DOCSIS 3.0 Wireless Residential Gateway
- Cisco EPC3212 VoIP Cable Modem
- Cisco EPC3825 8×4 DOCSIS 3.0 Wireless Residential Gateway
- Cisco Model DPC3010 DOCSIS 3.0 8×4 Cable Modem
- Cisco Model DPC3925 8×4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
- Cisco Model DPQ3925 8×4 DOCSIS 3.0 Wireless Residential Gateway with EDVA
- Cisco Model EPC3010 DOCSIS 3.0 Cable Modem
- Cisco Model EPC3925 8×4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
Some of these models are distributed by service providers so you’ll want to check your device even if it was supplied by your ISP. If you’re currently using a device on this list, it’s vital that you apply a software update as soon as possible.
If you become the victim of an attack, or have any type of problem with your gadgets, call Geek Rescue at 918-369-4335.
For other solutions for your business, our parent company, JD Young, is here to help.
July 21st, 2014
Spam is a well-known problem for email users. In the past couple of years, it’s also become a problem being distributed over text messages on smartphones. Now, as Adam Clark Estes reports for Gizmodo, iPhone users have to be wary of spam being sent via iMessage.
Security firm Cloudmark recently warned users about iMessage spam. That warning seems to have been issued because of a massive spam campaign that aims to sell counterfeit goods to consumers.
Links are sent to users via iMessage directing them to websites dedicated to promising name brand goods, like Oakley and Ray-Ban sunglasses and Michael Kors bags for low prices. While some sites of this nature are designed to steal credit card and other personal information or infect users with malware, it appears these sites actually do deliver the goods. But, they’re not legitimate.
Currently, the campaign has only targeted users in the biggest cities in the US. The spam has been spotted in New York City, Los Angeles, San Diego and Miami. In fact, this campaign alone has reportedly accounted for nearly half of New York City’s SMS spam, which includes spam being distributed via text message.
There are good reasons why spammers would want to use iMessage for their campaigns, rather than text messages and email. With email, most users have effective spam filters that prevent them from ever seeing the message. Text messages cost spammers money, especially if they’re sending them internationally. Meanwhile, iMessage is free to use and allows for the targeting of users with little to no security in place.
While this particular campaign may not have targeted your area, you can be sure that iMessage spam is a growing trend. Be wary of any messages received from someone not in your contacts and don’t click on links sent to your smartphone unless you know what they are.
If your device has been attacked or infected with malware, bring it to Geek Rescue or call us at 918-369-4335.
July 18th, 2014
Chances are, you have a router sitting in your home or office somewhere to help create a wireless network. Do you know how best to use this router to get the best performance possible from it? There are a number of variables like how close to walls or other interfering devices the router is placed that affect performance. Even incredibly minute details can hinder performance. At LifeHacker, Melanie Pinola explains the best way to position your router’s antennae.
The majority of routers have both antenna pointed straight up. That’s understandable when you consider the way a car’s radio antenna is situated. That’s not the ideal position for your router’s antennae, however.
An Apple engineer recently spoke about how to get optimal performance from your router and included this nugget. The ideal antenna placement is perpendicular, with one pointing straight up and another pointing horizontally. The reason is that “radio reception is maximized when both client and access point have matched polarization.” Put simply, your device’s antenna and the router’s need to be on the same plane.
Some device have vertical antenna, while others have horizontal. So, to get ideal connectivity for any device, your router’s antennae should point each way.
Similarly, there’s a specific way your router should sit also. If the router has feet on it, it’s because it’s designed to sit on those feet. Putting a router on its side when it’s intended to sit flat hinders performance. This is especially important for routers with internal antennae.
If you’re having problems with your hardware, be it your router, modem or computer, call Geek Rescue at 918-369-4335.
July 16th, 2014
Does the browser you use really make a difference in the performance of your device? Depending on your device and the browser you’re using, yes it does. There have been a number of studies to determine which browser runs the fastest and which takes up the most resources. At Forbes, Ian Morris reports that Google’s Chrome browser actually has a significantly negative impact on the battery life of Windows laptops.
The reason can be traced back to the “system clock tick rate”. As soon as Chrome is opened, it sets the rate to 1.000ms. When Windows is sitting idle, that number should be 15.625ms.
Those numbers likely mean nothing to you, but here’s what they signify. To save power, your processor sleeps when it has nothing to do and wakes at predefined intervals. At Windows default idle rate, the processor wakes about 64 times each second. That sounds like a lot until you realize that with Chrome open, it wakes 1-thousand times each second. Microsoft reports that a clock tick rate of 1.000ms increases power consumption by “as much as 25-percent”.
Other browsers, like Internet Explorer, also adjust the system clock tick rate, but only when they need to. For example, if you’re streaming a video, IE will adjust to 1.000ms. For normal browsing that’s less taxing, the rate stays at 15.625ms. That means power consumption is only increased for certain tasks, as opposed to Chrome, which increases power consumption as soon as it’s opened and keeps it high until all Chrome windows are closed.
This is only an issue for machines running Windows. Mac and Linux machines use “tickless timers”, which make Chrome’s habits ineffective. Mac users have reported, however, that Chrome seems to take up more resources than other browsers.
For users hoping for a fix, don’t hold your breath. Google has known about this bug since 2010 and hasn’t made it a priority. Microsoft is also likely to invest in a fix since other browsers, their own included, don’t have this issue.
For the time being, it appears that Chrome users best option is to switch to an alternate browser if battery life is a concern.
At Geek Rescue, we solve your computer problems. Whatever the issue, call us for help at 918-369-4335.
July 15th, 2014
Since 2013, Cryptolocker, a particularly nasty form of ransomware capable of locking users out of their own files, has been terrorizing its victims. The US Department of Justice, however, has announced that the malware is no longer a threat. Robert Westervelt has more details at CRN.
The DOJ has been working on a global operation to track down those responsible for Cryptolocker and the associated Gameover Zeus botnet. They believe they’ve found the responsible party, a 30-year old Russian computer programmer. He remains at large, but the infrastructure used to operate the malware has been dismantled, which has made Cryptolocker incapable of encrypting files on computers it infects.
All told, the ransomware and botnet were able to infect hundreds of thousands of devices and cost victims more than $100-million.
While Gameover Zeus infections fell by 31-percent over the past month, spurred by a law enforcement seizure of servers used to communicate with the botnet, there remain over 100-thousand infected computers.
Unfortunately, Cryptolocker was far from the only ransomware infecting users. Copycats and other forms of the malware are still a threat to infect a user’s system, encrypt files then demand a ransom payment in exchange for decryption. Victims of ransomware of this nature have little defense once they’re infected. The best course of action is to make full back-ups of your files regularly so that you can restore them in the case of an infection.
Ransomware has actually been on the rise recently thanks to kits being made available for sale by hackers. These kits automate attacks so that those with less expertise are able to execute them.
If any of your devices are suffering from a malware infection, or other issues, call Geek Rescue at 918-369-435.
July 14th, 2014
Common advice to web users is to always use a unique password for each online account. By doing so, all of your accounts aren’t compromised if someone else learns one of your passwords. The main complaint that accompanies this advice, however, is that it’s impossible to remember dozens of passwords and which account they each go to. That’s why password managers have become so popular recently. A password manager stores your log-in credentials for any site and encrypts them. Users are able to access their passwords, or have the password manager log-in for them, by using one master password. As Zeljka Zorz reports at Help Net Security, however, this introduces more problems if the password manager itself is insecure.
A group of researchers at the University of California-Berkley set-out to test some of the most popular password managers available to find any vulnerabilities that would lead to a user’s log-in credentials being compromised. The five managers tested, LastPass, RoboForm, My1Login, PasswordBox and NeedMyPassword, all contained some form of vulnerability.
The vulnerabilities were found in different features of the products and the root causes of each also were different for each vulnerability.
After the flaws were reported, however, all but NeedMyPassword responded and fixed the issues within a few days. It should also be noted that the vulnerabilities found by the researchers have no evidence of being exploited in the wild. This means that while the potential for an attack existed, no attackers had found it before it was discovered and patched.
That’s an important characteristic of any application. While vulnerabilities are unavoidable, being proactive in finding them and fixing them before they’re exploited is vital.
For users, the news that password managers contain vulnerabilities is no reason to avoid them. It is important to keep track of the news of potential attacks and regularly change your master password, however.
Many attacks that compromise online accounts stem from malware that’s infected your device. For help recovering from an attack, cleaning your system or creating a more secure environment, call Geek Rescue at 918-369-4335.
July 11th, 2014
Gmail is one of the most popular email clients around and iOS devices are likewise incredibly prevalent. It stands to reason, then, that millions of individuals access their Gmail accounts on their iPhone or iPad. As Jeremy Kirk reports for Computer World, doing so leaves users vulnerable to data theft.
At issue is a lack of a vital security technology that would keep attackers from spoofing security certificates and gaining access to the encrypted communications being sent through Gmail. Any website or application that has users sending potentially valuable personal information uses digital certificates to encrypt that data. Attackers have been able to fake these certificates, however, and decrypt the data.
Google would be able to put a stop to these man-in-the-middle style of attacks by implementing a technology called certificate “pinning”. This involves hard coding legitimate certificate details into an application. While Google has known about this vulnerability since late February, they’ve yet to implement pinning.
Making this more odd is that this vulnerability only affects iOS users because Gmail for Android uses certificate pinning. This is being referred to as “an oversight by Google”.
For the time being, using Gmail on your iPhone is unsafe. There’s always a possibility of your messages being intercepted by a third party.
At Geek Rescue, we offer a number of email solutions for home and business, as well as support for mobile devices, including iPhones and Androids. If you’re having issues with technology, call us at 918-369-435.
July 9th, 2014
When it’s time to upgrade to a newer smartphone, what should you do with your old phone? If it’s too old, or no longer functioning, you’ll probably look into recycling it. But, if it’s still in good shape, you can sell it for good money. The problem is that selling your phone might also mean giving someone else access to your data. AT ZDNet, Jack Schofield reports that a recent experiment by security company Avast revealed how vulnerable even deleted data is on smartphones.
Avast bought 20 previously owned Android smartphones off of eBay to find out how much data they could recover from the previous owner. Even though the phones had been wiped and returned to factory settings, the team was able to restore emails, text messages, images, contacts and even a completed loan application rich with valuable personal information.
All of this was possible through the use of available forensic software.
So, is selling your old smartphone really worth it if you’re risking losing control of your personal data? Probably not. There’s also an added worry with more employees using their personal smartphones for business. Their company’s data could be at risk also if they decide to sell their old smartphone for a few extra bucks.
There are plenty of apps available that claim to be able to effectively wipe your phone, but it’s hard to find out which are actually able to do the job. Many experts suggest that the only way to truly erase what’s stored on your phone is to destroy the hard drive completely.
This vulnerability is bad news for those who want to sell their old devices, but it could be good news for those who have accidentally deleted or lost access to important data. In those cases, it’s likely that those files can be restored through the right process.
At Geek Rescue, we’re able to recover lost, deleted or corrupted files from all devices. We also help secure your device, or reset it to factory settings. Whatever your need, give us a call at 918-369-4335.
July 2nd, 2014
In the fall of 2013, hackers infiltrated Target’s point-of-sale system and were able to steal credit card information from thousands of customers. That large scale attack prompted a re-evaluation of security by most companies to attempt to better protect customer data at its most vulnerable points. As Jaikumar Vijayan reports for Computer World, however, more businesses were recently victimized by a similar POS attack that compromised customers’ credit card information.
Information Systems and Supplies (ISS) provides POS systems to restaurants in the northwest. Recently, they informed customers that those systems may have been compromised, which may have led to the theft of customer’s credit card information.
The breach in security stems from attackers gaining access to ISS’s admin account, which allowed them to log-in remotely to ISS customer servers and PCs. Through remote access, data stealing malware was planted on the POS systems, which is capable of stealing the numbers of any credit card used between since the end of February.
It’s unclear exactly how hackers first gained access to the ISS admin account, but it’s believed to be fallout from a phishing scam.
One password was used to log-in to each POS system managed by ISS before this attack. Since learning of the breach, ISS has instituted unique passwords for each customer system.
This attack holds lessons for both individual users and businesses. This is an example of why reusing passwords, or using a single password to access an entire network, is dangerous. If one password is all that stands between an attacker and all of your most important data, you’re likely to suffer a catastrophic attack. It’s important to implement multiple passwords, two-factor authentication and other security measures.
Last year, nearly two-thirds of successful data breaches were caused by security vulnerabilities introduced by third party applications. Many businesses assume that third party software is secured and maintained by the vendor who supplies it, but that’s not always the case. Unfortunately, this mistrust leads to attacks that are able to use third party software to infiltrate an entire network.
At Geek Rescue, we offer support and service to both individuals and businesses. For help recovering from an attack or improving security to prevent one, call us at 918-369-4335.
June 27th, 2014
Google’s Chrome is the most used browser with just over half of internet users choosing it. Oddly, many of those individuals use Chrome every day without knowing all of the features and capabilities it offers. All browsers have hidden features that typical users don’t take advantage of regularly. As Evan Dashevsky of PC Mag explains, Chrome is ripe with additional features that make browsing easier and more convenient. Here are five useful features you probably don’t know about.
When you’re searching for information, the number of clicks and websites you have to visit can be exhausting. This trick helps you streamline that process. Any site that has a search bar included on it can be saved in your Chrome browser as a search engine. To do so, right click on the search bar and click ‘Add as search engine’. Now, if you’re searching for something you think might be on that site, you can simply type the name of the saved site in your address bar, press tab and enter your search term. Instead of searching Google, Chrome will search through the site you entered for your query. Since you can do this from any site or new tab, it saves you a few clicks.
Most users have learned, many by accident, that they can move a tab from one Chrome window to another, create a new window with it or rearrange the order of tabs in a single window. What few realize is that you can actually move multiple tabs at once. To do so, hold shift and click on the tabs you want to move together. For Mac users, hold the command key.
If you’ve got an image file saved and you’re not sure what it is, Chrome can help with that too. Just drag the file into Chrome and it will display the image. It’s much quicker than some other alternatives, but there are no additional editing features. This is for viewing the image only.
- Open Recently Closed Tabs
Most Chrome users take advantage of browsing in multiple tabs at once, which means most users have also accidentally closed a tab they immediately wanted back. Thankfully, Chrome includes a feature that acts like an Undo tool in a word processor. By pressing Control-Shift-T, you can regain your most recently closed tab. Keeping hit those keys and you can restore more tabs.
The address bar in Chrome is actually called the Omnibox, most likely because of all of the additional features built into it beyond just typing it URLs. For example, typing simple math equations into the Omnibox will produce the answer. It’s also capable of converting units, like telling you how many days a certain number of hours equates to. You can highlight text on a website and drag it directly into the Omnibox to search for that text. Also, the folded piece of paper or lock icon in the far left side of the Omnibox can be clicked to reveal information about the site you’re currently on like the cookies and permissions it uses.
At Geek Rescue, we know the tips and tricks needed to get the most out of your devices. For help with repairs, security and more, call us at 918-369-4335.
