January 20th, 2014
Google Chrome is the most used web browser in the world, but it recently made headlines for the wrong reasons. Chrome features extensions, which are additions that improve the capability and functionality of the browser. As Lucian Constantin reports at Computer World, two extensions were removed from the Chrome Web Store after users reported they were injecting adware into legitimate websites. This caused ads and paid links to appear for users with these extensions, which Google explicitly forbids in their extension agreement.
The nature of how these extensions began distributing adware is interesting. Both extensions, ‘Add to Feedly’ and ‘Tweet This Page’, were both sold recently by their developers. Both already had thousands of users who had added their extensions and both were developed as legitimate, useful extensions. Once they were sold, an update was released that featured no bug fixes or additional features. Instead, the update turned the extensions into adware.
When these new malicious extensions are added to Chrome, links on websites you visit are replaced with links to sites within an advertising network. Those responsible for altering the extensions are likely being paid each time a user clicks on these links. The sites a user is taken to aren’t necessarily harmful themselves, but they won’t be where anyone intended to go.
This method of altering existing extensions is effective because most users allow extensions to be updated automatically without having to take any action themselves. So, a third party is able to purchase an extension that is already installed on thousands of browsers and immediately have access to those users. It also seems that extensions with certain permissions are being targeted. Even trusted extensions often have permission to alter content on the websites a user visits. Some also have authorization to post to social media profiles or the ability to access passwords. With these permissions in place, altering an existing extension can give criminals the ability to post spam links, send users to malicious sites and steal log-in information.
Because of the way Google monitors extensions, security experts believe this method wouldn’t be effective for distributing malware. But, hackers can purchase extensions and make changes to accomplish a number of nasty jobs without having to infect users with typical malware.
Changes to Chrome’s Web Store may be coming soon to close this vulnerability. For now, make sure your extensions don’t update automatically and read the permissions of each carefully.
If your computer has been compromised and is need of a repair, call Geek Rescue at 918-369-4335.
January 17th, 2014
A shocking number of small businesses don’t invest in security to keep their data, and their customer’s data, safe from hackers and malware attacks. Many small business owners believe they won’t be a target because they don’t have as much valuable data as larger competitors. From a hacker’s point of view, however, grabbing a few credit card numbers, or infecting a small network without having to bypass robust security can be more attractive than trying to hack a complicated IT infrastructure. To help your business stay safe from cyber attacks, security expert David Campbell outlined some vital ways to improve security at Florida Today.
Updates to your operating system, antivirus program and vital applications are available nearly every day. The reason there are so many updates is because new vulnerabilities and pieces of malware are unveiled. To close flaws in security and eliminate bugs, you need to update constantly. Out of date applications tell hackers that known attacks will work against your network.
Do you know who can access your company’s data? You should be carefully tracking who is accessing your servers and from where. This way, you’ll be able to spot a potential attack before it does much damage. Also, be sure to limit employees who don’t need access to certain files or applications. By limiting access to only those individuals who need it, you minimize risk.
Proper testing can be the difference between a hassle-free integration of new technology and an extended period of downtime. From a security standpoint, make sure any new software you introduce is compatible with existing security features. Even when you have set up an effective security infrastructure, changes to your network could present vulnerabilities.
In addition to watching who is accessing data, keep an eye on how much traffic is running through servers. A spike in traffic can be a warning sign that a third party is using your resources maliciously. By closely monitoring the use of your resources, you’ll be able to spot problems before they cost you money.
If you run a business, you have information that criminals find valuable. Eventually, a lack of security will cost your company money and credibility.
Don’t wait, improve security at your business today by calling Geek Rescue at 918-369-4335.
January 17th, 2014
You’ve no doubt heard of the recent attack that stole data, including credit card numbers, from Target customers. After that attack, it was discovered that malware capable of stealing data out of the memory of point-of-sale devices, which are used by retailers and just about any organization that accepts payment digitally. Mathew J. Schwartz of Information Week published some facts about this memory-scraping malware that both users and businesses should know in order to stay safe.
The first time a memory scraping malware attack took place was in November of 2011 when several hotels had point-of-sale systems compromised. Since then, the malware has targeted hotels, auto dealerships, healthcare companies and many others. No previous attacks reached the scale of the Target breach, however. It is believed that those attackers successfully stole more records than any similar, previous attack.
You might think that important information like credit card information should be encrypted when stored to avoid this type of large scale attack. At almost all times, this information is encrypted, but not until later in the process. This malware steals data directly from memory, where it’s still in plain text. This could happen almost immediately after you swipe your card and even before payment has been authorized. Once that data is transferred to a hard drive or sent elsewhere, it’s encrypted, which makes it difficult, or in some cases impossible, for hackers to steal it.
- Vulnerabilities of point-0f-sale
Storing credit card data in plain text is an inescapable vulnerability in point-of-sale systems, which is likely the driving factor behind the way this attack was organized. When information is stored in memory, it needs to be processed, which means it has to be un-encrypted so the data can be used. Memory scraping malware is designed to wait for this moment when data is vulnerable and intercept it.
Point of sale systems operate on a network, which means there are a number of ways they can be infected. Any infected device connected to the same network could be the source. If that network isn’t secured properly and is compromised, that opens another option for malware to get in. In the Target attack, the personal information of customers was stolen in addition to credit card information. This suggests that malware had infected more than the point of sale devices. Servers or other databases connected to the internet were also attacked.
This type of attack is difficult to detect thanks to intelligent techniques used by hackers. Once malware has infected the network, it still needs to infect the point of sale device to steal valuable data. Doing so would usually set off alarms from security software protecting devices on the network, but in these attacks, encryption and antivirus evasion tools are used to confuse security and operate undetected.
There are other methods to protect devices with many of them stemming from keeping infected devices from directly connecting to point of sale devices. Unfortunately, for users, it’s seemingly impossible to tell if a retailer’s system is infected and will put your data at risk.
If your business would like to explore more robust security options to keep your information and your customer’s information safe from malware attacks, contact Geek Rescue at 918-369-4335.
January 16th, 2014
Regardless of the size of your business, there’s never enough money in the budget for IT needs. It’s important to save where you can in order to invest in vital elements like security. At The Accidental Successful CIO, Dr. Jim Anderson published some ways you can reduce software costs.
The worst way to waste money is to spend it on something you don’t use. Unfortunately, many companies are doing this everyday. There are likely a number of applications vital to your business and the more software you need, the easier it is to lose track of them. A recent study revealed that almost a third of all companies have software that is either unused or underdeployed. This is money down the drain. By creating a more effective asset management plan, you can save money by getting the most out of software you’ve already paid for and avoiding applications you don’t need.
It’s important to choose your vendors carefully. You aren’t just buying their software, you’re buying their service. If you can’t rely on them to pick up the phone when there’s a problem or to deliver on their initial promises, it’s not worth the money. Good vendors will be able to offer you a solution that fits your needs exactly with no excess costs. Ill fitting solutions end with you paying more each month than you need to. Make sure you hold your vendors accountable and get what you’re paying for.
At the end of the day, you’re running a business, which demands you save money where you can. Being overly loyal to one application or vendor could be costing you money. There are very few products that have no direct competition and while it isn’t always the right choice to use the cheapest option, you should at least explore which is right for you. You can even talk about your needs with your current vendors. If they know you’re looking for cheaper alternatives, they may be willing to give you a better deal to keep you as a customer, or they may be able to offer you an alternative to software you’re getting elsewhere.
These three tips can save your company big money in the long run. If you’d prefer to take all of the issues and concerns of IT management out of your hands, call Geek Rescue at 918-369-4335. We have all the knowledge and service required to be your on-call IT department.
January 16th, 2014
Windows 8 was officially released for general availability in October of 2012. Now that users have had more than a year to familiarize themselves with the operating system, it’s safe to announce that Windows 8 is officially a disappointment. Common complaints are the lack of a Start menu and that Windows 8 seems built more for mobile users than desktop users. Based on rumors about Windows 9, Microsoft is listening to users’ complaints and making the necessary changes for their next operating system offering. Michael Endler of Information Week published some of the well-known rumors about Windows 9 and what you can expect from Microsoft’s next OS.
Windows 8.1 reintroduced the Start button, which was missing from Windows 8, but Windows 9 will bring back the feature that users clamored for, the Start menu. This immediately makes Windows 9 more attractive to desktop users and makes it more compatible for use with a keyboard and mouse. In addition, Modern apps, which are found as tiles on the start screen of Windows 8, will be able to run in floating windows like legacy apps in Windows 9. Also, expect the sharing and streaming of data to become even easier. Windows 8 introduced SkyDrive. Windows 9 will use a unified code base for all Windows platforms to make sharing across devices and service simpler.
We’re currently in the rumor stage for Windows 9, but Microsoft will host a BUILD conference in April for developers. An official announcement is expected on Windows 9 at that conference with a release for the operating system expected one year later. Windows 7 released in 2009, Windows 8 came out in 2012 and the three year cycle of Microsoft OS releases is expected to continue.
By bringing back the Start menu and launching their new OS as Windows 9 instead of as a new version of Windows 8, Microsoft seems to be admitting that their Windows 8 endeavor was a misstep. The upgrade to 8.1 is available for free to Windows 8 users, but few have bothered to upgrade. This might seem to suggest that many users prefer Windows 8, but Windows 7, which is now more than four years old, has been adopted at an impressive rate for an older operating system. It seems many Windows 8 users would prefer to completely abandon that operating system for one they trust than to invest more time in an upgrade. Could this mean longer support life for Windows 7? That remains to be seen, but Microsoft recently announced the end of support for Windows XP despite the fact that many users still use it as their primary OS.
Windows 9 is still more than a year away from being released to the public, but due to the perceived limitations of Windows 8, there’s already a demand for it. More news and reports about the upcoming operating system will no doubt be leaking out slowly over the next few months.
Regardless of what operating system you use, Geek Rescue is the place to fix any problems that you run into. For hardware, software, virus or bug fixes, call Geek Rescue at 918-369-4335.
January 15th, 2014
Making scheduled upgrades is mandatory for the success of a company’s IT infrastructure. Existing applications may have become outdated, or it’s just time for an update to close security vulnerabilities. It’s easy for what seems like a routine update to go horribly wrong, however. Recently, Dropbox tried to perform an update and ended up with a prolonged outage. David King of IT Manager Daily has some tips for you to follow before your next upgrade to make sure everything goes as smoothly as possible.
For some of the upgrades you perform, a period of downtime is unavoidable. In these cases, such as changes to your servers, be sure to warn users ahead of time. Tell them how long the outage is expected to last and what services will be unavailable. Other times, upgrades may not be expected to cause any downtime, but an outage is always a possibility. In those cases, it’s usually a good idea to plan for the worst. It’s better to alert users that certain applications may be down at a certain time than leave an employee without access to a vital application at the worst possible time.
A popular time for upgrades is Friday at midnight because it’s unlikely that an outage would affect anyone at that time. When every employee only works from their desk at the office, that’s an acceptable assumption. However, with mobile access, there’s never a time when you can be sure that an outage won’t affect someone. Conducting upgrades outside of normal business hours is still the best practice, but regardless of what time you decide to perform maintenance, advance warning is needed.
Before conducting any upgrades or making other changes to your network, it’s a good idea to back-up data and make sure you have a disaster recovery plan in place. Failing to do so could result in downtime lasting longer than it needs to. Testing even more than you think is necessary is also a good way to avoid unwanted surprises. You need to be prepared for how your network will react to these changes so you can plan for possible problems and be prepared even for the unforeseen ones. Also, understand that even with a good plan in place, recovering might take some time. Don’t expect to be able to restore data and service immediately.
Managing your IT infrastructure can be difficult and costly. For help with yours, call Geek Rescue at 918-369-4335.
January 15th, 2014
Spam emails are always annoying, but they can be malicious and harmful also. Some emails have attachments that infect your computer with malware. Recently, security company Symantec noticed an extreme spike in the number of malicious .zip files being sent out, as Eric Park reports on the Symantec blog.
Sending malicious attachments is a common practice for hackers, but sending .zip files hasn’t been popular for some time. A .zip file is used to compress a much larger file, which makes it small enough to send over email. For criminal purposes, it also obscures the true nature of an attachment. Instead of a user clearly seeing that what should be a Word document is actually an executable file, all files end in .zip and must be downloaded and opened in order to find out what the file actually is. Downloading and opening these files, however, infects your computer with malware.
In the past few months, there had never been more than about 25-thousand instances of malicious .zip attachments being sent on a single day. But, from January 7 to the 10th, between 150-thousand and 200-thousand malicious .zip files were attached to spam emails. In addition to the sudden rise in number, the names of the .zip files being sent changed every day.
On the 7th, an email claiming to be from a legitimate bank like Wells Fargo was sent with a .zip attachment named ‘BankDocs’ followed by some numbers. By the next day, the tactics had changed to an invoice for an overdue payment to an unnamed company. The attached .zip file was named ‘Invoice’ followed by numbers. On the 9th, the .zip file was called ‘Early2013TaxReturnReport’ supposedly from the IRS and then an invoice from a specific company marked on the 10th.
Each of these messages were different, but all contained the same Trojan malware that is capable of stealing data from an infected computer. Since the message changed everyday, it’s difficult to warn users of exactly what to watch for. Instead, don’t download any attachments unless you know exactly what it is and are expecting a file to be sent to you.
Since January 10, the messages with malicious .zip have gone back to their usual volume of a few thousand per day, but security experts warn that another large-scale attack could start again at any time.
If your computer has been infected with malware, come by Geek Rescue or call us at 918-369-4335.
January 14th, 2014
Even with security measures in place, the most cautious internet user can suffer a malware infection. Not all malware infections are created equal, but it’s advised that you find and eliminate malicious files as fast as possible, regardless of what threat they actually pose. Some malware, like the well publicized CryptoLocker, encrypts your files, which effectively locks you out of your own computer. Lincoln Specter of PC Advisor has some tips for how to overcome an invasive malware infection.
Ideally, you’ve been regularly backing-up your important files. If that’s the case, get rid of infected files and restore the copies you’ve saved. Regular back-ups make recovering from an attack easy, but many of us don’t back-up our computers as much as we should.
It’s important to know exactly what your computer is infected with and how it will affect your system. Some malware opens pop-ups, or hijacks your browser, but doesn’t infect or encrypt other files on your hard drive. Those types of malware are important to remove, but can usually be solved with a good antivirus program. Malware that falls under the umbrella of ransomware is trickier. Files are either hidden or encrypted and a ransom is demanded to restore them. It’s important to research what type of malware you’re infected with so you know what the next step should be.
If you’re infected with a less complex form of ransomware, you may be able to restore your files without paying a ransom. First, reboot your machine in Safe mode. For Windows 7 users, this means pressing F8 repeatedly before Windows loads. In Safe mode, go to Windows Explorer, select ‘Organize’ and ‘Folder’ then ‘Search Options’. Click on the ‘View’ tab and enable the “show hidden folders, files and drives’ option. Now, go see if the files that you were missing are available. If you find them, you can right click, then select ‘Properties’ and unselect ‘Hidden’. Now your files should be available when you reboot into normal mode, but be sure you go through and completely remove any malicious files still on your machine.
Unfortunately, if this method doesn’t work it probably means you have a more complex form of ransomware that has encrypted your files. While some encryption can be broken, criminals are using more and more complex methods to ensure that the only way to get your files restored is to pay them.
If you find yourself with any type of malware infection, call Geek Rescue at 918-369-4335 for help.
January 14th, 2014
Geek Rescue is excited to announce their merger with document technologies company JD Young. While both companies will continue to operate under their own names and provide the same great service they have for decades, the merger allows them to offer more services to customers and become a one-stop shop for business solutions.
JD Young is a trusted name in the Tulsa business landscape and has been since being started by Joe Young in 1948. Now it’s run by Joe’s grandchildren, Doug Stuart and Bob Stuart Jr.
Prior to merging, the two companies often found themselves with overlapping clients. From those experiences, they were able to learn each other’s business processes and styles. That familiarity paved the way for this collaboration.
Bob Stuart Jr. cited a first-hand experience with Geek Rescue that suggested “this was a company we wanted to associate ourselves with.”
“We brought in two companies with our own internal network that couldn’t fix the challenge, and what people couldn’t fix within three or four days they were able to fix quickly,” Stuart said.
In addition to their similar way of thinking, each company brings services that are vital to businesses. JD Young specializes in print services, while Geek Rescue is capable of handling any IT support needs. The merger also includes Geek Rescue’s sister company, Brookside Studios, which manages media development, and JD Young’s cross-media marketing firm, One 2 One Marketing.
The ability to combine resources and streamline processes allows both companies to offer a full-range of services to make better solutions for customers.
Geek Rescue co-owner, Damon DoRemus, says this merger creates a comprehensive company unlike any other in the area.
“There’s not a true solutions provider that can provide all the services and products this combination creates,” DoRemus said.
To find out more about JD Young, visit their website.
January 13th, 2014
Regardless of what task you’re trying to accomplish, your success is dependent to some degree on the tool you’re using. When it comes to computers, faster processors and more RAM typically suggest a machine is more suited to more complex tasks, like those you might be faced with at work everyday. At CIO, John Brandon tested three top of the line laptops to find which one is the most valuable for professionals. Here are the results.
The very construction of this laptop stands out because it’s also a tablet. Flip the screen and fold it over the keyboard to transform laptop to tablet. This is built like a laptop, however, so it runs off of a 1.8 GHz processor instead of slower mobile processors found in top of the line tablets. The screen boasts 2800 x 1620 screen with high resolution for crisp images. It comes with Bluetooth 4.0 connections, quick syncing capabilities with near-field communication and can wirelessly connect to an HDTV. Even with 1 TB of hard drive space and 12 GB of RAM, the Flip 15 only weights about 5 pounds and includes a battery that lasts up to 5 hours. The display and extra features top this list, but performance, while fast, is the slowest of the three laptops tested. Still, you get a fast laptop that’s capable of tasks many laptops aren’t for a price tag of $1799.
This entry from Hewlett Packard is built for demanding tasks like data analytics or photo and video editing. The graphics card is top notch, there’s a BluRay optical drive capable of fast, exhaustive back-ups and it out-performed the other two laptops on this list. The processor runs at 2.7 GHz but can go to Turbo Mode and get kicked up to 3.7 GHz. It also features Bluetooth 4.0 ports and lasts about 5 hours on one charge. But there’s no NFC for quickly syncing with other devices and no HDTV connecting capabilities. At nearly $3-thousand, it’s by far the most expensive laptop tested, but the ZBook 15 backs up the price tag with elite performance. The lack of additional capabilities makes it less useful for the masses, however.
A 2.2 GHz processor, 12 GB of RAM and a high end graphics card put this Acer laptop in the same ballpark as the other two on this list, but it comes at a relatively cheap price of $1099. It weighs in at over 7-pounds making it the heaviest laptop tested and its battery only lasts about 4-hours on one charge. Still, it came close in performance with the ZBook 15 and features a huge 17.3-inch widescreen display. Again, Bluetooth 4.0 is here, but little else. For the price, that seems understandable.
These certainly aren’t the only top-end laptops worth the money, but it’s interesting to pit them against each other to see what you’re really paying for. If you’d rather upgrade your existing laptop, or need repairs, call Geek Rescue at 918-369-4335.
