January 13th, 2014
There are few experiences more frustrating than when you can’t connect to the internet or your connection is unbearably slow. Almost everything we do, whether for work or in our free time, requires an internet connection, which makes not having one painful. There are a few tools available to help you diagnose internet connectivity problems, but, as Alan Henry of LifeHacker reports, few are as simple and easy to use as the Connectivity Diagnostics app for Google’s Chrome web browser.
As frustrating as a lack of internet can be, perhaps even worse is not knowing what’s causing your outage. That’s why diagnostic apps like this one are so handy. Whether the issue is with your computer, router, network, or service provider, the Connectivity Diagnostics app finds it so you can fix it.
Unlike other similar applications, the Connectivity Diagnostics app doesn’t require any additional software installed to run. It works through Chrome and is completely free. To find the cause of your internet problems, it can check for an active connection, attempts to contact your DNS server, checks for firewalls blocking your connection or pay-portals, tests for DNS resolution delays and tests for network delays. Each test returns additional information on whether it was successful or not to help you pinpoint the problem.
This isn’t an enterprise level application, but it’s perfect for individual users. Because it’s simple to use, you don’t even need to be tech-savvy to diagnose your connectivity issues.
If your computer is having problems you can’t solve, call Geek Rescue at 918-369-4335.
January 10th, 2014
Phishing attacks come through most of our emails on a daily basis. Thankfully, spam filters and other security measures keep us from having to regularly deal with them, but because criminals are always making these attacks more intelligent, some attacks do find their way to our inbox. Some are difficult to ignore since they capitalize on the latest news to make their message more believable. For example, the latest high-profile attacks on Target, Adobe and Snapchat are now being used by hackers as an excuse for why users need to divulge their information. As David King of IT Manager Daily writes, there are ways to protect yourself from these phishing scams. Here are the most important tactics to know.
Because each message is being crafted to fool users into thinking it’s legitimate, you can’t afford to trust any message you receive. Even messages from companies you have an account with that contain official looking logos can be spam or phishing scams. Checking the email address of the sender is effective for many messages. Often, a message claiming to be from a legitimate company is sent from an email address not associated with that business. But, criminals have started to overcome that hurdle also. Even emails that come from someone in your contacts list could be malicious. So, before downloading anything or responding with important information, ask yourself why the sender of the message would be taking these actions. If it seems at all suspicious, call the sender directly and ask about the email. Or, visit the company’s website and find a more direct way to send them information. Usually, it’s safe to assume that any legitimate business won’t ask for your financial information over email.
Malicious files sent as attachments are a common way to convince users to download malware. Many users will even be suspicious of an email, but download the attachment in an attempt to gain more context as to what the message is about. Downloading and opening these files infects your computer. Don’t let your curiosity get the best of you. If a message seems suspicious, don’t visit any links included in it or download any files attached. Even if the message seems legitimate, don’t download a file unless you know exactly what it is. A good rule of thumb is if you aren’t expecting a file to be emailed to you, don’t download one.
Unfortunately, even the most intelligent users fall prey to phishing scams and malware infections. Even if you never download attachments, visit suspect websites or open suspicious emails, malware can still find its way onto your system. It’s better to plan for this event and never need the security provisions than to be caught without it. Be sure you have a trusted antivirus program in place and keep it regularly updated so it can recognize the latest threats. Update all of your applications and your operating system also to close potential security vulnerabilities.
Phishing scams allow hackers to infect your computer and steal important information. Follow these tips to keep yourself, and you identity safe.
If your computer is infected with malware or you’d like to improve the security on your network, call Geek Rescue at 918-369-4335.
January 10th, 2014
When was the last time you updated your web browser? Periodically, you’re prompted to update to the latest version in various ways, but not all of those prompts are legitimate. As Zeljka Zorz writes at Help Net Security, agreeing to update your browser from the wrong source leads to malware infections.
It’s a common scam that’s been around for years, but internet users in the UK have seen a recent surge in malicious offers to update their browsers. These offers occur in the form of pop-ups that look official enough. They claim to be “critical updates” and many even trap you in an unending loop that prevents you from closing the tab.
If you agree to download the update, what you’ll actually get is some form of malware. In the recent occurrences seen in the UK, a trojan used to steal information was downloaded instead of a browser update.
These scams are seen most on sites where you stream media. It seems users are more likely to believe that an update is needed when they think they won’t be able to stream the video they wanted to watch. But, even if you think your browser is in need of an update, it’s never a good idea to download from an untrusted source. Instead of clicking through on the pop-up, go directly to the browser developer’s site and check for recent updates.
This scam isn’t limited to web browsers either. Warnings that your operating system, or plug-ins to your browser are out of date are also used to convince you to download a malicious file. In every case, don’t download anything unless you’re on the developer’s site. It is a good idea to regularly check to see if applications you use are out of date. Doing so helps close security flaws and eliminates bugs and compatibility issues. But, you have to be careful when downloading and make sure it’s from a trusted source.
If your computer has been infected by malware, bring it to Geek Rescue or call us at 918-369-4335.
January 9th, 2014
Two-step, or two-factor authentication is a generally trusted way to secure online accounts to ensure that only the account holder can access them. A recent hack on Blizzard’s World of Warcraft online game has exposed a vulnerability many had previously overlooked, however. Antone Gonsalves at Network World details how the attack took place and how it can be prevented in the future.
Two-step authentication requires a user to log-in to their account with their username and password. Then, a second passcode or PIN is supplied to users via text message, email or other means. That second code must also be input to give users access to their accounts. This two-step method is used to verify users anytime they use a new device to log-in.
It seems like a foolproof method for keeping hackers out of accounts that don’t belong to them, but the recent World of Warcraft hack demonstrated how a ‘man-in-the-middle’ attack provides a way around two-step authentication.
First, a trojan infected users on a popular online forum related to World of Warcraft. That trojan allowed for a man-in-the-middle attack, which allows criminals to intercept data and information a user believes they’re entering into a website. In this case, users attempted to log into their accounts using two-step authentication, but were really only giving hackers the information they needed to break into the accounts themselves. This also locked the actual users out of their own accounts.
Similar attacks have been observed on banking sites, where two-step authentication is also commonly used. Experts say these attacks highlight the weakness of most two-step authentication methods, which is the use of in-band authentication or using the same channel to input all information.
Because users are asked to enter their username, password and original generated code at the same time, over the same channel, it makes man-in-the-middle attacks extremely effective. Instead, experts suggest sites use two separate channels. For example, log-in to your account online with your usual information, then users would be prompted to enter a one-time PIN into a mobile app on their smartphone. Another suggested method is to send automated text alerts to users when someone tries to log-in using their information. If the IP address or geographic location doesn’t match their own, users would be able to reject the log-in attempt.
The lesson for users and businesses alike is that even two-step authentication doesn’t keep accounts completely secure. Hackers are getting more intelligent in their attacks all the time and technology that was once thought unbreakable now has vulnerabilities.
If your computer is infected with malware, or you’d like to investigate better security methods for home or business, call Geek Rescue at 918-369-4335.
January 9th, 2014
Microsoft’s support of Windows XP will be coming to an end in April. Most organizations already migrated to Windows 7, however. But, with the end of XP and Windows 8 already on the market, the clock is now ticking on Windows 7. Kris Lall of Attachmate writes that your business doesn’t need to panic and move to Windows 8 just yet. Here’s why.
Comparing Windows 7 to XP isn’t that encouraging considering XP is being put out to pasture, but XP was regarded as the standard for businesses for about eight years. Windows 7 just started its reign as the standard operating system. Currently, independent software vendors are mostly developing applications for Windows 7, not 8. Part of the reason for that is Windows 8’s need for a touchscreen for the best experience. Most enterprises aren’t prepared to change hardware in order to accommodate the latest operating system. For now, Windows 7 is a trusted platform with support from Microsoft pledged for at least another seven years.
Mobile devices are becoming more common for use in business, which opens the door for Windows 8 integration. With the bring your own device trend, it’s likely that even without an official effort to usher in Windows 8 on mobile devices, it’s probably already being used by some employees. A move to Windows 8, at least for mobile devices is inevitable so it’s a good idea to start preliminary testing. Using Windows 8 for mobile and Windows 7 for desktop is a solution some companies are already adopting.
The decision to be an early adopter of Windows 8 isn’t a bad one, but if you’d rather wait before you need to migrate to a new operating system, Windows 7 is expected to be a safe option for a long time.
For help implementing new technologies, improving security or other IT business needs, contact Geek Rescue at 918-369-4335.
January 8th, 2014
For many of your online accounts, a password is the only thing keeping criminals out. This makes users incredibly reliant on passwords, but many still make mistakes when choosing one. Kirsten Dunleavy at the Bullguard blog explains “the password management paradox” and how to best choose your passwords.
The best practice for securing each of your accounts is to choose a unique password for each of them. This way, if one account is hacked, your other accounts are still safe and secure. If you use the same password for multiple accounts, one account getting hacked could give a criminal access to all of your information. The issue associated with creating unique passwords, however, is that users can’t remember all of them. This is the paradox of password management because if you can’t remember your passwords, it makes them less secure. Users take actions that weaken the strength of passwords like writing them down, or storing them unencrypted, continuously having to have passwords emailed to them or reset by admins or ignoring a prompt to update an old password.
You need to use different passwords for each account, but you can still use some tricks to help you remember them. Using memorable phrases for each account is one way, but unless that phrase applies directly to the account, it might be hard to keep track of which password goes with which site. Another way is to pick one, strong password and then alter it based on what site you’re using it with. So, the first seven or eight characters of every account might be the same, but the last few characters are specific to that account. Maybe add Y!00 for Yahoo accounts or GO0 for Google accounts. Whatever trick you use, remember that it’s important to use upper and lower case letters, numbers and symbols in each password.
Users’ many problems with passwords has led to the rise of password managers. These services are often free and will store all of your passwords for you. Many will even offer to log-in to stored accounts automatically when you visit the corresponding website. So, you can make each password strong and unique and not have to worry about forgetting them. Your passwords are encrypted and stored behind one master password. Make this your strongest password and make sure it’s one you’ll remember. Use a long phrase and replace letters with numbers or symbols.
Although biometrics and two-step authentication are both being used more, passwords are going to be the main tool used to secure online accounts for a long time. Make sure that you’re using them effectively.
At Geek Rescue, we specialize in security. To improve security on your computer, at your home or office, or fix the damage of malware or viruses on your machine, call us at 918-369-4335.
January 8th, 2014
Ransomware is malware that takes control of a user’s computer and demands a payment to decrypt files. The most famous example of malware is currently Cryptolocker, which first began infecting users last fall. Since then, similar forms of ransomware have been springing up more and more, like the copycat Cryptolocker that targets P2P users. Danielle Walker of SC Magazine reports that the latest form of ransomware hasn’t yet been released, but is expected to be even more dangerous than Cryptolocker.
The name of the new malware is Prison Locker or Power Locker. Security experts first learned of its existence by monitoring underground forums where hackers gather to produce and sell their malware.
Prison Locker performs similarly to other ransomware. When a user is infected, a display window opens that can’t be exited. Other functions of Windows are disabled, as well as the user’s Escape key, Task Manager and Control-Alt-Delete. A user is locked out of their own computer and told they have to pay to regain control. While they’re locked out, files are also encrypted making it impossible for users to access their own data.
The reason many are calling Prison Locker and bigger threat than Cryptolocker is its use of more complex encryption. Prison Locker uses multiple encryption levels. The first of them, called BlowFish, generates a new key for each file it encrypts. That means it has to be broken, or decrypted, one file at a time. In addition, each BlowFish key is encrypted through another method with a unique key for each computer infected. All of this encryption is perceived to be “unbreakable”.
The current asking price for Prison Locker is $100, which suggests it will be widely used soon. The other takeaway from these reports is that ransomware is on the rise. Because of its invasive nature and the ability to directly profit off of each infection, criminals will be using ransomware more often and producing more throughout 2014.
If your computer is infected with any type of malware, call Geek Rescue at 918-369-4335 for help.
January 7th, 2014
Taking charge of access management for your company is a vital step towards better security. Very few members of your organization need access to all of the applications and data on your network and access management ensures that each employee is given access only to what they need. This significantly decreases the likelihood of a data breach and allows you to keep closer tabs on who is accessing data and how they access it.
Cloud computing and the bring your own device trend make data security more difficult than ever before. Effective access management is crucial in tandem with these new technologies. David King of IT Manager Daily published a list of policies all businesses should follow to limit access to critical data and prevent data breaches.
The more employees you have, the more roles change. Communication between departments is important so that when an employee’s role changes, due to a promotion, firing or change in projects, their access changes too. Problems arise from individual users having access to data they no longer need. Especially in the case of workers who are no longer with the company, access changes should be a priority and made immediately.
Staying up to date on who can access what data and how and where they’re accessing it is a big time investment, but it’s necessary. Without regular checks on data access, you’ll be caught unaware when a problem occurs. Many times, warning signs of an impending breach, or at least a potential vulnerability, exist days or weeks before any data is actually stolen. Data being accessed during off-hours or being accessed off-site are warning signs that someone is accessing data that shouldn’t be. They don’t tell you definitively that there’s a problem, but they suggest you should look into the matter.
Part of access management is ensuring that employee accounts are only being used by those employees. Educating workers about the dangers of weak passwords is important. Make sure each employee understands what a strong password consists of and is using one. Also, prohibit the sharing of passwords or inheriting accounts from others. This weakens your efforts to limit access to certain employees and opens loopholes that workers can exploit after they’ve left the company.
Data breaches can be extremely costly to any type of business. Investing in security now can save you later.
For help improving all facets of data security at your company, call Geek Rescue at 918-369-4335.
January 7th, 2014
Browser hijacking refers to malware that’s capable of changing your browser’s settings without your knowledge. Often, your homepage or default search engine will be changed, new bookmarks or pop-ups added. Spotting the effects of browser hijacking malware is usually easy, but it’s best to avoid infection altogether. Mary Alleyne of Jupiter Support published a list of ways to avoid becoming a victim of hijackware.
- Effective Antivirus Programs
As with any malware, an up-to-date, trusted antivirus program is the key to stopping most infections. Anything you download, even if it’s from a seemingly trustworthy site, should be scanned before you open it. Many antivirus programs also offer constant scanning in the background that will alert you immediately if malware, viruses or trojans have infected your system.
Unfortunately, malware is updated and new pieces released at a rate too fast for antivirus programs to keep up with. This means that even the best antivirus programs can’t be relied on to catch every piece of malware. Since there’s always a chance that your computer will be infected with a browser hijacker or other malware, take precautions and make a plan for how you’ll recover. Back-up important data and look into other security software that will aide your antivirus program.
Most popular web browsers offer higher security if you’re willing to sacrifice some functionality. In Internet Explorer, these settings are available under ‘Internet Options’ on the ‘Security’ tab. While setting the security level to ‘High’ will prevent your browser from automatically executing some code, including activeX instructions that allow most browser hijackers to function, it will also prevent some websites from working properly. For trusted sites however, you’ll be able to add them to an exceptions list that restores full functionality to only those sites.
Almost all browser hijacking malware is specifically coded for one browser. This means that malware that works for IE won’t work for Firefox or Chrome and vice versa. The simplest way to avoid the problem if you’re infected with hijackware is to use a different browser. But, the problem won’t be fixed and shouldn’t be ignored. Switching browsers is a simple way to end the hijacking, but you’ll still want to try to get rid of the malware causing it.
More in-depth fixes like editing the ‘Hosts’ file for malicious entries and searching the registry for specific websites also help overcome browser hijacking malware, but require a little more expertise.
If your computer is infected with malware, Geek Rescue fixes it. Bring your device to us, or call us at 918-369-4335.
January 6th, 2014
Even with all of the news stories about the latest hacks, such as Adobe, Snapchat and Target, there are still some individuals who don’t fully grasp what’s at stake. Jose Pagliery of CNN Money explains how much becoming a victim of a cyber attack could cost you.
In the case of the attack on Target, debit and credit card information was stolen. It’s easy to understand why you would want to keep that information out of the hands of criminals. But, this type of attack and fraud usually isn’t as costly as others. That’s because most people pay close attention to bank accounts and credit card bills and will notice anything out of the ordinary. Then, it’s an easy process to report the fraud and cancel the card.
It’s actually much worse for users when their log-in information and passwords are stolen. It doesn’t even have to be an account that houses any valuable information. Because about half of internet users use the same password for multiple accounts, even stealing the log-ins for a message board could lead to a much bigger breach in security. With one password, criminals can find an email associated with that account. They then will try to break into that email and, if successful, can take a number of potentially valuable actions.
Think about all of the old messages still stored in your inbox. Many of those could contain information that a criminal could use to steal your identity or your money. Those old messages could also lead hackers to other accounts you have online, which could allow them access to your social security number, or bank accounts. Even gaining access to your phone account could allow them to order a new device and rack up big charges.
With access to your email, criminals also have access to your contacts. They can send emails with malware attached to try to infect other users. Worse still, they can contact friends and attempt to scam them out of money or information.
There is a seemingly endless list of malicious tactics a criminal can take if they’re able to gain access to just one of your many online accounts. Keeping those accounts and your computer safe is worth your time. You need to use strong, unique passwords for each account you create. If you have potentially valuable information stored in your email, back it up elsewhere and delete it. Keep close tabs on all of your accounts so that you’ll be able to quickly tell if one has been compromised and take the necessary action.
At Geek Rescue, we help improve security for your home or business. We also fix devices with malware infections, broken hardware or any other issues. Come by or call us at 918-369-4335.
