December 16th, 2013
Apple released iOS 7, its latest version of the operating system included on iPhones and iPads, in the middle of September. Here it is three-months later and iOS 7.1 has taken another step closer to its release. Unlike iOS 7, 7.1 won’t be so groundbreaking and will feature mostly bug fixes and small tweaks. As Carly Page reports for Inquirer, the second Beta version of iOS 7.1 has been officially made available to developers.
Perhaps the most exciting of the included tweaks is a toggle for ‘Car Display’. In and of its self , this isn’t that exciting but it hints at something Apple may release in the near future. ‘iOs in the car’ has long been a rumored feature bound for release. This feature would allow users to link their iPhone or iPad to their car in order to control their music, navigation and messages while driving.
Other changes in this version of iOS include some tweaks to settings menus. Touch ID and Passcode settings have been moved to the main Settings menu to make them easier to find. In iOS 7, they’re buried under multiple options. Users will now also be able to adjust button shapes through the Accessibility setting.
The iTunes Match process has been made faster than ever, which it easier for users to access music stored in the cloud. Also faster is the animation speed used for all interactions with the operating system. This doesn’t actually make the device faster, but it will feel faster than before.
Many of these small changes won’t even be noticeable to many users, but they will make devices easier to use and introduce some options for more customization. The second Beta version of iOS 7.1 is currently available for download at Apple’s developer website.
At Geek Rescue, we know the ins and outs of iPhones, Androids and all smartphones. If your device is giving you trouble, bring it to one of our locations or give us a call at 918-369-4335.
December 13th, 2013
An increased IT security budget is a good idea for any business, but it just isn’t always possible. Only about a quarter of respondents in a recent survey reported any type of growth in their security budget for 2013. For those with identical budgets than last year, or decreasing budgets, it’s important to find ways to improve security without spending more. David King of IT Manager Daily suggests three ways to do just that. These tactics will better protect your company without the need to ask for an increased security budget.
There should be security precautions in place across your entire network, but there are likely some areas that need more protection than others. These will be users that have access to more data, all financial documents and applications housing valuable customer data and IT, who has access to critical points. Securing these areas better protects you because they are most likely to be targeted by criminals and would be the most costly if compromised.
It’s important to test all precautions that you’ve put into place so you can learn how to improve them. That goes for both built-in protections and user training. Periodically, launch a test attack against your own system to find out how protected you really are. Send suspicious emails to your users to find out if your training is really paying off. You may find that more training or a tweak to an application is needed to improve security.
It costs nothing to update and patch the applications you’re currently running. But, it makes a huge impact on the effectiveness of your security. Out of date programs contain vulnerabilities with known exploits. This means hackers have discovered security flaws and know how to use them to infiltrate your network. By keeping all applications up to date and patched, you eliminate these vulnerabilities as they’re discovered.
An efficient use of your security budget is important to make your business as secure as possible. For help spending smarter, contact Geek Rescue at 918-369-4335.
December 13th, 2013
One of the biggest fears for any business is downtime. If your website is down, your customer’s can’t find you. If your office network is down, your employees can’t be productive. Tony Kontzer of Network Computing reports that research has shown that distributed-denial-of-service attacks are a rapidly rising cause of downtime for data centers.
DDoS attacks main goal is to shut down networks and make them unavailable to users. To do this, hackers commonly saturate the networks with communication requests, which overloads servers. These spoofed requests make it impossible to respond to the legitimate traffic resulting in a shut down.
In 2010, a survey revealed that only about 2-percent of data center outages were attributed to DDoS attacks. In a recent survey of 67 data centers, 18-percent of outages were reported as caused by DDoS attacks. Unfortunately, as the attacks have become more frequent, they’ve also become more intelligent. Unlike other causes of outages, specialized technology and even forensic experts could be needed to resolve the aftermath.
One of the most common causes of downtime is human error, which costs companies an average of about $380-thousand to overcome. The most expensive cause of downtime if equipment failure, which costs about $959-thousand on average. DDoS attacks are second on that list and cost $822-thousand to mitigate on average. Overall, the average cost of overcoming an outage has risen sharply in the past three years. The average cost to fix any outage is up about 37-percent since 2010.
While costs are up, the length of outages is declining. It now takes about 86-minutes to resolve an outage, compared to 97-minutes in 2010. This can be attributed to companies investing more in IT and advances in technology. It’s also likely that because the cost per minute of downtime is rising each year, businesses are more likely to act quickly to resolve issues.
This research suggests both that companies need to invest in proper security to protect against costly threats like DDoS attacks and that they need the proper plan in place to quickly recover when disaster strikes. For help with both, call Geek Rescue at 918-369-4335. We specialize in security infrastructure for businesses and creating back-up plans and restore procedures to overcome any issues.
December 12th, 2013
Adobe’s products are used across the internet, which is why it’s a serious problem when security exploits pop up for one of them. Lucian Constantin reports for Network World that critical vulnerabilities that existed in both the Flash and Shockwave players have been patched.
The vulnerability involved the players’ auto-play functions. Attacks were being designed to trick user into opening a Microsoft Word document containing malicious Flash elements that were automatically executed upon opening. By exploiting this vulnerability, hackers are able to take control of a user’s computer.
For users who updated Flash recently to version 11.6, a patch wasn’t needed. That version introduced a click to play feature for all Flash elements embedded in Microsoft Office documents. This patch was still needed not only for users with older versions of Flash and Shockwave, but also because it updated the players bundled with web browsers Google Chrome and Microsoft Internet Explorer 10 and 11.
With millions of users of both Flash and Shockwave, they’re valuable targets for attacks. Keeping them updated and patched is important to close security flaws and vulnerabilities.
Keeping applications like antivirus programs and web browsers and your operating system up to date is important for security reasons and to resolve bugs and performance issues. If your computer has been infected by a virus or malware due to a security vulnerability, or if you’d like to improve your system’s security, call Geek Rescue at 918-369-4335.
December 12th, 2013
There are a number of options for improving the security on any of your devices and there are articles across the internet trumpeting the effectiveness of each of them. With the evolution of cyber attacks, however, some security tools that once were trusted have lost effectiveness. Alan Kahn of Techopedia lists three of these that no longer provide proper protection from advanced threats.
- Next-Generation Firewalls
Compared to traditional firewalls, next-generation firewalls offer more detailed controls. They attempt to stop attacks through classifying network traffic, but their reactive approach to security renders them useless against today’s more advanced attacks. Recent advances to next-generation firewalls include hourly updates, cloud based binaries and DLL analysis, but even with these additions, they don’t offer enough protection.
This isn’t to say that having an antivirus program installed on your computer isn’t advisable. You’re certainly at a much greater risk of a malware infection without running a proper antivirus application. However, many users get into trouble because they trust their antivirus too much. It should be used as a complementary tool, not as a stand alone catch-all. Security experts have estimated that up to 90-percent of malware changes within an hour, which allows it to be undetected by antivirus programs. Zero-day exploits are also able to slip through vulnerabilities that an antivirus can’t prevent. So, using an antivirus alone leaves you incredibly vulnerable, but it’s still a needed precaution in conjunction with other tools.
Web gateways are able to keep users off of certain websites that are known to be potentially harmful. However, by using lists of known, “bad” URLs, web gateways are unable to keep up with the rapidly evolving threats faced today. Once again, this is a reactive approach that has little hope of stopping advanced malware delivery systems. Web gateways still have some uses but as a security measure they’re extremely limited.
These three tools aren’t necessarily completely obsolete, but can’t be trusted as the primary tool in your security infrastructure.
For help putting the right tools in place on your computer or your company’s business, call Geek Rescue at 918-369-4335.
December 11th, 2013
Ransomware has been a concern for internet users for some time now, but experts are predicting that the malware will affect more victims than ever before in 2014. As Warwick Ashford of Computer Weekly reports, hackers are producing malware kits that allow ransomware to be created more easily.
Ransomware is a type of trojan malware. It locks a computer or encrypts the data stored on it and demands a payment to unlock or decrypt it. The specific tactics taken are different from attack to attack, but usually victims find that their payment doesn’t restore their computer.
Researchers have discovered conversations on hacking websites about malware kits that make it easier to produce ransomware. These kits allow criminals without advanced knowledge of hacking to produce dangerous malware and even come with technical support. Kits can be used to produce all kinds of malware and the recent rapid rise of malware production is being attributed to their existence. Experts expect more ransomware to be produced with malware kits because it is an attack that directly leads to a payout, unlike other threats that require multiple steps to become profitable.
The best way to protect yourself from ransomware and other malware is to prevent it from infecting your computer in the first place. Be extremely cautious of untrusted email attachments and links in the body of emails. Try not to visit any untrusted websites and trust your browser when it warns you about potential dangers.
It’s also important to keep all applications, especially your antivirus program, updated. Backing up files is also helpful so that if some files are encrypted or damaged, you’ll be able to restore them.
If your computer is infected with malware, don’t pay a ransom. Bring your device to Geek Rescue, or call us at 918-369-4335.
December 11th, 2013
Recent reports revealed that the FBI has been able to remotely activate webcams and log keystrokes without any evidence to users that they’re doing it. These tactics have been used to investigate crimes, but they reveal the capabilities of hackers. If the FBI has the ability to remotely access your webcam and log your keystrokes, then so do criminals. Mathew J. Schwartz of Information Week published some tips that help protect specifically against these kinds of threats.
- Anti-keyloggers and antivirus
Antivirus and anti-malware programs are important to your computer’s security, but they don’t protect against every threat. Most are unable to detect a keylogger. But, there are programs specifically designed to thwart a keyloggers attempts. These programs don’t identify and remove this type of malware. Instead, they encrypt or scramble your keystrokes so that no other program can record them. Even anti-keyloggers won’t completely protect you, but they’re useful against the most common keylogger malware.
Attacks through your email are the most common ways malware, like keyloggers or webcam hijackers, find there way onto your computer. To protect yourself, be extremely cautious about what emails you open, what links you follow and what attachments you download. Generally, if you’re not expecting an email, you don’t need to read it or download any attachments. It’s also important to keep your browser, operating system and antivirus software updated to protect against the latest threats.
- Be protective of passwords
Too many users are willing to input passwords to their most valuable online accounts in low security situations. If you arrived at a site by clicking a link in your email, don’t put your password in. It’s possible that, even if the site looks legitimate, it’s a spoofed version of the actual site. Instead, put the URL into your browser yourself. If you’re using public or unsecured WiFi, it’s also not a good idea to log-in to any accounts. These networks allow hackers to easily intercept data, which means you could be handing them your log-in credentials. Wireless keyboards also pose a problem. Recent keyloggers have been able to intercept data from wireless keyboards.
If you’re worried about remote activation of your webcam, which allows you to be photographed or recorded without your knowledge, there’s one surefire way to protect yourself. Cover your webcam. Hackers are able to activate your webcam without any of the notification lights coming on. So, you’ll never know for certain that you’re safe, unless the webcam is covered. The most popular method is to cover it with a bandage when you’re not using it. This way, no sticky film gets on the camera lens itself.
Hackers are continually evolving their tactics and, as technology improves, their capabilities increase.
If your computer is infected with malware, or you’d like to improve the security at home or at your business, contact Geek Rescue at 918-369-4335.
December 10th, 2013
Security experts often preach about the importance of keeping antivirus programs up to date in order to identify and prevent the latest threats. But, Jeremy Kirk reports at PC World that a new piece of malware is undetectable for most antivirus programs, even when they’re fully updated.
The malware is called ‘ISN’ and is able to hide disguised as a module for Microsoft’s Internet Information Services, IIS, which is included with the Windows operating system. ISN is classified as a malicious DLL, or dynamic link library. Its installer contains four different versions of the DLL with each being compatible with different versions of Windows and Microsoft IIS.
Once installed, ISN steals data from Web-based forms. So far, it’s been used to steal credit card data from payment forms on e-commerce sites, but could be used to steal log-ins and any other important information you put into a form online. ISN can also be configured to monitor activity on a specific website.
The only way it’s been detected has been by antivirus programs flagging it as potentially harmful due to its activity. ISN will send the information it steals to a third party, which sets off alarms for some security applications. By that time, however, your information has likely already been stolen and put in the hands of a criminal.
The good news is that ISN attacks are not believed to be widespread. The capabilities of this malware and its ability to stay undetected make it a likely candidate to be used in more attacks in the coming months.
Running an effective, updated antivirus is still a vital practice for staying safe from most threats, but as ISN malware shows, it doesn’t keep you completely protected. In addition to security software, you must also practice safe surfing and avoid potential threats before they have a chance to infect your machine. Email attachments, untrusted downloads and malicious links are usually at the heart of any malware infection. Be extremely cautious about where you go online and what you allow onto your computer.
If malware has infected your PC, or you’d like to improve your security, call Geek Rescue at 918-369-4335.
December 10th, 2013
Malware being made specifically for mobile devices is growing rapidly thanks to the number of smartphone users also growing. Hackers target any device that could be profitable for them, which is also why most mobile malware is a threat to Android users, who make up most of the mobile audience. One recently discovered threat is drawing interest from security experts because it marks a jump in the capability of malware attacks. As Graham Cluley writes on his security blog, MouaBad.P is a piece of Android specific malware that’s capable of making phone calls without user interaction.
MouaBad is a family of mobile malware that allows hackers to control a smartphone remotely. In earlier instances, this malware was used for sending text messages to premium numbers, which charged the users. MouaBad.P is the first time experts have observed the ability to remotely make phone calls without any user interaction.
The malware typically makes it onto a smartphone through an infected app. Once installed, Mouabad.P is able to make phone calls while your screen is off and your phone is locked. It stays hidden by ending all calls once you turn your screen on. It does leave a trail, however. By checking your call logs, you’ll be able to tell if a third party has been making phone calls without your knowledge.
Currently, this type of attack has only been seen in Chinese-speaking regions. Mouabad.P is specifically made to target these countries and won’t work for smartphones outside this region. However, its existence suggests similar threats could be coming to the US soon.
To keep your phone safe from all threats, be extremely cautious about what you download. Also, make sure you’re running an effective, updated security app at all times.
If your smartphone or any other device is infected with malware, bring it to Geek Rescue or call us at 918-369-4335. We’ll clean off the malicious apps and files and help you better secure your device against the next attack.
December 9th, 2013
Worldwide, Android is actually the more popular choice for smartphones than Apple devices. But, security issues are a common complaint of users and a common reason many opt for Apple instead. Bob Violino of InfoWorld reports that these concerns over security are mostly overblown, but points out the two risks that exist for all Android devices.
The Android version of the App Store is Google Play. It’s a marketplace where users can download all kinds of apps. But, it’s regarded as much less protected than Apple’s App Store. The nature of Android is that it’s open for development. This encourages new, innovative apps and features to be developed, but also allows for malicious apps to find their way into the marketplace. Many apps ask for more permissions than they need, even if they aren’t actively malicious. Performance issues and data loss are often attributed to a bad app. Because Google Play does not set up enough precautions to keep malicious apps out, it’s a legitimate concern for Android users.
In the context of the Android platform, fragmentation refers to the many different manufacturer’s and versions of the Android operating system that are currently running on users’ devices. Unlike Apple’s iOS that is consistent for all users, manufacturer’s are able to tweak and alter Android specifically for their devices and aren’t forced to roll out updates once they become available. The result of this is that outdated versions with security flaws are allowed to run, which is a danger to users and to any network they connect to. The majority of Android users are running out of date versions of the operating system. This poses a significant threat to businesses who allows employees to use their own devices on the company network.
The Google Play store and fragmentation are both legitimate concerns for security with Android. For individual users, being more cautious about what apps you download and being proactive about updating your device’s operating system both help to overcome these problems. For businesses, a robust compliance policy, an end to support for older versions of Android and other security provisions allow your company to use Android devices without as many security issues.
For help securing a device or a network, or to fix an existing problem with a device, come by or call Geek Rescue at 918-369-4335.
