February 13th, 2014
In Cisco’s Annual Security Report, they claim that 99-percent of mobile malware targeted Android in 2013. Whether or not that’s completely accurate, it’s safe to say that more threats exist for Android users than their iOS counterparts. That doesn’t mean, however, that security shouldn’t be a concern for iPhone users. As Tom Brewster of The Guardian reports, there were 387 documented security flaws in iOS in 2012 compared to only 13 for Android. When iOS debuted, another 70 flaws needed to be patched. The existence of flaws doesn’t mean attacks on them are inevitable, but it does illustrate how vulnerable iOS users are. Here are a few ways attackers could attack Apple devices.
Even if the base of iOS itself isn’t vulnerable to attacks, the apps that users add often are. One prominent flaw is the allowance of developers to switch the internet address that apps use to acquire data. Hackers are able to exploit this flaw and associate an otherwise legitimate app with their own malicious site. This allows the attackers to execute a variety of malicious actions on a user’s device.
Legitimate apps often contains security vulnerabilities, but there’s only been one documented case of a malicious app being allowed into the official App Store. That likely won’t be the case for long, however. Researchers have already demonstrated ways for a harmful app to be approved by Apple and earn a spot in the app store. One demonstrated app works legitimately when tested by Apple, but is able to rearrange its code when it’s downloaded by users to steal data and remotely control certain functions of the the device.
Insecure WiFi opens up a number of possible attacks, regardless of what device you’re using to access it. Not only does data being sent to and from your device become vulnerable, but data stored insecurely on your device could also be vulnerable to an attack. While these dangers aren’t limited to iOS users, the perceived security of Apple devices often leads to iPhone users being more cavalier in the use of their device, which can lead to valuable data being stolen with little effort.
This is another threat that isn’t limited to iOS, but certainly is a threat worth understanding. The use of fake, or stolen, security certificates is a growing trend in cyber attacks and allows for malicious programs to be accepted and executed. For example, an email that appears to be from a legitimate source asks users to download an application, update or even just a document. Without a trusted certificate, users would be warned about the download. With a false certificate, or one stolen from a legitimate source, an application is accepted as trusted by the operating system and malware is allowed to infect your device.
Protecting against these vulnerabilities often requires users to be more careful about how they use their devices. Understanding that your iPhone isn’t completely immune from common threats is important.
If you find that one of your devices has been infected by malware, call Geek Rescue at 918-369-4335.
February 12th, 2014
Office 365 contains vital tools for businesses of any size. With so many companies relying on Microsoft’s applications, there’s a need for improved security to protect valuable data. As Alexandra Gheorghe reports for Hot For Security, Office 365 users will now be using two-factor authentication to keep the data used within applications safer.
Previously, data being stored in the cloud through Office 365 was protected only by a password, except for those users with administrative roles who have had access to two-factor authentication since June. Now, all users will have be able to use the enhanced security.
Before you are able to log-in, users will need to correctly enter their password, then use a separate, one-time code that’s sent to them via text message or app notification on their smartphone. Users also have the option of having Microsoft call their smartphone or office phone and simply hitting pound to authenticate. This will verify the device being used to access Office 365. To access your account from another device, the authentication process would have to be used again.
Two-factor authentication isn’t foolproof. Attacks that successfully compromised two-factor systems have already been observed in the wild. But, it’s considered much more secure than using a password alone. Since the aim is to protect data stored in the cloud, protecting it from remote access by unknown sources is important.
While two-factor authentication is not yet available for desktop applications, Microsoft is adding App Passwords to offer additional security for those users.
For help implementing Office 365 at your business, or for help improving your security infrastructure, call Geek Rescue at 918-369-4335.
February 12th, 2014
Every few months it seems a new game appears in the App Store and takes the world by storm. The latest trendy mobile app is Flappy Bird, which tasks users with navigating a bird through tunnels. The game became so popular, so quickly, that the developer pulled it from the App Store because he worried it was too addicting. That created a need, however, that can be exploited. CNet’s Don Reisinger reports that fake version of Flappy Bird for Android are popping up everywhere and infecting users with malware.
The first sign that these apps aren’t the official game is that they don’t appear in the Play Store. Instead, users are finding them in 3rd party app stores that don’t verify their apps and don’t promise the same security. The fact that the legitimate Flappy Bird app is no longer available has led many users to ignore warning signals, however.
In many cases, the app infects a user’s device with malware directly. In some observed cases, however, the app asks a user to send a text to a supplied number. This is likely done under the guise of registering the game. Or, the app may even be able to take control of a user’s device and send the app without the user’s knowledge. In any case, once a text message is sent to the app’s creator, they have everything they need to attack and control the device.
It appears the malware being spread with these fake apps doesn’t steal data, but rather is used to send text messages and make phone calls to premium numbers. This likely earns the hackers a commission for each call or message. For users, it drives up the cost of their next phone bill.
In this specific case, users need to understand that an official Flappy Bird app is no longer available anywhere. Any app calling itself Flappy Bird is a fake and likely an attempt to compromise your device.
When downloading any app, it’s best to download directly from the official app store, rather than taking your chances with an unverified app from a third party.
If your smartphone, tablet or computer has been infected with malware, bring it to Geek Rescue or call us at 918-369-4335.
February 11th, 2014
When buying new servers for your business, there are a number of factors to consider to ensure that you get exactly what you need. A new trend being adopted by IBM and HP could add some confusion and frustration to the process. As David King of IT Manager Daily reports, HP recently announced that firmware updates will only be available for its users who are under warranty or a support agreement. IBM has already made that change in policy.
This news means that in order to secure your servers, you’ll have to pay more than ever before. For small business who have already stretched their IT budget thin, this could be a real problem. To save yourself some trouble, and possibly some money, here’s what you need to consider before buying a server.
While IBM’s and HP’s service comes with an expiration date that requires you to pay more for continued support, other companies like Dell and Cisco have no such stipulations. That’s not to say that one company is a better option than another. Rather, the point is that a seemingly cheap server with a limited warranty may end up being more costly than a more expensive server with an unlimited service plan. Before making a purchase, the terms of service needs to be among your first concerns.
If you already have servers that will soon lose their support, or you decide that expiring support isn’t a deterrent for buying a server, there are options for when your warranty finally expires. Before you renew with the server’s manufacturer, check around with third party support companies that may offer better service for less money. A local company may be able to offer support that’s more personalized to your specific needs, rather than the one size fits all approach of the giants.
In order to recoup some of the money spent on new servers, many companies plan to resell them when they’re no longer needed. The value of old servers could take a major hit if the manufacturer no longer covers them. This suggests that servers from manufacturer’s with unlimited service plans will enjoy a higher resale value than those with an expiring service plan. Keep that in mind when you’re purchasing a server if you plan to sell it later.
If you have questions about your server needs, want to explore other options for support or would like to store your company’s data on off-site servers you don’t have to manage yourself, call Geek Rescue at 918-369-4335.
February 11th, 2014
One of the biggest mistakes made in security by local businesses is a belief that they won’t be targeted in an attack because they have less to offer than larger enterprises. That mistake leads to weak security, which attracts attacks and leaves you susceptible to untargeted attacks. Take the latest news of a Cryptolocker victim for example. John E. Dunn of CIO reports that a local law firm in Charlotte recently lost critical data after Cryptolocker infected their network.
Cryptolocker found its way on the law firms computers after an email and its malicious attachment were mistakenly opened. An employee believed the email was from the firm’s phone answering service. After that, Cryptolocker couldn’t be stopped from encrypting thousands of legal documents critical to the law firm’s operations.
The nature of law firms makes them enticing targets for Cryptolocker and similar attacks because they can’t afford to lose access to their documents. Any business with money to spend, but no time to waste is likely to pay the ransom associated with decrypting files.
In the case of the Charlotte law firm, their IT team first attempted to unlock the files and work around the malware. When their efforts were unsuccessful, the firm attempted to pay the $300 ransom, but they were informed that the deadline had past and the files were permanently locked.
The law firm notes that had an attack stolen the important documents, rather than only encrypting them, the damage could’ve been much worse. Still, they lost access to every file stored on their main server, which prevents them from serving many of their clients.
For any size business, it’s important to educate employees about this type of threat in order to avoid infection in the first place. Regular back-ups of files will also save you from a disastrous loss of data.
Small business owners need to stop believing that an attack of this nature will never happen to them. Malware infections are costly to any business and statistically just as likely to strike small, local companies as they are large enterprises.
For help improving the security at your business, or for help recovering from a malware infection, call Geek Rescue at 918-369-4335.
February 10th, 2014
The Samsung Galaxy S4 is among the top performing and best selling Android smartphones on the market. Because of the success of its predecessor, the GS5’s release has been eagerly awaited. That wait will be over in two weeks when Samsung unveils their newest smartphone at an even in Barcelona. In the meantime, details and specifications are already leaking out, although as of now all of the information is considered to be rumor. At Yahoo News, Lisa Eadicicco reports the latest details learned about the GS5 and how it compares to other flagship smartphones.
The Galaxy S5 is expected to continue Samsung’s continuous improvements in the camera department. The GS4 jumped from an 8-megapixel camera to 13-megapixels. The GS5 is expected to debut with a 16-megapixel camera. Without knowing any other specifics about the camera, that at least puts it in the conversation with the best smartphone cameras available.
Other specifications are a little disappointing. The 1080p display and Qualcomm Snapdragon 800 processor aren’t big improvements on the GS4, which also features a 1080p display and a Snapdragon 600 processor. There have been suggestions that the GS5 will include both a low-end and high-end model, which could mean that these are the minimum specifications.
Even with these specifications, however, the GS5 scored impressively in general performance testing. In the AnTuTu benchmark, which is a standard way to measure performance, the GS5 outscored the LG G2, HTC One and GS4. It also nearly doubled the average score for smartphones.
Official details about the Galaxy S5 won’t be announced until February 24th, but based on what’s already been leaked, it’ll be a smartphone worth keeping tabs on.
Whether you have the latest and greatest smartphone, or are sticking with an older model, Geek Rescue fixes any issues that come up. For hardware, software, malware or any other problems, call us at 918-369-4335.
February 10th, 2014
Apple’s mobile operating system, iOS 7, was released in September and since then, more than 80-percent of users with supported devices have adopted it. After a few rounds of beta updates, Apple seems poised to release the first significant update to iOS 7. As JC Torres of Slash Gear reports, iOS 7.1 is rumored to be released in March.
Don’t expect 7.1 to break any new ground, however. For the most part, the update is being released to fix common bugs and functionality issues users have reported, not to improve existing features or introduce many new features.
You can expect a few visual tweaks. The slide to unlock, dialer, keyboard and music functions are all expected to look a little different in iOS 7.1. When sliding to turn off your iPhone, you’ll rounded slider at the top of your screen and a white cancel button at the bottom. Slight adjustments to the slide to unlock screen and animation are also being made.
When answering calls, you’ll have the option to accept or decline in green and red circles, instead of rectangles. You’ll also have actual icons above those options for ‘Remind Me’ or ‘Message’.
The dialer has become visually more attractive with color gradients and accents. The large green ‘Call’ rectangle has also been replaced with a smaller, circular phone icon.
In the music app, users may notice more prominent buttons for repeat and shuffle options. Those are now ‘Repeat Song’ and ‘Shuffle All’ and have a pink background behind them.
Another minor change comes in the keyboard, where the shift and delete buttons are now more prominent and easier to discern.
There are also new options in Calendar and animation tweaks to the Control Center and Messages.
Perhaps the most exciting change coming wrapped in iOS 7.1 is iOS in the Car. This new features allows you to connect your iPhone to compatible cars and display iOS content like maps, directions and messages on the navigation screen.
The other exciting news surrounding the coming iOS update is a promised fix for the infamous ‘white screen of death’. This glitch has been causing many users to suffer unexpected reboots and crashes. Users of the iPhone 5S, iPad mini with Retina and iPad Air have all reported this problem.
If your Apple device’s problems can’t be fixed by an iOS update, call Geek Rescue at 918-369-4335 or come see us. We fix hardware and software problems, as well as malware infections and more.
February 7th, 2014
Many internet users believe that the key to avoiding a malware infection is to only visit legitimate websites and never open suspicious looking email or download attachments. While this is certainly going to keep users safe from a large amount of malware, it doesn’t keep them safe from all of it. This is evidenced by a recent exploit of a vulnerability in Adobe’s Flash player. As Lucian Constantin reports for PC World, this exploit infected victims with malware capable of stealing users’ log-in credentials for a variety of websites.
Security experts uncovered 11 exploit files targeting this vulnerability, which reveals that the same security flaw was being used by hackers in different ways. Some of the exploit files were designed to execute other files, one downloaded other malicious files and one was a trojan that steals log-in credentials saved in email and web browsers.
Experts found that each file was embedded within Microsoft Word .docx files and target Windows users specifically. Though one attack used malicious emails with a rigged .docx file as an attachment to infect users, most files were found in internet caches suggesting they were downloaded from websites.
These files have already been used in attacks against real-world users, as evidenced by Adobe’s use of the phrase “in the wild” to describe them. Since the vulnerability is known in the hacking community, expect more attacks to be rolled out exploiting it.
To their credit, Adobe scrambled to release a patch that would eliminate the Flash security flaw. This is version 12.0.0.44 for Windows and Mac users. If you haven’t updated Flash on your machine yet, be sure to do that as soon as possible.
If your computer has been infected with malware, bring it to Geek Rescue or call us at 918-369-4335.
February 6th, 2014
There are a number of ways for hackers to hijack your web browser. Usually, this stems from a user downloading a seemingly legitimate application like a game or security tool. Hidden as part of that download is malware that allows for browser hijacking. As Lisa Vaas of Naked Security reports, Google Chrome users now have a better warning system in place for any attempts to hijack the browser.
Since October, Chrome has featured a “reset browser settings” option. To find it, go to the Advanced Settings menu and scroll to the bottom. Pushing this button resets Chrome to all of the default settings it came with and removes all extensions and apps associated with your browser. It’s like starting over from scratch, which is useful if a malicious program has changed settings you aren’t aware of.
The first few months of the ‘reset browser settings’ button’s existence, it was limited because of its relatively hidden place within the settings menu. There was always the possibility that users may not know about that option, or that they won’t know their browser is being hijacked.
Now, Google has introduced a new warning system that causes a message to pop-up on screen anytime Google’s settings are changed without the user’s knowledge. Users are able to reset their settings directly from that warning pop-up.
For some users, resetting their browsers back to the factory default settings isn’t the best option, despite evidence of browser hijacking. Many have already asked Google to include an option to return to a previously saved state. This way, you wouldn’t need to completely re-customize Chrome. Some of your extensions and settings would stay in tact, rather than resetting everything and making you alter every setting and add extensions again. There’s been no word yet if Google will make this possible in a later update.
Typically, browser hijacking is easy to spot. You’ll notice your homepage has been changed, or that ads are being injected into websites where they don’t belong. Some hijacking malware can’t be thwarted by a simple reset of browser settings, however. Depending on the type of infection you encounter, failure to find and completely remove the malware could result in repeated browser hijacking. In these cases, resetting your browser only fixes the problem temporarily.
If you believe your computer has been infected with malware, come see us at Geek Rescue or call us at 918-369-4335.
February 5th, 2014
Everyone has dozens of uses for their smartphone and walking around without one is strange. That’s why when your phone breaks, it’s a complete disaster. Thankfully, some hardware repairs aren’t that complicated. Eric Ravenscraft at LifeHacker explained some common repairs that you can perform on your smartphone yourself.
If you take the time to notice, it’s amazing how many people are walking around with cracked and broken screens on their smartphones. The cost and difficult of fixing your screen varies greatly from one device to another. For some phones, the glass is fused with the digitizer, which is how your smartphone interprets you tapping on the screen. If these two components are fused together, repairing and replacing them is much more expensive. Replacing the glass alone is much simpler and much cheaper, but it still requires a nearly complete disassembling of your phone.
Another common problem with smartphones is how easily the headphone jack breaks. Particularly if you use headphones with your phone while you exercise, there’s a good chance your headphone jack will break because there is a lot of stress being placed on the contact points. Replacing the jack itself isn’t overly difficult. The difficult part is getting to the jack. You’ll need to open your device, which ranges from needing to remove a few screws to nearly impossible for devices with unibody constructions.
Much like headphone jacks, buttons on your phone have plenty of stress on them over months of use. Eventually, they get loose or stuck and cease functioning. Again, you’ll need to open your smartphone to get access to broken buttons, which is by far the most difficult part of the repair. Depending on what button is broken, you may not need a hardware fix at all. There are software workarounds that may make that particular button obsolete.
Thankfully, the camera unit in smartphones rarely breaks. But occasionally, if a phone is dropped just right, the lens can crack. In other cases, internal camera sensors can experience problems too. Replacing broken glass may not require removing the entire camera assembly, depending on the device. This makes the repair much easier. For other issues, you’ll need to once again open your phone, then disconnect the a cable from the camera and remove it from the motherboard to replace it.
For any smartphone problem you’re attempting to fix yourself, you’ll need the right set of tools. This includes specialty screwdrivers and a tool to help you pry open the screen. You’ll also need a guide to your specific smartphone that helps you locate the hardware you’re replacing and details how to get to it. Understanding how difficult a smartphone is to repair is good to know before you purchase a new phone, also.
If you’d rather leave it to the professionals, bring your broken smartphone to Geek Rescue or call us at 918-369-4335.
