Large Scale Log-In Theft Uncovers Weak Passwords

December 4th, 2013

Password on keyboard

A recent discovery of two million passwords to online accounts is making headlines. Violet Blue of ZDNet reports that a botnet is responsible for stealing users’ passwords to Facebook, Google, Twitter, Yahoo, one of the world’s largest providers of payroll services and more.

Though some have reported that the victims in this password heist are all located in the Netherlands, they’re actually believed to be spread across the globe. The criminal responsible used tactics to disguise his actions and make it look like the victims are all located in the Netherlands, but because of this it’s difficult to tell exactly where the passwords come from.

A tool called a Pony Botnet Controller is recognized as the root of this attack. It’s capable of stealing hundreds of thousands of passwords within only a few days of infection. In this particular infection, more than 1.5-million passwords to website’s were stolen along with 320-thousand email credentials, 41-thousand FTP credentials, 3-thousand remote desktop credentials and 3-thousand Secure Shell credentials.

When passwords are stolen in this manner, it should trigger action from all users regardless of whether they are actual victims. The stolen passwords become common knowledge for hackers. These passwords are used in lists that are part of hacking attempts on all kinds of online accounts. So, while your account may not have been compromised, someone with a similar password may have been, which in turn puts you at risk.

Shockingly, some of the most popular passwords found in this batch of stolen log-ins were extremely rudimentary. Almost 16-thousand of the stolen passwords were “123456”. “Password” was used over 2200 times and ‘admin’ accounted for almost 2000 of the stolen passwords. Overall, some form of the numbers 1 through 9 in order accounted for eight of the top ten most used passwords that were stolen.

This suggests that too many users are still using easy to remember, and incredibly easy to hack passwords for important accounts online. Using these passwords puts sensitive data at a significant risk. So, take this opportunity to create a stronger, original password for all of your accounts before you become a victim in the next attack.

If your computer is infected with malware, or you’d like to improve security to prevent an infection, call Geek Rescue at 918-369-4335.

Hundreds Of Thousands Of New Malicious Websites Discovered In Past 30 Days

December 3rd, 2013

Hacker concept

As an internet user, you’re able to do more, access more and store more online than you’ve ever been able to before. Unfortunately, that makes your data more valuable to criminals than it has ever been before. Because of this, malicious tools used to steal your log-ins or personal information are rapidly on the rise. Tim Wilson, of Dark Reading, reports that over the past month there have nearly 344-thousand new malicious websites discovered. These websites vary in their design and goal, but all of them are being used by hackers to steal your identity, data or money or to infect your computer.

On average, this means there are about 11,500 new malicious website springing up every day, which significantly increases the likelihood that a typical user will stumble across one of these sites. About 173-thousand of these websites have been identified as malware distributors. These sites often download malware to your computer without any action being taken on your part, beyond simply loading the website. Many times this download will take place in the background, which means it could be weeks or months before you learn that you’ve been infected.

About 114-thousand of the malicious websites were labeled as phishing sites. These sites attempt to steal users log-ins and passwords. Usually, they’ll use the name and logo of a familiar site to attempt to fool visitors into thinking they’re on a trusted page. Most often in these examples, PayPal was used to gain access to accounts and steal users’ money. There has also been a rise of site designed to steal users’ Google log-ins. This is attributed to the fact that one Google log-in can give an individual access to Gmail, Google Drive and Calendar, Google+ and more.

These increasing threats illustrate the need for effective security on any device you use to access the internet. For help putting the proper security precautions in place at home or at your place of business, contact Geek Rescue at 918-369-4335. If you have a device that’s been infected with malware, bring it in to one of your convenient locations.

The Nexus 5 Has A Wired Headset Problem

November 25th, 2013

Woman on headset

The Nexus 5, Google’s latest Android smartphone that many consider a major competitor to the iPhone, was released only a few days ago. Those early adopters that jumped on the phone are already reporting a major issue, however. As Kurt Marko writes for Information Week, the Nexus 5 doesn’t work with most wired headsets. Users say that they can’t be heard by those they call when using a wired headset, but there are some solutions.

The problem only affects those using wired headsets, which means the Nexus 5 works fine with bluetooth or when making a phone call and speaking directly into the phone. Some have reported that the Nexus 4 had the same problem, but the Nexus 10 tablet appears to have no issue.

Some testing suggests that this is a software problem. By using an app that allows recalibrating of the microphones, it was discovered that a wired headset works great for recording. However, there’s no way to recalibrate the microphone for making phone calls with the headset.

Others, however, have suggested that the problem lies in the way the wired headsets are designed. Most are built for iPhone users, but Apple uses different specifications than other manufacturers. What that means for Nexus 5 users is that a work-around is necessary if you want to be heard while making phone calls with a headset. With a headset is plugged into the Nexus 5, hold down the ‘pause/resume’ button. This will connect you to the proper input and allow your voice to be heard. It eliminates the ability to end calls or pause music, however.

Google has already publicly stated that they’re aware of the problem and are working on a fix. Until that fix comes, users are stuck being forced to hack their headset, or to go without one.

Regardless of what smartphone you use, Geek Rescue fixes whatever problems you encounter. Bring your phone in to one of our locations or call us at 918-369-4335.

Google Making Extensions More Secure In Chrome

November 8th, 2013

Google building

One of the most common complaints about Google’s popular web browser, Chrome, is its inordinate number of security vulnerabilities. As Gregg Keizer reports for Computer World, Google is doing its part to close up one of the most noticeable flaws in its security by no longer allowing the installation of extensions that aren’t in the Chrome Web Store.

Currently, users can browse the Chrome Web Store for extensions, which other browsers call add-ons, much the same way you would browse for apps on your smartphone. These extensions grant the browser additional capabilities. Extensions have also been found outside of the Web Store. Some third party vendors offer Chrome extensions directly on their site’s, or included in downloads of their applications. Some companies have even engineered their own extensions specifically for their employees. Under Google’s new rules, these third party extensions would no longer be accepted by Chrome browsers.

The reason for this move is that it keeps users from accidentally downloading malicious extensions. By limiting users to only installing extensions from the official Web Store, Google is able to police all extensions available and remove those that contain malware or act maliciously.

Android hasn’t yet made the same move to limit users to only apps found in the Play store, but they do recommend that users stick to those apps. Otherwise, users risk infecting their devices with apps that haven’t been officially approved by Google.

This move for Chrome has been in the works for some time. When Chrome 21 launched in 2012, it no longer accepted extensions installed directly from a third party website. Earlier this year, Chrome again tightened extension security by adding a feature that blocked silent installations of extensions and disabled those already installed. This closed a vulnerability that allowed hackers to install extensions without a users knowledge. Usually, this was done in response to another user action to download from an untrusted source.

In order to completely close any remaining loopholes, Chrome has now gone to a strict policy of only allowing extensions directly from the Web Store. That doesn’t mean, however, that independent developers, and those developing extensions for company use, can’t continue to use their own extensions. The Web Store offers an option to hide extensions from the public and only make them available to those they’re intended for. Extensions will also still be available to download directly from third party sites, as long as the same extension has also been added and approved in the Web Store.

These changes aim to make Chrome a more secure browser. To upgrade your security at home or at the office, contact Geek Rescue at 918-369-4335.

The Top Features Of Google’s New And Improved iOS App

November 6th, 2013

iPhone 5C

This week, Google made its new iOS app available to iPhone and iPad users. Experts are praising its improved functionality and additional features. Salvador Rodriguez, of the LA Times, published his favorite new features. Here’s a list of the Google apps new features and why you’ll like them.

  • Image Search

The Google app’s image search has been upgraded to allow for more user interaction. After selecting an image from search, users can zoom in on that image, or use two fingers to minimize the selection and continue searching.

  • Voice Search

Siri has attained her share of critics from iOS users, but Google’s voice search is improved as a superior alternative. The Google app has to be open to be used, but when it is, users only need to say “OK Google” and the app will start listening for voice search. The speech recognition ability within the app is considered by most to be better than Siri.

  • Google Now

Previously, Google Now notifications were only available to Android users. In the new Google app, these notifications are available on iOS. Users are able to set reminders based on time, or when they reach a specific location. For example, you could remind yourself to buy an item at the store and Google Now would send your phone a notification once you’ve reached the store.

  • New Cards

Google Now also features new cards that show you what you’ve purchased and reserved recently. Tickets for movies, concerts and other events are displayed here. Also, airplane tickets, car rental reservations and hotel reservations are stored here. There’s even a listing of upcoming events in your area.

These new features make Google’s iOS app more useful and easier to use. If you have an iPhone or iPad, it’s a worthy addition.

If you’re having trouble with your Apple device, or any device, come by Geek Rescue, or call us at 918-369-4335. If it boots up or turns on, we fix it.

Pre-Installed Apps On Android Smartphones Present Security Issues

November 6th, 2013

Android smartphone

If you have an Android smartphone, you’ve probably noticed that there are a number of apps that came pre-loaded on it that you don’t need and don’t use. These apps come from the phone’s manufacturer, but as Liam Tung of ZDNet writes, they may be creating  vulnerabilities in your smartphone’s security.

Researchers at North Carolina State University examined pre-installed apps on smartphones made by Google, Samsung, HTC, LG and Sony. Of the 10 devices studied, 86-percent of pre-loaded apps requested more permissions than they actually used. This gives the apps access to data they don’t need, but that data becomes accessible when the app is compromised.

In terms of sheer number of vulnerable, pre-installed apps, the HTC Wildfire S and the Samsung Galaxy S2 had the most of the pre-2012 devices. For post 2012, the Samsung Galaxy S3 contained a stunning 40 vulnerabilities. In contrast, Google’s Nexus 4 only had three vulnerabilities.

Google itself has a good track record for releasing security patches to fix vulnerabilities found on their hardware. However, for individual manufacturers like Samsung, Sony and HTC, these patches take time to roll out to customers. For the devices studied, an average of 6-months is how long it took for an officially released security patch to finally make it to all affected customers. That amount of time leaves a large window for hackers to exploit those vulnerabilities.

Some of these native apps are able to be removed by users, but many others cannot be. This means users stay at risk until an appropriate security patch is released to fix the problem. So, next time you’re in the market for a new Android smartphone, be sure to consider how many pre-installed apps it comes with.

At Geek Rescue, we remove malware, fix broken hardware and improve security on all kinds of devices, including smartphones. Whatever your issue, call us at 918-369-4335 or stop by one of our locations.

Google Developing Malware Blocking Tool For Chrome

November 1st, 2013

Web browser with lock and chain

Google Chrome is the most used internet browser in the US. Users have long complained that it lacks some basic security features that would make browsing much safer. Juan Carlos Perez, of InfoWorld, reports that Google is attempting to make the Chrome experience safer by adding a tool that would block malware from being downloaded.

Chrome already contains options to be alerted when visiting an insecure, or potentially malicious, website. This new malware blocking tool would offer a similar alert from the download tray when a malware file is blocked from being downloaded.

Users encounter a shocking amount of malware online. Some download it thinking it’s something else, while other times the malware is automatically downloaded after clicking a link or landing on a site. As of now, Chrome offers no way of stopping these malicious or accidental downloads.

So far, there’s little else known about Chrome’s malware blocking tool. It isn’t widely available yet. Google plans to an early version of their Chrome Canary browser, which is meant for developers and other tech-savvy users. It’s speculated that should the tool prove to be valuable, it will roll out to all Chrome browsers.

Even with a malware blocker in place in your web browser, you computer is still at risk. Other security measures are needed to protect you from other threats. Without seeing Chrome’s malware tool in action, it remains to be seen how it integrates with other security programs.

Geek Rescue offers a range of security options to keep your devices secure. We also eliminate malware and viruses. Come by or call us at 918-369-4335.

Google’s Project To Protect Website’s From DDoS Attacks

October 21st, 2013

Security shield

A lot of attention has been paid to Google’s recent changes. From their Hummingbird update of their search algorithm, and encrypting searches, there’s been no shortage of headlines about the search giant’s actions. Their latest move, however, isn’t about improving their own site. Instead, it’s an attempt to improve security for smaller, at risk sites.

Lorenzo Franceschi-Bicchierai, of Mashable, reports that Google has launched ‘Project Shield’, which allows small websites to offer content through Google’s infrastructure to keep them from being taken down by Distributed Denial of Service attacks.

A DDoS attack is a cyber attack that attempts to shut down a website by overloading it with malicious traffic. The traffic is impossible to block because it originates from thousands of individual, compromised machines.

With Project Shield, Google is trying to help individually owned websites that serve a public good in so-called “high risk conflict zones”. These would include Syria, Egypt and any country where the internet is controlled by the government.

In such countries, governments have used DDoS attacks in the past to take down certain websites. One example of this is a Syrian website set up by an activist to track scud missiles. The Syrian government used a DDoS attack to knock the site offline in July.

With it’s own DDoS prevention measures and an offering to serve content through Google’s resources, Project Shield is hoping to protect these types of sites, which are usually operated by small human rights organizations without the means to protect themselves.

Google is currently accepting applications to be “trusted testers” from sites that feel they deserve Project Shield’s protection.

For businesses in the US, Google is not offering such protection, but DDoS attacks and other cyber threats remain a serious concern. To improve your company’s security, contact Geek Rescue. We offer a variety of security solutions to keep you safe from attacks. Call us at 918-369-4335.

Malicious Extensions Are A Growing Threat

September 26th, 2013

Web Browser

Browser extensions enhance the capability of your web browser. There are a number of uses for browser extensions. Many are designed to improve security or boost productivity. Recently, more and more extensions have been made by hackers, however.

Lucian Constantin, of ComputerWorld, writes that malicious browser extensions are a growing concern among security experts. That’s because they are difficult to protect against.

Malicious extensions have been seen before. They’ve been used to hijack searches and show ads to users. Recently, an IT security consultant was able to create an extension with much more harmful capabilities.

This example malware was able to be controlled remotely. It’s able to bypass two-factor authentication, perform functions, such as downloading other malicious files or controlling the webcam and steal data.

Malicious extensions are a growing concern, but there are few options available to protect yourself from them. Many antivirus programs are unable to detect and remove this malware. Security extensions added to your browser are also powerless.

Your chosen web browser actually has a significant effect on how much at risk you are. Firefox users are considered to be the most vulnerable. This is because it allows for third party extensions to be added, which means hackers can convince users to install the malicious extensions themselves, or can use malware downloaded through other means to install them remotely.

Chrome users, on the other hand, are at a relatively low risk. Chrome only allows extensions to be added from their Web Store, which only contains extensions that have been approved by Google. This doesn’t mean that there can be no malicious extensions added to a Chrome browser. It just means it’s much more difficult than with Firefox.

Exercise caution when adding extension to your web browsers and make sure you understand what your security software does and does not protect against.

To improve the cyber security on your home computer or at the office, contact Geek Rescue at 918-369-4335.

New Threats In Chrome’s Web App Store

September 12th, 2013

Malware

For users of the web browser Google Chrome, a new malware threat has emerged. This threat looks a lot like Candy Crush and Super Mario.

Eric Johnson, of All Things Digital, describes the “wild west” atmosphere of the Chrome Web App store. Unlike Google Play, the app store for Android mobile devices, Chrome’s Web App store is much less regulated.

This lack of regulation has lead to a number of knock-off apps. Mostly, these apps are recreations of famous games like Super Mario, Candy Crush Saga, Fruit Ninja, Doodle Jump and Sonic the Hedgehog. These games aren’t licensed by their original creators and many are suspected to contain malware.

It’s not hard to understand why malware is included in these recognizable games. Users see a game they played in their youth, or a game they’ve heard is popular now, and want to try it out. It’s a naturally attractive app for what seems like no obligation. However, the apps are usually poor quality and infect your computer with malware.

The key to spotting these knock-off, malicious apps is simple. First, understand that Nintendo, Sega and other giant game companies aren’t making officially licensed apps for Chrome. If you have any further questions, look at the website associated with the app. In the case of a Candy Crush Saga knock-off, the website was listed as candycrushsaga.blogspot.com, which is not associated with King, the game’s developer.

If you have added one of these apps or another app you think contained malware, run your fully updated virus scan after you remove the app from Chrome.

For additional security on any of your devices, contact Geek Rescue at 918-369-4335. We offer security solutions to keep you safe from malware, spam email, viruses and more.