The Heartbleed Aftermath

by: Doug Zbikowski

heartbleed[1]It’s been over a month since the Heartbleed bug brought Internet security to the forefront of the news, and according to Errata Security’s Robert Graham, more than 300,000 servers across the globe are still vulnerable. This is a big drop from the 600,000 initially detected when the vulnerability first became public, but it’s still a large number.

After its discovery earlier this year, Heartbleed is still a serious threat because it can potentially release usernames, credit card information, passwords, and other personal data to attackers. It was determined a flaw in OpenSSL, a common tool used to encrypt and secure communication between a user to a server, is the source of this security breach.

Graham’s numbers are concerning, and they might just be the tip of the iceberg.

His testing was done by scanning port 443 (a port is a “channel” used in Internet communication that is reserved for a specific function. Port 443 is typically used for SSL traffic). There may be thousands…even millions…more servers out there using undetected alternate ports that are still unpatched. Read more of this post

New vulnerability endangers Internet Explorer users

By: Doug Zbikowski

iewarn

UPDATE (May 1, 2014, 1:30pm ET): Microsoft has released an emergency patch for the Internet Explorer vulnerability. In a surprise move, they also released an update for Windows XP! Head over to Windows Update to get it.

A new bug has been discovered that could put Internet Explorer users at serious risk. Until the problem is fixed security experts are calling on users to switch to an alternative browser such as Google Chrome or Mozilla Firefox. In a rare move, the US Government is advising to users to switch to another browser until Internet Explorer is fixed.

On April 26th, 2014, Microsoft announced that all versions of Internet Explorer are at risk for “drive-by” attacks from malicious websites. This new vulnerability, dubbed CVE-2014-1776, has the potential to give hackers direct access to your computer, allowing infected web sites to install malicious applications, create new Windows accounts, and change or delete data stored on the computer. Disturbingly, these attacks have actually been observed in the wild by Internet security firm FireEye, who started observing this type of attack as early as February. Microsoft says attacks seem to be coming from websites that feature advertisement feeds or user-provided content where an attacker could insert malicious code. At this time it is unknown whether Microsoft will release an emergency patch or wait until patch Tuesday on May 13th to fix the vulnerability. Read more of this post

Microsoft kills Windows XP – so now what?

by: Doug Zbikowski

April 9th, 2014 – a day that will live in computer infamy.

Windows XP was unleashed on the market on August 21st, 2001, and it’s an example of an operating system that may have been made a bit too well. Normally, versions of Windows become so outdated and frustrating that people mob stores when a new version is released. This never really happened with XP. People just kept using it, Microsoft kept updating it, and it seemed to work well enough for everyone. If it works, why change? Read more of this post

Passwords: Your First Line of Defense in Internet Safety

Loginby: Doug Zbikowski

It’s amazing how many Internet services an average person uses. For example I’ll pick on my parents as they’re the least tech-
savvy people I can think of at the moment: they fall in the “light user” category, yet in an average week they may log into :

  • email
  • Facebook
  • a couple of banks
  • investment accounts
  • health insurance website
  • several retail store accounts
  • Amazon
  • credit card services
  • utility services
  • Netflix

…and probably more. That’s 10+ services for a novice user on a weekly basis. Each one of these services requires a way to identify yourself, and that’s usually in the form of a username and password. Read more of this post

Google Sync and Outlook 2013

outlookvsgmailUPDATE 11/22/13: Google has heard our pleas! Google Sync now works with Click to Run versions of Outlook 2013.  Read more on Google’s support site.

Download Google Apps Sync v. 3.5.365.980 with support for Outlook 2013 Click-to-Run edition.

Google Sync is a powerful product for business: it provides complete email, contact, and calendar synchronization between a Google Apps for Business account, mobile devices, and Outlook…or at least it used to.

Recently, Microsoft began distributing its popular Office software via a new method called “Click to Run.” CTR versions of Office software install from the web and seem to operate partially on the user’s desktop and partially in the cloud. This change makes CTR version of Outlook 2013 incompatible with Google Sync, and Google is hinting that a work-around from them is not likely. Read more of this post

The Right Tool for the Right Job: Using Apps on Mobile Devices

It’s predicted that this year tablets will outsell PCs for the first time, a clear sign that Internet usage is moving towards a more portable and accessible format. Smartphones are showing a similar upswing, with a recent Pew Research Center study showing that 56% of Americans are currently using a smartphone. Both tablets and smartphones are small devices with a big job: display all of the information on the Internet in a usable manner on a small screen: you could be viewing content on a screen anywhere from 3.5″ to 10″. Compared to a laptop’s 15″ screen or a PC’s 23″ monitor, that’s not a lot of room. All of that information needs to be converted into a format that works well with a small display, and there are specialized tools to do that. Read more of this post

Cryptolocker- What You Need To Know

Within the last month, Internet security companies have discovered a new type of “ransomware” named Cryptolocker.

Ransomware has been around for a while. You may have seen those fake popup windows that show up on some websites saying “Your Computer is Infected! Click here to clean it!” Once you click, you’re prompted to run some shady software, and then that software keeps throwing up “Pay me or these screens will keep popping up” warnings.

Rogue antivirus software is the most common type of ransomware, but Cryptolocker puts a new twist on holding your computer hostage…and it’s both genius and a scary at the damage it can do. Unlike rogue antivirus software (which pretty much just keeps generating pop-up windows), Cryptolocker searches out all of your documents, photos, music files…anything you hold dear on your computer, and then proceeds to encrypt them with military-grade encryption. After it does this, a countdown screen appears and you have until the timer runs out to pay $300 (US) to obtain the key. As mentioned this is military grade encryption, meaning it has one key to unlock your files, and if that key is lost not even the NSA can get your files back. Read more of this post

Follow

Get every new post delivered to your Inbox.

Join 1,476 other followers

%d bloggers like this: