The Heartbleed Aftermath

by: Doug Zbikowski

heartbleed[1]It’s been over a month since the Heartbleed bug brought Internet security to the forefront of the news, and according to Errata Security’s Robert Graham, more than 300,000 servers across the globe are still vulnerable. This is a big drop from the 600,000 initially detected when the vulnerability first became public, but it’s still a large number.

After its discovery earlier this year, Heartbleed is still a serious threat because it can potentially release usernames, credit card information, passwords, and other personal data to attackers. It was determined a flaw in OpenSSL, a common tool used to encrypt and secure communication between a user to a server, is the source of this security breach.

Graham’s numbers are concerning, and they might just be the tip of the iceberg.

His testing was done by scanning port 443 (a port is a “channel” used in Internet communication that is reserved for a specific function. Port 443 is typically used for SSL traffic). There may be thousands…even millions…more servers out there using undetected alternate ports that are still unpatched. Read more of this post

Microsoft kills Windows XP – so now what?

by: Doug Zbikowski

April 9th, 2014 – a day that will live in computer infamy.

Windows XP was unleashed on the market on August 21st, 2001, and it’s an example of an operating system that may have been made a bit too well. Normally, versions of Windows become so outdated and frustrating that people mob stores when a new version is released. This never really happened with XP. People just kept using it, Microsoft kept updating it, and it seemed to work well enough for everyone. If it works, why change? Read more of this post

Cryptolocker- What You Need To Know

Within the last month, Internet security companies have discovered a new type of “ransomware” named Cryptolocker.

Ransomware has been around for a while. You may have seen those fake popup windows that show up on some websites saying “Your Computer is Infected! Click here to clean it!” Once you click, you’re prompted to run some shady software, and then that software keeps throwing up “Pay me or these screens will keep popping up” warnings.

Rogue antivirus software is the most common type of ransomware, but Cryptolocker puts a new twist on holding your computer hostage…and it’s both genius and a scary at the damage it can do. Unlike rogue antivirus software (which pretty much just keeps generating pop-up windows), Cryptolocker searches out all of your documents, photos, music files…anything you hold dear on your computer, and then proceeds to encrypt them with military-grade encryption. After it does this, a countdown screen appears and you have until the timer runs out to pay $300 (US) to obtain the key. As mentioned this is military grade encryption, meaning it has one key to unlock your files, and if that key is lost not even the NSA can get your files back. Read more of this post

Be careful out there: Conduit Search spyware is annoying the Internet

UPDATE: In early 2014 a more aggressive version of Conduit Search started showing up. If the below instructions are not effective, we would suggest using Malwarebytes to remove the infection. You can download a free version of Malwarebytes here. (During installation, you may want to uncheck the “Enable free trial of Malwarebytes Anti-malware Premium” box if you don’t want a 30 day trial of the premium software to install.) Once installed, simply click “Scan Now” and Conduit Search (as well as any other infections) should be cleared up pretty quickly. Business professionals may want to consider TOAST.net’s Managed Antivirus product instead, which will block and clean infections as well as send you a regular security report to help you manage your network.

_______________________________________________________________________

Original Article:

We’re seeing a lot of reports of something called Conduit Search showing up on customer computers over the last few weeks, causing problems ranging from an inability to get to certain websites to getting completely locked out of your Internet connection. Conduit Search is essentially a
browser hijacker: a program or an add-on that attaches to your web browser and changes settings in ways you did not authorize.  In this case, browsers that are infected with Conduit will have their home page changed to search.conduit.com, and any searches performed will go through Conduit’s search engine rather than Google, Bing, Yahoo, or whatever search engine you are used to using. This search information is collected by Conduit for marketing and ads, then search results are displayed that make the business money with each click. Read more of this post

Security Firms Recommend Disabling Java Due To New Exploit

Security researchers are recommending users disable Java on their computers after an exploit has been discovered that could possibly allow a malicious website to take control of your computer.

Java, a set of software tools that allows advanced features to run on websites, currently has a vulnerability that can allow an attacker to run unauthorized applications on a vulnerable computer. Being a zero-day vulnerability, antivirus firms and Oracle (the manufacturers of Java), have not had time to implement a fix, leaving both PC’s and Macs unprotected until a patch becomes available. Security firm Alien Vault as reported websites using this exploit are already showing up in the wild. Read more of this post

Keeping your computer safe

Keeping your computer safe and secure is easy. Cleaning up the results of not having the proper protection is difficult. Follow these tips to keep your computer…and your information…safe on the Internet:

 
  • Stay Updated: I hear some people saying “There are too many updates! Updates always mess things up! I skip/turn off updates!” This is a BAD idea. The reason Windows, antivirus software, or any other piece of software updates itself is usually because flaws have been found that hackers can take advantage of. If you put yourself in the right situation with an unpatched security hole in place, you’ve become a victim. Always run updates to any software as soon as it is available. If the updates will not install properly, seek out technical support or professional assistance. 
  • Watch for Fake Pop-up Windows: The #1 way of contracting a virus today is through pop-up windows designed to look like Windows error messages. You may see something that suddenly appears that says “Warning! Virus detected! Click here to download the cleaner tool!” Once you install this “tool” the software essentially holds your computer hostage — constantly popping up more windows bullying you into paying a fee for the “full version” of the fake software (known as “rogue antivirus”). Avoid this trap by verifying any virus detection directing from your antivirus software…not from a popup window. 
  • Watch Those Apps!: Social media sites like Facebook and Twitter are very popular, making them prime targets for scams. You may be sent invitations to play games, get free items, join clubs or lists, or even get added to a new game. These app requests often collect your information, and sometimes even end up sending themselves to people you know without your knowledge. They can also force things like pornographic advertisements, automatic postings, and spam emails. It is best to avoid installing any social application unless you know exactly what it is for and what it does. You can often do a quick Google search for the name of the app to see what people are saying about it.

Do You Need Antivirus Software Anymore?

Do You Need Antivirus Software?Ask the question “Do I need to run antivirus software?” and you’re likely to get a lot of strong worded responses one way or the other.

If you’re the one asking this question, the answer is probably “yes.” The full answer is a bit more complicated as antivirus software is but one ingredient in the recipe for security. Home and small business users will want to take note of this, because you are the people who tend to be on the lax end of PC security: Threats come from multiple sources, so you have to maintain multiple forms of protection. Multiple forms of protection does not mean running multiple copies of antivirus software. I see this from time to time on family and friends’ computers, with the proud claim “Nothin’ gets by me! Look at all the stuff it catches on a daily basis!” I’ll look at the logs and see a bunch of warnings about Norton Antivirus detecting suspicious activity from McAfee Antivirus, McAfee blocking Norton due to suspicious Internet traffic, or both of them failing because they’re trying to scan a file at the same time. Run only one antivirus package at a time. You’ll be better off and enjoy a much faster computer.

Multiple forms of protection DOES mean “keep a well rounded approach to all of your computer’s systems.” Here’s some things to consider when thinking about Internet Security: Read more of this post

%d bloggers like this: