10Oct 2014 by nathan

October 2014 News and Updates

Uncategorized
What's New New vulnerability pottentially affecting all USB devices.  At BlackHat 2014, Karsten Nohl and Jakob Lell gave a presentation on what they called BadUSB, a vulnerability at the core of USB devices that allows an attacker to literally reprogram pretty much any USB device so that it can be used for evil.  The code for the exploit was not released at Black Hat but was later released at Derbycon in Kentucky and is now being spotted 'in the wild'.  At this time there is no defense against BadUSB and, to make matters worse, there is no way to detect it.  It's not realistic to tell people "don't use USB devices at all" but there are a few things that you can do to mitigate the risk until a method for detecting…
Read More
06Oct 2014 by nathan

Mac users take note. The “Shellshock” bug affects you.

Uncategorized
Important information for Mac users regarding the Shellshock bug The Shellshock bug was announced on 24 September as a vulnerability in the Bash shell, present on many Unix and Unix like operating systems.  Somewhat burried in the story was that this also affected Mac OSX based computers becuase, on the backend, they are basically Unix (ok, so it's BSD, but the important thing to remember is that it's got Bash).  We originally shared this article via our Facebook page on 25 September and it mentioned the fact that Macs were vulnerable, but we've gotten a number of questions on the subject and I wanted to get the word out there.  The short story is that, if you have a Mac that's running any version of OSX, this vulnerabilty can affect you.…
Read More
09Sep 2014 by nathan

September 2014 News and Updates

Uncategorized
What's New Get off your can and do what you can.  I'm excited about our program to refurbish previously loved Windows XP workstations with Ubuntu Linux and getting them in the hands of folks that otherwise would not have a computer.  In case you missed it, here are the details of the program, but the short story is that if you or someone that you know doesn't have a computer but would like one, we are giving away working computers pre-loaded with Ubuntu Linux.  These are computers that had Windows XP installed but were not upgraded (for whatever reason) to Windows 7 but will run Ubuntu Linux just fine.  These are first-come, first-served. The Home Depot Breach?  By now, you've likely heard that The Home Depot has suffered a massive data breach…
Read More
12Aug 2014 by nathan

Significant Security Updates from Adobe

Uncategorized
Ok, so this is ripped direct from the article on SANS, but Adobe has released several updates with the August updates.  The download in the earlier email also work but, looking at the issues addressed, this is worth a separate post.   Adobe has released security updates for Adobe Flash Player, Adobe AIR, Adobe Reader, and Acrobat. The updates are rated as critical and an impressive number of CVE entries. CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545, CVE-2014-0546. Summary: update now. http://helpx.adobe.com/security/products/flash-player/apsb14-18.html http://helpx.adobe.com/security/products/reader/apsb14-19.html  Cheers,Adrien de BeaupréIntru-shun.ca Inc.My SANS Teaching Schedule   All users are encouraged to install these updates.  These updates will be automatically applied at the next reboot for Cyber Tech Cafe MyIT clients.
Read More
08Aug 2014 by nathan

August 2014 News and Updates

Uncategorized
What's New Internet Explorer is the new Java?  According to the news, Internet Explorer seems to have dethroned Adobe and even Java as the most popular way the bad guys use to gain access to your computer.  According to the article, the number of vulnerabilities in Internet Explorer have increased more than 100% over 2013 levels.  What does this mean to you?  Don't use Internet Explorer.  Use Google Chrome, Mozilla Firefox or even Apple Safari but avoid Internet Explorer. Encryption is the wave of the future.  The Internet first 'met' Cryptolocker in September of 2013 and, since then, it's made a pretty significant splash and there have been a number of similar viruses (think Synolocker) that have started claiming their share of victims.  Basically, you get a virus (through an…
Read More
08Aug 2014 by nathan

Scam Alert – Fake American Express notification

Uncategorized
Beware of scammers trying to use phishing tactics like security notifications to lure you into clicking a malicious link The whole "there's something horrible about to happen if you don't click this now" scam is nothing new, but the scammers are getting really good at making their bait look legit.  I received an email earlier today, reportedly from American Express, and thought that it would be a good example of what to look for.  Some interesting things to note: The email looks legitimate.  It has the American Express logo, mailing addres, etc., but doesn't include a telephone number. The link, even though the text presented to the victim says http://americanexpress.com, the actual link (e.g., where you're going) is http://amelican-excress.com/americanexpres .  The domain name amelican-excress.com is registered to a Chinese company with a…
Read More
24Jul 2014 by nathan

Disturbing but not surprising news about Internet Explorer.

Uncategorized
Bad things keep happening to Internet Explorer.  Why that's a big deal and what you can do to avoid it. What is Internet Explorer?  Internet Explorer or, 'the big blue e' is an Internet web browser.  An easy way to think of it would be to liken the Internet to an object in a square room with four windows.  One 'window' would be Internet Explorer, one 'window' would be Google Chrome, one 'windows' would be Mozilla Firefox and one 'window' would be Apple Safari.  There are other web browsers, but those seem to be the 'big ones' at the moment.  The important thing to note here is that, when you view the object inside the room through the window that is Internet Explorer, you're viewing the exact same object that…
Read More
23Jul 2014 by nathan

Beware of fake tech support call scams (again)

Uncategorized
So, you're sitting at home, perhaps on your computer and perhaps not, but the telephone rings.  On the other end is a very friendly person who identifies themself as an employee of Microsoft who, while monitoring your computer noticed that you were infected with a virus, malware, spyware or whatever the latest buzz word for malicious software is and they're calling you to take care of it.  It sounds official and, more importantly, it sounds urgent, there's no time to confirm who they are or call your 'regular' IT guy, you've gotta fix this NOW.  Thankfully, the nice person on the other end of the phone offers to remote into your computer and fix it for you.  Unfortunately, the person on the other end of the phone is a scam artist and,…
Read More
03Jul 2014 by nathan

The hard lessons learned this week about switching telephone and Internet service

Uncategorized
Thinking about switching your telephone and / or Internet service to get a better deal?  A little pre-planning can save you a lot of money and heartache. Customer : Hello, computer support company?   Tech Support : Yes, can I help you? Customer : Yes, please help.  I just upgraded or changed my telephone and / or Internet service and now nothing works.  The tech that the phone / Internet company sent out broke it and now says that he's not allowed to fix it. Tech Support : Is the tech from the provider still there? Customer : No, they've already left.  They said that their stuff was good and that it was our problem. Ok, so here's the deal.  You have a small business.  You have a few computers, maybe some…
Read More
09Jun 2014 by nathan

June 2014 News and Updates

Uncategorized
What's New Is TrueCrypt Gone? - The short answer is, as far as the name "TrueCrypt" is concerned, it likely is.  On 28 May, SANS reported that TrueCrypt had been effectively taken offline and replaced with a warning that TrueCrypt was no longer secure.  We are currently reviewing a numbef of alternatives to TrueCrypt for partial / full disk encryption and will post our recommendations soon.  One thing to keep in mind is that, although the license for the TrueCrypt project prohibited it's continued development under the moniker "TrueCrypt", the project was open source and used / loved by literally millions.  The code audit is not complete but, at this time, no actual threat to data encrypted by TrueCrypt has been found.  A number of well renound authorities on security have noted that,…
Read More