Category: Uncategorized

Quick and easy ways to protect yourself from cyber criminals this holiday season The holidays are coming and everyone's looking for a way to make a few extra bucks.  Unfortunately, this includes the scoundrels behind the fake tech support scams that seem to be so effective.  We've reported a couple of times in the past the telephone tech support scams but the ArsTechnica article below does a really good job of outlining (via the FTC complaint) how another similar attack works.  With folks spending a lot of time shopping online (with or without the holiday eggnog), the unfortunate reality is that many will become victims of these scams.  We've put together the following short list of some things to keep in mind when it comes to your computer: Find a good tech support…

Earlier today we erroniously posted an article noting that, regarding MS14-068 (the TLS patch), "it may be worth waiting to see if anyone else has problems with it".  That is not the case and all users should update as soon as is feasible.  This update addresses a "vulnerability in Kerberos could allow elevation of privilege and could allow for forging of part of Kerberos service ticket.".   Contrary to the earlier post, this update should be applied as soon as possible.     From the Microsoft Technet site directly (bold and italics added): Summary: This security update resolves a privately reported vulnerability in Microsoft Windows Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these…

The Internet Storm Center posted earlier today that Microsoft plans to release MS14-068 today which apparently addresses a critical vulnerability in several versions of Windows that can allow an attacker to escalate access on a vulnerable computer.  The text of the ISC article is below and I suspect Microsoft will be making downloads available shortly.  I have not seen any indication (yet) that this is remotely exploitable, so it may be worth waiting to see if anyone else has problems with it.  Additionally, I still haven't heard much about MS14-075 and there are no additional details on the Microsoft site (yet).  We expect to this update available to MyIT customers so that will be installed during normal reboots.     Today, Microsoft will release MS14-068. This is one of the bulletins that…

What's New 2014 Holiday Schedule - Below is our 2014 holiday schedule.  As we move into the 2014 holiday season, we want to wish everyone a Happy Thanksgiving, a Merry Christmas and a Happy New Year.   Thanksgiving - Closed Thursday, 27 November and Friday, 28 November 2014. Christmas - Closed Wednesday, 24 December and Thursday, 25 Decmeber 2014. New Year - Closed Wednesday, 31 December [2014] and 1 January 2015. What do the Target Breach and Home Depot breach have in common?  In December of 2013, we learned that Target had suffered a massive security breach where the identities of more than 40 million people were exposed.  In September of 2014, we learned that Home Depot suffered a massive security breach where the identies of more than 50 million people…

RAID is not a backup (and backup is not RAID) How can I use RAID and backups to protect my data?   Today, our lives revolve around data;  documents, spreadsheets, pictures, movies, contacts, calendars, emails, etc., and all of that data resides on a hard drive somewhere.  Those hard drives, how they're configured and how your data is (or is not) protected is the subject of this article.  If you have any data, grab a cup of coffee and a comfy chair and I'll try to explain RAID, backup and why the two aren't the same in human readable language :). Why are things like RAID and backups important?  The value or importance of things like RAID and backups are directly related to the value or importance of the data.  If…

Do you have a smartphone?  If so, is it encrypted?  Smartphones (and / or tablets) like the iPhone and various Andriod phones have offered the option to encrypt the phone for some time now.  I've been a big fan of this for some time and have a number of clients that routinely store sensitive information (emails from clients, documents, photos, etc.) on their phones or have VPN access to their offices on their phones that also make extensive use of the encryption options available.  It's always been hard though to get folks that don't know that they have sensitive information on their phones to encrypt them though because it's perceived as an extra layer of complexity without any real benefit.  That may no longer be the case though.  According to…

Beware of fake support calls! The scam artists are at it again.  If you get a phone call reporting to be 'Microsoft Support', beware. Ring, Ring (You) Hello (Bad Guy) Yes, this is <name> from Microsoft Support.  I am sorry to inform you that your computer has a virus. (You) Oh my!! (Bad Guy) Yes, it could have been bad, but it looks like we caught it just in time.  If you have a moment, I would be happy to remove it for you. (You) Yes, please do.  Is there a cost for this? (Bad Guy) Absolutely not, we just want you to be safe.  Would you like to proceed? (You) Oh, thank you!!  Yes, please proceed. (Bad Guy) Ok, it looks like you're running Microsoft Windows, is that correct? (You)…

Back in August HP announced a voluntary recall for a number of their power adapters that came with laptops sold between September 2010 and June 2012. HP indicates that not all laptops sold within those dates are affected but advises those who purchased a laptop during that time period to check with their website to see if your adapter is a part of the recall. HP warns that those adapters affected, "may pose a risk of a fire and burn hazard to customers" and assures customers, "We are taking this action as part of our commitment to provide the highest quality of service to our notebook customers." According to HP, if your power cord has the markings "LS-15" molded into the plastic of the adapter then it is advised you follow the link…

What's New New vulnerability pottentially affecting all USB devices.  At BlackHat 2014, Karsten Nohl and Jakob Lell gave a presentation on what they called BadUSB, a vulnerability at the core of USB devices that allows an attacker to literally reprogram pretty much any USB device so that it can be used for evil.  The code for the exploit was not released at Black Hat but was later released at Derbycon in Kentucky and is now being spotted 'in the wild'.  At this time there is no defense against BadUSB and, to make matters worse, there is no way to detect it.  It's not realistic to tell people "don't use USB devices at all" but there are a few things that you can do to mitigate the risk until a method for detecting…

Important information for Mac users regarding the Shellshock bug The Shellshock bug was announced on 24 September as a vulnerability in the Bash shell, present on many Unix and Unix like operating systems.  Somewhat burried in the story was that this also affected Mac OSX based computers becuase, on the backend, they are basically Unix (ok, so it's BSD, but the important thing to remember is that it's got Bash).  We originally shared this article via our Facebook page on 25 September and it mentioned the fact that Macs were vulnerable, but we've gotten a number of questions on the subject and I wanted to get the word out there.  The short story is that, if you have a Mac that's running any version of OSX, this vulnerabilty can affect you.…