Proactive Computing

Intelligent IT Solutions and Support

Tag: support (page 1 of 2)

Microsoft releases 14 patches for Windows

bug-162019

Microsoft released patches for 14 vulnerabilities in its Windows operating system, Office and Internet Explorer software on Tuesday, including four it deemed critical, it’s highest severity rating.

All four of the critical bugs could allow attackers to remotely execute programs on a targeted system, something that in the past has allowed hackers to steal personal information such as passwords or take over machines for the purpose of sending spam.

The patches were released as part of the company’s monthly “patch Tuesdaysecurity update for its major software products. The company had originally planned to deliver 16 updates Tuesday, but two are marked as yet to appear. They include one that was expected to carry a critical rating.

At 14, the number of patches is a monthly record for 2013 and 2014.

They include a problem with Windows Object Linking and Embedding that could allow remote code execution if the user visits a website containing malicious code. If the user is logged in as the administrator, the attacker could gain the ability to install programs and change and delete data. A related patch for Internet Explorer fixes the vulnerability with malicious websites and 16 other problems with the software, said Microsoft.

A security update for the Microsoft Secure Channel software in Windows fixes a problem that leaves Windows Server vulnerable to attack from specially crafted packets. The fourth critical patch fixes a hole in Windows that allows attackers to invoke Microsoft XML Core Services from a malicious website and then remotely execute code on a target system.

A further seven patches are marked as important—the second highest rank.

One vulnerability in Microsoft Office allows for remote execution of code, four additional problems allow attackers to assign themselves higher privileges and two allow bypass of certain security features in Windows.

via Microsoft releases 14 patches for Windows security problems | PCWorld.

Article: 5 steps to keep your accounts safe from hackers and scammers

Throughout the flood of hacks and data breaches at retailers, restaurants, health care providers and online companies this year — Home Depot, Target, Subway, Adobe and eBay were just a handful — the one safe haven was the banks. Unlike other companies, banks had a long history of keeping bad guys away from our money and personal data.

Unfortunately, that’s no longer something we can take for granted, as JPMorgan Chase customers discovered recently when the financial giant admitted that hackers had stolen information, including checking and savings account details, from 80 million customers. Even worse, the hack went on for two months before the company noticed anything was amiss. That’s not very comforting.

There’s no way you can prevent a data breach from occurring at a company that has your business. You can, however, make sure your accounts are secure from other forms of attack.

Here are my Top 5 methods to maintain safe and secure online accounts.

1. Lock down your password

Maintaining good password security is one of the easiest ways to protect your accounts.

A strong password — eight or more characters with upper-case characters, lower-case characters, numbers and symbols in a random order — is very hard for hackers to break. Click here to learn how to create a password like this that’s still easy to remember.

Of course, you need to create a unique password for every account. That way, if hackers get one of your passwords in a data breach, they can’t immediately get into your other accounts.

While you’re making your passwords strong, don’t forget to beef up your security questions, too. A strong password is worthless if a hacker can answer your security question after a quick trip to Facebook.

2. Secure your connection

When logging into a sensitive account, the best place to do it is at home. I’m assuming here that you’ve followed my other security tips about securing your network and making sure your computer doesn’t have a data-stealing virus.

Of course, in an emergency, you might need to connect to a sensitive account when you’re on the go. For banking, it’s best to use your bank’s app and a cellular connection.

If you have to use Wi-Fi, add extra security with a Virtual Private Network. This creates a secure, encrypted link with a third-party server, and you access your sites through that link. It’s an extra level of protection that hackers shouldn’t be able to crack. On a laptop, CyberGhost is a good option. On a tablet or smartphone, check out Hotspot Shield VPN or avast! SecureLine VPN.

Know that VPNs slow down your Internet speed. Turn them off for streaming videos and general browsing.

3. Set up account alerts

Many banks will automatically send you text alerts when purchases or withdrawals on your card exceed an amount that you specify. Click here to learn more about setting up text alerts. Check your credit cards and other accounts for similar options.

Many online accounts also offer something called two-step verification, or two-factor authentication. This is great. In order to log in from an unfamiliar device or location, you need a password and a code from a separate email account or smartphone text.

Click here for instructions on setting up two-step verification for Microsoft, Facebook, Google and other online accounts. It takes just a few minutes and can save you a bunch of time and hassles.

While we’re on the subject of two-factor authentication, some banks now feature an embedded chip that generates a new pass code for every use. Ask your financial institution if it offers cards with Chip Authentication Program (CAP) or Dynamic Passcode Authentication (DPA) technology. They don’t advertise this. You have to know to ask.

4. Avoid phishing scams

Even if hackers don’t get your credit card information or account number, they usually get the next best thing: Your name and email address.

That’s exactly what they need to launch a phishing attack. A popular type of phishing attack is a fake email claiming to be from a real company that asks you to click on a link or download an attachment.

Thanks to data breaches, hackers know exactly what companies you use. You might get an email claiming to be from JPMorgan Chase telling you that your account has a problem and you need to click a link or download a file for more details. Click here to learn the warning signs of a phishing email so you aren’t fooled.

Of course, the link will take you to a malicious site disguised as a Chase page, or the email attachment will contain a data-stealing virus. Either way, hackers can get your username and password, or other sensitive information.

Remember, no legitimate company will ask you to click a link or download an email attachment to update your account details.

5. Be vigilant

The best way to make sure your online banking account, or any other account, stays safe is to pay attention. Catching small problems early can prevent hackers from making bigger ones later. Here’s why:

In the cybercriminal world there’s a term, “fullz.” A fullz is all the information a thief needs to assume the identity of someone else and apply for credit under their name.

When hackers get your fullz, they often group it with fullz from other people and sell the whole package online. Click here to learn more about fullz and how they’re bought and sold.

After buying a fullz, a criminal will test the waters. He’ll place a few small-scale purchases using your account details. If you don’t take any action, he’ll continue making small purchases until he’s earned the amount he paid for your “fullz,” and then some.

Finally, the criminal will max out your card or drain your account without a second thought. How do you stop this? Watch your accounts. If you notice a strange transaction, call your bank or credit card company immediately. Better to err on the side of caution.

Copyright 2014, WestStar Multimedia Entertainment. All rights reserved.

On the Kim Komando Show, the nation’s largest weekend radio talk show, Kim takes calls and dispenses advice on today’s digital lifestyle, from smartphones and tablets to online privacy and data hacks. For her daily tips, free newsletters and more, visit her website at Komando.com. Kim also posts breaking tech news 24/7 at News.Komando.com

http://www.foxnews.com/tech/2014/11/01/5-steps-to-keep-your-accounts-safe-from-hackers-and-scammers/

Microsoft Patch Tuesday tackles three critical vulnerabilities, including ‘Sandworm’ | PCWorld

After a relatively quiet few months, Microsoft Patch Tuesday is back in full force, covering three zero-day vulnerabilities that administrators should attend to as quickly as possible.

Microsoft issued eight security bulletins Tuesday, covering a total of 24 vulnerabilities found in Windows, Internet Explorer, Office and the .Net framework. Three of the bulletins are marked as critical, which means administrators should test and apply these patches immediately. A single bulletin can cover multiple vulnerabilities within one technology.

Three of these vulnerabilities are already being exploited by malicious attackers, hence they are being called zero-day vulnerabilities. This is the first time in recent history—and perhaps ever—that Microsoft has fixed three zero-day vulnerabilities in a single round of patches, which Microsoft typically issues on the second Tuesday of each month.

“Sandworm” is the most notorious of the three and is a vulnerability in Microsoft Windows that has already been used in attacks on NATO and a number of European government agencies, telecommunication firms and energy companies, according to cyberthreat intelligence firm iSight. Microsoft Bulletin MS14-060 fixes this bug.

“This is an urgent one to fix,” said Wolfgang Kandek, chief technology officer for IT security firm Qualys.

Microsoft marked MS14-060 as important rather than critical because for the attack to work, it would require a user to click on a file. Qualys ranks this vulnerability as more severe in that it is pretty easy to trick a single person into clicking on a file, such as a PowerPoint presentation, which would be all that would be required for an attacker to gain access to an internal network with a well-crafted script, Kandek said.

Sandworm is a good reminder for administrators to make sure that they set the user permissions correctly on desktop and laptop computers, meaning not to give an end user full administrative privileges on the machine, Kandek said.

Internet Explorer gets patched, too

The second zero-day flaw addresses a problem in Internet Explorer and the fix is found in MS14-056. This vulnerability “could allow an attacker to break out of the sandboxing capabilities in Internet Explorer,” said Amol Sarwate, director of vulnerability research at Qualys.

The third zero-day, addressed in MS14-058, also comes from a flaw within Windows, namely from the way the operating system kernel drivers handle TrueType fonts. An attacker could embed some malicious code within a TrueType font. When a user visits a site with these ill fonts, Windows will download the font package and automatically execute the code buried within.

Beyond Microsoft’s patches, administrators will also have a busy week with patches from Adobe and Oracle, Kandek said.

On Tuesday, Adobe released a set of patches for its Flash multimedia player. Oracle is also releasing a wide range of patches for its enterprise software. In particular, administrators should take a look at the Java patches, Kandek advised.

via Microsoft Patch Tuesday tackles three critical vulnerabilities, including ‘Sandworm’ | PCWorld.

Dialog boxes may be killing Internet Explorer

Internet Explorer running slow? Dialog boxes could be at fault

Internet Explorer running slow? Dialog boxes could be at fault | PCWorld

 

If you’ve noticed Internet Explorer running slowly lately—or just halting altogether—here’s one possible cause: dialog boxes.

On Friday, the same day that Microsoft recommended users download the latest updates for Windows 7 and 8, Microsoft issued a hotfix for Internet Explorer. According to asupport article issued Friday, “web applications that implement consecutive modal dialog boxes may cause Internet Explorer to become slow and unresponsive over time.”

Microsoft issued the hotfix for Internet Explorer versions 7 through 11—basically every major version.

For more information about how Dialog boxes may be killing Internet Explorer, follow the source link below to check out the PC World article to find out how to fix the problem.

via Internet Explorer running slow? Dialog boxes could be at fault | PCWorld.

XP Support is Dead So Now What?

Windows XP Support is Dead So Now What?

Now what should I do?
What happens if I don’t upgrade?
Is there a way around being forced to upgrade?

xp-bug-162019

All good questions. Here’s the deal and what it means to you.

Microsoft has dropped support for XP. This means a a lot of things, but few things in particular stand out:

1) No new updates. No security fixes. No service packs. Basically you are on your own against every new threat. I have seen a couple registry hacks which supposedly can restore your Updates, but since none of them are being tested actively on Windows XP before release, you can be sure that your “unsupported system” will eventually…or sooner…fail to work properly. Updates are a good thing.
2) No new versions of Internet Explorer. You are stuck on IE 8 until the end of time. IE 8 doesn’t support many newer web protocols already, and the list of sites that don’t work with IE 8 will only keep growing. You may or may not be able to get around this by using Chrome or Firefox, but there still many websites which only support IE, many of which are already requiring IE 9 and above.
3) Software incompatibilities with 3rd party vendors will grow. Already many new titles are Windows 7/8 only, and upgrades to existing non-Microsoft programs will quickly stop supporting WIndows XP if they haven’t already. Newer versions of Microsoft Office already support only Windows 7 and up. That means you’ll be forced to upgrade eventually anyway so that you can use the latest versions of your favorite software.  And by eventually, I mean probably soon.

There are a whole lot of other things I’m sure I haven’t mentioned, but the bottom line is that if you don’t upgrade, your security will be reduced and your risk increased.  Certainly everyone’s situation will vary, and the degree of risk can be reduced with some simple (or not so simple) changes, but any way you slice it, Microsoft is saying, “Upgrade, or we can’t be responsible for what happens”.  Sounds just a bit too much like paying protection to the Mob to stay in business.

But even though Microsoft has mandated that you MUST upgrade (and NOW), there may be reasons you aren’t quite ready to replace EVERY Windows XP system in your office TODAY. You may be locked into using an older software title which won’t run on newer Windows versions. Or perhaps budget constraints are preventing you from upgrading all your systems immediately. Or…here’s a novel thought…your computers may be working just fine for what you need them to do, and you don’t see why you need to waste money on new PCs right now.

I think there’s a good reason to feel that way. Nobody likes being strong-armed into purchase decisions, and it’s easy to look at the negative side of the new  “offer-you-can’t-refuse” style of marketing Microsoft is taking here. But there is another side of this story…Windows XP is about 15 years old, and the harsh truth is that upgrading will improve compatibility and performance, in addition to the improved security. While there are numerous ways to work around the security issues created by the lack of ongoing updates, you will be far better off for the upgrade in the long run because of performance enhancements and improved compatibility.

Windows_Logo_Glass_3D_Icon_by_audio90

So, our bottom line recommendation is:

Upgrade to Windows 7 as soon as you can. Hardware improvements and 64 Bit computing mean huge performance boosts and best compatibility with the latest software titles. We feel that 64 BIT computing is a must for performance, as 32 BIT systems are limited to 4 GB of RAM.

Move your office as quickly as possible to a 100% Windows 7/8 environment. We are still recommending Windows 7 64 Bit for most business situations, rather than Windows 8, due to software compatibility concerns, Windows 8 also represents a large learning curve due to significant operating system changes between Windows 7 and 8.  We recommend Microsoft Windows 7 64 Bit Professional with Service Pack 1.

Phase in your upgrades as quickly as you can. On systems which are stuck on XP, lock down IE 8 and force users to use Chrome or Firefox. That single step will reduce your security threat immensely. Also, if you must run XP for some reason, consider running in a virtualized environment if possible. XP running on a HyperV server can be much easier to secure. It also facilitates shared access which can be helpful for infrequently used legacy applications which must be maintained.

Staying on XP for a little while may make sense, but don’t expect to run those old systems forever without putting your data, network,  and possibly your entire company at risk. Running on an unsupported OS means trouble, and the longer you hold out, the more the risk increases. It doesn’t have to be today, but don’t wait until you have problems…they may be much bigger than you expect.

xp-images

Add Disk Space – Drop in a new drive

Add Disk Space – Drop in a new drive – Tips and Tricks

Your C:\ drive is at 93% capacity. Your two year old PC is crawling, growing slower each day with each new silly-kitty-cat-meme or stupid-human-reality viral video is added to the cache.  It seems to almost groan under the load, fans whirring, hard drive grinding, trying to shuffle files around to make enough space for Windows to run.

Click. Wait….for…it..still waiting… waiting. You start to wonder, is it time for a new PC already? Or maybe all you need is a new hard drive to add some space?  But that would mean…going inside your PC. *cue scary music*

Opening your computer can seem like a daunting thing. All those wires and fans and blinking lights…you’re bound to screw SOMETHING up if you start poking around in there, right?

Well, rip back the veil and take a peek…these days it’s not really all that hard and there’s not too much to be afraid of. You can add a TB or two and then clear out your C:\ drive. An overnight deep defrag after the whole schabang will make a big difference too, especially if you move a bunch of data from the system drive.

One last point: When choosing a drive, don’t skimp. If you think you’ll never need more than 1 TB, get a 1.5 TB (or bigger) drive. Data grows exponentially. Last but not least, choose a  high performance SATA 6.0 Gb/s drive that is 7200 RPM and has a 32 MB (64MB even better) cache or larger. These days, the hard drive is the slowest component in a PC, and optimizing your hard disk can make a big difference in your user experience…especially as time goes on and your disk fills up!

▶ How to install a new hard drive in your desktop PC.

The Above ‘How To’ Article Courtesy of
Marco Chiappetta
 at PC World
@MarcoChiappetta

 

9 tips for smarter passwords – azcentral.com

9 tips for smarter passwords – azcentral.com

http://www.azcentral.com/story/money/business/2014/08/06/9-tips-for-smarter-passwords/13688891/

You’ve heard them. You know you already know them.

But do you follow them?

 

The Ultimate Guide to Tech Support for Small Business – Small Business Computing

The Ultimate Guide to Tech Support for Small Business – Small Business Computing

http://www.smallbusinesscomputing.com/buyersguide/the-ultimate-guide-to-tech-support-for-small-business.html

Should you outsource? Chances are that unless your company is larger than 25-30 employees, you should consider outsourcing rather than hiring a full-time IT staff.

Older posts

© 2017 Proactive Computing

Theme by Anders NorenUp ↑

%d bloggers like this: