IT News, Solutions and Support

Proactive Computing | Optimizing IT for usability, performance and reliability since 1997

Category: Data Protection

Microsoft releases 14 patches for Windows

bug-162019

Microsoft released patches for 14 vulnerabilities in its Windows operating system, Office and Internet Explorer software on Tuesday, including four it deemed critical, it’s highest severity rating.

All four of the critical bugs could allow attackers to remotely execute programs on a targeted system, something that in the past has allowed hackers to steal personal information such as passwords or take over machines for the purpose of sending spam.

The patches were released as part of the company’s monthly “patch Tuesdaysecurity update for its major software products. The company had originally planned to deliver 16 updates Tuesday, but two are marked as yet to appear. They include one that was expected to carry a critical rating.

At 14, the number of patches is a monthly record for 2013 and 2014.

They include a problem with Windows Object Linking and Embedding that could allow remote code execution if the user visits a website containing malicious code. If the user is logged in as the administrator, the attacker could gain the ability to install programs and change and delete data. A related patch for Internet Explorer fixes the vulnerability with malicious websites and 16 other problems with the software, said Microsoft.

A security update for the Microsoft Secure Channel software in Windows fixes a problem that leaves Windows Server vulnerable to attack from specially crafted packets. The fourth critical patch fixes a hole in Windows that allows attackers to invoke Microsoft XML Core Services from a malicious website and then remotely execute code on a target system.

A further seven patches are marked as important—the second highest rank.

One vulnerability in Microsoft Office allows for remote execution of code, four additional problems allow attackers to assign themselves higher privileges and two allow bypass of certain security features in Windows.

via Microsoft releases 14 patches for Windows security problems | PCWorld.

Article: 5 steps to keep your accounts safe from hackers and scammers

Throughout the flood of hacks and data breaches at retailers, restaurants, health care providers and online companies this year — Home Depot, Target, Subway, Adobe and eBay were just a handful — the one safe haven was the banks. Unlike other companies, banks had a long history of keeping bad guys away from our money and personal data.

Unfortunately, that’s no longer something we can take for granted, as JPMorgan Chase customers discovered recently when the financial giant admitted that hackers had stolen information, including checking and savings account details, from 80 million customers. Even worse, the hack went on for two months before the company noticed anything was amiss. That’s not very comforting.

There’s no way you can prevent a data breach from occurring at a company that has your business. You can, however, make sure your accounts are secure from other forms of attack.

Here are my Top 5 methods to maintain safe and secure online accounts.

1. Lock down your password

Maintaining good password security is one of the easiest ways to protect your accounts.

A strong password — eight or more characters with upper-case characters, lower-case characters, numbers and symbols in a random order — is very hard for hackers to break. Click here to learn how to create a password like this that’s still easy to remember.

Of course, you need to create a unique password for every account. That way, if hackers get one of your passwords in a data breach, they can’t immediately get into your other accounts.

While you’re making your passwords strong, don’t forget to beef up your security questions, too. A strong password is worthless if a hacker can answer your security question after a quick trip to Facebook.

2. Secure your connection

When logging into a sensitive account, the best place to do it is at home. I’m assuming here that you’ve followed my other security tips about securing your network and making sure your computer doesn’t have a data-stealing virus.

Of course, in an emergency, you might need to connect to a sensitive account when you’re on the go. For banking, it’s best to use your bank’s app and a cellular connection.

If you have to use Wi-Fi, add extra security with a Virtual Private Network. This creates a secure, encrypted link with a third-party server, and you access your sites through that link. It’s an extra level of protection that hackers shouldn’t be able to crack. On a laptop, CyberGhost is a good option. On a tablet or smartphone, check out Hotspot Shield VPN or avast! SecureLine VPN.

Know that VPNs slow down your Internet speed. Turn them off for streaming videos and general browsing.

3. Set up account alerts

Many banks will automatically send you text alerts when purchases or withdrawals on your card exceed an amount that you specify. Click here to learn more about setting up text alerts. Check your credit cards and other accounts for similar options.

Many online accounts also offer something called two-step verification, or two-factor authentication. This is great. In order to log in from an unfamiliar device or location, you need a password and a code from a separate email account or smartphone text.

Click here for instructions on setting up two-step verification for Microsoft, Facebook, Google and other online accounts. It takes just a few minutes and can save you a bunch of time and hassles.

While we’re on the subject of two-factor authentication, some banks now feature an embedded chip that generates a new pass code for every use. Ask your financial institution if it offers cards with Chip Authentication Program (CAP) or Dynamic Passcode Authentication (DPA) technology. They don’t advertise this. You have to know to ask.

4. Avoid phishing scams

Even if hackers don’t get your credit card information or account number, they usually get the next best thing: Your name and email address.

That’s exactly what they need to launch a phishing attack. A popular type of phishing attack is a fake email claiming to be from a real company that asks you to click on a link or download an attachment.

Thanks to data breaches, hackers know exactly what companies you use. You might get an email claiming to be from JPMorgan Chase telling you that your account has a problem and you need to click a link or download a file for more details. Click here to learn the warning signs of a phishing email so you aren’t fooled.

Of course, the link will take you to a malicious site disguised as a Chase page, or the email attachment will contain a data-stealing virus. Either way, hackers can get your username and password, or other sensitive information.

Remember, no legitimate company will ask you to click a link or download an email attachment to update your account details.

5. Be vigilant

The best way to make sure your online banking account, or any other account, stays safe is to pay attention. Catching small problems early can prevent hackers from making bigger ones later. Here’s why:

In the cybercriminal world there’s a term, “fullz.” A fullz is all the information a thief needs to assume the identity of someone else and apply for credit under their name.

When hackers get your fullz, they often group it with fullz from other people and sell the whole package online. Click here to learn more about fullz and how they’re bought and sold.

After buying a fullz, a criminal will test the waters. He’ll place a few small-scale purchases using your account details. If you don’t take any action, he’ll continue making small purchases until he’s earned the amount he paid for your “fullz,” and then some.

Finally, the criminal will max out your card or drain your account without a second thought. How do you stop this? Watch your accounts. If you notice a strange transaction, call your bank or credit card company immediately. Better to err on the side of caution.

Copyright 2014, WestStar Multimedia Entertainment. All rights reserved.

On the Kim Komando Show, the nation’s largest weekend radio talk show, Kim takes calls and dispenses advice on today’s digital lifestyle, from smartphones and tablets to online privacy and data hacks. For her daily tips, free newsletters and more, visit her website at Komando.com. Kim also posts breaking tech news 24/7 at News.Komando.com

http://www.foxnews.com/tech/2014/11/01/5-steps-to-keep-your-accounts-safe-from-hackers-and-scammers/

Is it time to upgrade?

rp_windows_81_update1_power_button-100228393-large.png

Is it time to upgrade? This is probably the most frequent question I get from my clients. And for good reason. It’s not always easy to tell if upgrading makes sense. Not even for IT Pros.

The reason is simple: It’s complicated. There are a lot of factors which have to be considered when deciding to upgrade, and there are many questions you should ask yourself when planning for your future IT needs.

The first thing to consider when evaluating an upgrade is Cost. But even cost is more complex than you might think.

How much does it cost now? What is the cost of support/maintenance over the life of the product? How long should I expect it to last?
What about the costs of lost productivity if I DON’T upgrade?

What about less tangible costs related issues:

  • incompatibility between versions
  • poor performance of older versions
  • security issues due to reduced/absent vendor support
  • increased support/maintenance costs – older stuff takes more time to keep running

Besides costs, there are also risks. The risk of failure increases with the age of any product. Older stuff breaks. Bottom line.

Besides risk of failure, there are also security risks, especially when we’re talking about software. Older software & hardware drivers are updated less frequently than current versions. Really old software that is out of support may not be updated at all, which can be a problem due to both security and reliability concerns. Some older software may not work properly on newer operating systems, and can pose a risk of data loss due to crashes. Suffice to say you are taking a big risk by using unsupported products on your network. Bottom Line: If you can afford not to, don’t.

Sometimes the question of upgrading is simpler because you might HAVE to upgrade. Forced upgrades are commonplace, and although you may not actually be “Forced”, once you’ve built your company procedures around a piece of technology, you cant always just switch and stop using it.

After technology has been deployed across your business, change can become expensive. Vendors know this, and they’ve learned that most companies will choose to upgrade rather than change software that everyone in the company uses. But even though the costs to deploy a new solution and provide training are more expensive than the upgrade, if your business depends on numerous programs, the cost of upgrades can quickly become a multi-headed monster…one that feeds itself.

The typical scenario goes something like this:

You have to upgrade to the current version of Quickbooks because their payroll feature is no longer supported on the older versions. The new version of Quickbooks won’t run on Windows XP, so now you have to upgrade all of your Quickbooks workstations to Windows 7. Your time keeping program won’t run on Windows 7, so you now have to upgrade that program too, but of course the new version won’t run on Windows XP, so you the rest of the PCs on your network now need to be updated to Windows 7.

Next, you find out that your older version of Office 2003 is crashing due to incompatibilities with some of the newer software as well, so now you also need to update to Office 2013. File format changes between Office versions mean the Office 2013 upgrade needs to be deployed companywide to keep everyone on the same version.

images

So you bite the bullet and start upgrading to Windows 7 and Office 2013, in addition to Quickbooks. You buy some new PCs, and upgrade some others hoping to get a few more years out of them. Several $1000s into the upgrade process, someone points out that the older workstations, to which you already upgraded with more RAM and larger drives to allow the OS upgrade, are now being brought to their knees by the resource hungry newer versions of software.

Oh yeah, and two of your printers (you know, the ones you’ve had for years, that print perfectly and that you have 2+ year’s worth of toner for) are no longer supported under Windows 7.

So before you know it you’ve replaced all of the PCs on your network, upgraded all of the major software packages, and replaced a couple of printers that didn’t need replacing. Worse yet, you’ve also just set yourself up to repeat the process about 5-7 years from now.

By the time all is said and done, the whole Upgrade question can get pretty confusing. Figuring out what to upgrade can be a daunting task, and without proper planning the expense and risks only increase.

rp_help_350.jpg

So what do you do? Here are some guidelines.

  • Keep all software up to date with regular security patches and updates.
    • Most major vendors offer frequent software and firmware updates.
    • Out of date software escalates risks.
    • Windows Updates and Service packs ensure security and productivity
    • Productivity apps that are used frequently business-wide, represent the greatest risk of failure or security breach, and must be kept current .
  • When version upgrades are required, plan to upgrade ALL PCs at once
    • When all systems are on the same versions, ensured compatibility means better productivity
    • Support costs are reduced when software platforms are uniform across your business
  • Don’t run unsupported software.
    • If the vendor is no longer updating the older version, upgrade to the new version.
    • If the vendor is no longer offering upgrades, consider an alternative product/vendor.
  • Avoid upgrading Operating systems by instead replacing PCs.
    • OS Upgrades are costly.
      • Purchase price of software license
      • Cost of support to backup system, install upgrade and resolve issues
      • Cost of hardware upgrades to meet OS requirements and ensure performance
        • RAM/Hard drive Upgrades
        • Peripheral upgrades
      • Reduced productivity: diminished performance resultant to pairing last generation hardware with upgraded OS
    • Unless you have 25+ PCs, purchasing PCs with OS license is cost effective comparable to Enterprise Licensing
      • Preinstalled OS saves setup time
      • OEM licenses are much cheaper than a retail license for Windows
  • PLAN. PLAN. PLAN.
    • Budgets are your friends.
      • When purchasing a new PC, consider the anticipated useful life
      • Develop a schedule to replace ALL PCs regularly that meets your budget
    • Choose wisely.
      • Choose Vendors for Warranty and Support as well as features and price
      • Avoid Custom software and hardware solutions if possible
        • Custom software can be a nightmare to maintain, and vendor support may vary.
        • Custom vendor support contracts can be expensive, and the hardware/software may become unusable without support. Third party support may be difficult/impossible to find.
        • What happens if your developer/system builder goes out of business?
    • Develop a long term plan for the ongoing replacement of all IT equipment
      • Waiting until everything is really old can be a disaster.
      • Generally, a 4-7 year rotation schedule is appropriate for most IT equipment
      • Version consistency for Operating Systems /Software = reduced support costs and increased productivity

So what now?

As you may have heard, support for Windows XP officially ended earlier this year. So, should you update those Windows XP computers now? Or replace them?

Well, I know your old Windows XP pcs have already been replaced/upgraded, right? I’m sure you are NOT wondering how big a risk it might be to put off the upgrade awhile. I mean, if Microsoft says you need to buy 20 new PCs this year, you’re just gonna do it, right? You don’t want to piss of the MotherShip in Redmond now, do you?

Well, let’s say you DON’T have an unlimited IT budget…You probably have some tough choices to make.

          

To help put the question in perspective, ask yourself these questions if you are debating about the XP upgrade:

  • Do you run any HIPPA compliant software or keep sensitive data on your networks? – YES, UPGRADE
  • Do you process credit cards, work with financial data, or pay bills online? – YES, UPGRADE
  • Do you make purchases or use Internet Banking? – YES, UPGRADE
  • Is Internet Explorer 9 or greater required for any websites you use frequently? – YES, UPGRADE
  • Is your system slow and it seems like you are always waiting for it to catch up? – YES, UPGRADE
  • Do you use Internet Explorer to surf the Internet? – Switch to Chrome or Firefox or UPGRADE
  • Is any of your CURRENT software UNSUPPORTED on Windows 7? – YES, EVALUATE. Additional software upgrades may be required.
  • Are all of your printers and peripherals compatible with the new software? – YES, UPGRADE; NO, Evaluate extra costs.
  • Will the upgrade cause any other problems? -YES, Evaluate. Obviously, every situation is different.

Still don’t know what to do? Let us evaluate your situation and help you figure it out.  That’s what we do best.

Proactive Computing – Intelligent IT Solutions and Support.

What to Do If You’ve Been Hacked|Re/code

What to Do If You’ve Been Hacked (and How to Prevent It) | Re/code.

 by Bonnie Cha  re/code

The recent celebrity hacking incident and Home Depot data breach may have you worried about your online security, and rightly so. As we bring more aspects of our lives online – social, shopping, banking, storage — the risks of cyber crime increase. But there are ways you can better protect yourself.

In this guide, I’ll outline some steps you can take to safeguard your various Web accounts and devices. The recommendations come from several Internet security experts I spoke with, including Laura Iwan, senior vice president of programs at the Center for Internet Security, Sean Sullivan, security advisor at F-Secure (an anti-virus and online security solution provider), and Timo Hiroven, senior researcher at F-Secure. There are also tips on how to detect if you’ve been hacked and what to do about it.

De-fense! De-fense!

There are numerous precautions that you can take in order to protect yourself from hackers. One of the easiest and most simple ways is to create strong, unique passwords for every one of your accounts. Yet, most people don’t.

While it’s tempting to use something like your child’s name and birthday because it’s easier to remember, creating a password with a random mix of upper- and lower-case letters, numbers and characters will be harder to crack.

password_reminder

There are password apps like LastPass and 1Password that can help you with this by generating strong passcodes for each of your accounts. Plus, they’ll keep track of them all. When choosing such a program, Iwan recommends that you look for one that uses an industry-accepted standard for encryption like AES (Advanced Encryption Standard), and one that stores your passwords locally on your computer, rather than in the cloud.

Another safety measure you should take is to enable two-factor authentication when available. Two-factor authentication requires a user to provide an extra form of identification beyond just your login ID and password. This may be a special PIN code that’s sent to your phone, a physical token like a key fob or your fingerprint.

Two-factor authentication isn’t impervious to attacks, but it does add an extra layer of protection. Many popular Web services, including GmailMicrosoftAppleTwitter,Facebook, and Dropbox offer two-factor authentication, so take the extra few minutes to turn it on.

Next, be suspicious of emails asking for personal information. A lot of hackers use a method called phishing that aims to gather sensitive data from you by sending an email that looks like its from a legitimate entity like your bank or credit card company. Some signs of a scam might be requests for immediate action, spelling and grammar mistakes, and suspicious links. Do not respond to these. Instead, call up the institution that supposedly sent the email and confirm if it’s legit or alert them to the issue.

Also, it should go without saying but in general, don’t click on suspicious links or browse unsafe website. Only install applications that come from trusted, well-known sources. And be sure that the operating system and apps on your computers and mobile devices are updated with the latest versions and patches.

Here are some more specific tips for different Internet activities:

Email and social accounts
• Think twice about what you post to your social networks, and monitor what others are posting about you. There’s a chance that hackers might use your social profile pages to gather personal information about you and try to guess your password or answers to your secret question.
• Related to that, check your account’s privacy settings to make sure you’re only sharing information with your friends and not the public.
• Sullivan also recommends creating separate email addresses for your personal communication and everything else. For example, you might use a throwaway email address for news websites that you make you register with a user name and password, or retailers who want to send you coupons.

Cloud accounts
• If you back up your files to the cloud, remember that even though you delete them on your computer or mobile device, they’re still stored in your cloud account. To completely delete the file, you’ll also need to remove it from your backup cloud account.

Online transactions
• Don’t use public computers or public Wi-Fi networks to make any transactions. The machines might contain malicious software that can collect your credit card information, and criminals could also be monitoring public Wi-Fi networks for similar information.

Web browsing
• Don’t respond to pop-up windows.
• Secure your home Wi-Fi network using WPA-2 with AES encryption settings. There’s a good tutorial on how to do that here.
• Set your Web browser to auto-update to ensure that you’re running the most current version.

Know the signs

How do you if you’ve been hacked? There may be some obvious signs. For example, you may start getting emails from your friends saying they received a strange message from your email account. Or your bank or credit card company might call you about some suspicious activity on your account. If you installed a mobile app with malware on your smartphone, you might find some unauthorized charges on your phone bill.

Hacked Screen

There are other, more subtle indicators. You may find new toolbars installed on your Web browser, or new software on your computer. Your computer may also start behaving strangely or slow to a crawl.

These are all signs that you might have been hacked.

I’ve been hacked. Now what?

If you have been hacked, the first thing you should do is reset your passwords. Iwan recommends starting with your email account, followed by your financial and other critical accounts. This is because password resets for all your other accounts are typically sent to your email.

If you’re locked out of your account or blocked from accessing it, many Web services have steps in place so you can get back in. For example, Facebook has a system where you can use a trusted source like a friend to take back your account. Search each service’s help section for specific instructions.

Speaking of friends, you should let your contacts know that you’ve been hacked, and report the issue to the site. Also, run a scan of your computer or mobile device using a trusted and up-to-date anti-virus program.

In the case of identity theft, order a copy of your credit reports and file an initial fraud alert with the three major credit bureaus: Equifax, Experian and TransUnion. Contact your local police and report the identity theft, and request new cards from your bank and credit card companies. You also continue to monitor your monthly statements for any more unusual activity.

Unfortunately, there’s no way to completely eliminate the risk of hack attacks and other cyber crimes. But by taking some safeguards and arming yourself with the knowledge of what actions to take in the event of an attack, you can help better protect yourself and minimize damage.

5 Million Gmail Passwords Leaked, Check Yours Now

5 Million Gmail Passwords Leaked, Check Yours Now.

5 Million Gmail Passwords Leaked, Check Yours Now

According to the Daily Dot, nearly 5 million usernames and passwords to Gmail accounts have been leaked on a Russian Bitcoin forum. Here’s what you should know.

The list has since been taken down, and there’s no evidence that Gmail itself was hacked—just that these passwords have been leaked. Most sources are saying that lots of the information is quite old, so chances are they were leaked long ago—though others are claiming 60% of the passwords are still valid (not to mention really, really horrible).

5 Million Gmail Passwords Leaked, Check Yours Now

To check if your password was one of the leaked, plug your Gmail address into this tool (which also checks against recent Yandex and Mail.ru leaks). If you’re paranoid, you may also want to change your password at this time. As always, make sure you use a strong password and enable two-factor authentication on  your account. Hit the link to read more.

Update: Looks like the IsLeaked tool is having some trouble due to unusually high traffic—if you get an error message, try reloading the page or checking back later.

5 Million Gmail Passwords Leaked to Russian Bitcoin Forum | The Daily Dot

Why Breach Detection Is Your New Must-Have, Cyber Security Tool | TechCrunch

Why Breach Detection Is Your New Must-Have, Cyber Security Tool | TechCrunch.

Cyber attacks are all over the news, and it seems like no one is immune — Home Depot, Target, Adobe and eBay included. So why are CIOs still fighting cyber criminals with one hand tied behind their backs?

Shockingly, most companies are still relying on outdated, only partially effective methods to protect their sensitive data, mainly with technology that focuses on preventing incoming attacks. But actually stopping bad guys from slipping inside enterprise networks and getting their hands on sensitive data is nearly impossible these days. In fact, among organizations with over 5,000 computers, over 90 percent have an active breach of some sort at any given time. What’s worse, those organizations may not even know about it…

…The most concerning part of all this is that very few organizations are now using new breach-detection technologies and can actually discover these ongoing breaches themselves, meaning attacks are even more destructive for their victims. Despite numerous alerts, Target, for example, didn’t detect the recent breach that led to 40 million stolen credit card numbers….Read More

 

 

1000 businesses hit with Target cyberattack

Over 1,000 US businesses hit with the same cyberattack as Target

With cyber attacks happening almost daily these days, when was the last time you changed your password?

So far, only seven of the more than 1000 companies have come forward and acknowledged they were hacked, according to the Secret Service, supposing they are still unaware that they were attacked. So how safe is your data online?

Target’s massive data breach grabbed headlines right in the middle of holiday shopping that year, and the fallout continues. According to a Department of Homeland Security advisory this afternoon, the attacks that hit the red-hued retailer, along with Supervalu and UPS, are much more widespread than first reported. The so-called “Backoff” malware in various versions has actually hit more than 1,000 businesses in the States, allowing hackers to snag info from millions of credit card payments. Remote network access for contractors provides the avenue for entry, and the announcement suggests that companies have vendors take a close look at their systems for possible criminal activity. It’s also calling for businesses to put cash registers on a separate network and employ two-factor authentication to help combat would-be intruders.

[Photo credit: Joe Raedle/Getty Images]

via Over 1,000 US businesses hit with the same cyberattack as Target.

1000 businesses hit with Target cyberattack

Related: Most U.S. Businesses Don’t Know They Were Caught Up In Massive Cyberattack

Killing the Password

Passwords suck. Plain and simple. They inconvenience the user, and are far too easy to crack…or guess…or fall victim to internet trickery that gets you to give them away. A better solution is overdue. Killing the password is “Challenge Accepted” for DARPA

Anyway, check out the article and start thinking of a day when we are free of password hell. It may not be tomorrow, but it is coming.

Seven ways DARPA is trying to kill the password | PCWorld.

 

Three Chrome extensions that make encryption easier | PC World

Three Chrome extensions that make encryption easier-via PCWorld

Encryption is a great way to keep your data private and thanks to these tools for Chrome and other platforms, it’s getting a lot easier to use. All the tools mentioned are Chrome extensions and apps, but are also available for other platforms and browsers

Tips: Archive items manually – Outlook

Archiving email from your Primary Inbox or Exchange mailbox in Outlook can make a huge difference in performance and stability. But remember that once you move your messages into an Archive, you need to be sure you BACKUP those archive files…once the message leaves the Inbox, that YourArchive.pst file is the ONLY PLACE that message exists.

You won’t have access to those messages in your Outlook Inbox, web mail, or any connected mobile device, so be sure to use the date range feature to optimize the process for your own needs.

This article describes performing the archive process manually, but you can also configure the Auto-Archive feature to make it a no-brainer!

Archive items manually – Outlook.

Archive items manually - Outlook