IT News, Solutions and Support

Proactive Computing | Optimizing IT for usability, performance and reliability since 1997

Category: Internet (page 1 of 3)

Windows 10 launches this summer in 190 countries

Microsoft’s leaner, meaner, latest iteration of Windows is coming in just a few months. Launching in 170 countries in 111 languages. Don’t forget: Windows 10 is a free upgrade if you’re already using Windows 7 or 8. Hiding in its imposing shadow, and launching at the same time, the company will release special free version of its OS for Internet of Things devices, which Microsoft’s Terry Myerson reckons could well find its way into ATMs and ultrasound machines.

via Windows 10 launches this summer in 190 countries.

Email Spoofing: Explained (and How to Protect Yourself)

Jason P. Stadtlander Headshot, Huffington Post

Recently a co-worker asked me “Why do people even bother to spoof my email address?”

First, for those of you joining me that have no idea what the term spoofing means – let us examine that.

Spoofing is defined as:

/spo͞of/
verb
1. imitate (something) while exaggerating its characteristic features for comic effect.
2. hoax or trick (someone).

Origin: late 19th century English comedian Arthur Roberts.

In the context of computers, to spoof one’s email address means that the sender is acting as if the email is coming from someone it is not.

How someone (or something) sends an email made to look like it comes from somewhere or somewhere it does not, is a little more technical to explain. So, if you don’t like tech talk, then skip to the next section “Why is my email address being spoofed?”

How are they spoofing me?

Spoofing email addresses is rather easy. All a person needs to spoof an email address is an SMTP (Simple Mail Transfer Protocol) server (a server that can send email) and the appropriate email software. Most website hosting services will even provide an SMTP server in their hosting package. It is also possible to send email from your own computer if you load an SMTP server on it, however most ISPs will block port 25 (which is required to send out email).

Many of the available free SMTP servers will allow you to show a different “from” address than the actual registered domain that the email is transmitting from. However, to the recipient of said message, they will see that it actually came from the address you specified.

Now, there are special checks in place (and more being put into place) to prevent exactly this problem. One is called SPF or “Sender Policy Framework” which was developed by Meng Weng Wong in 2003. Basically, each time an email is sent, the receiving server compares the IP of the origin with the IP listed in the SPF record with the appropriate domain.

EXAMPLE 1: So, for example, let’s say someone tried to spoof Bill Gates (billgates@microsoft.com):
They would send an email on his behalf > the recipient server would then talk back to microsoft.com and say “Hey, I have an email that is coming from 123.123.123.123 stating that it was sent from billgates@microsoft.com.” > microsoft.com would then tell the recipient server, “No, sorry, it should be coming from 111.111.111.111.” and the message would never get delivered.

Why is my email address being spoofed?

Two basic reasons people (and machines) spoof:

1. Malicious: To cause useless internet traffic – ultimately hoping to bog down servers or bring them to a halt.

2. Because you were unlucky enough to have clicked the wrong thing at the wrong time.

Continue reading Email Spoofing: Explained on Huffington Post The Blog

Email Spoofing: Explained (and How to Protect Yourself) | Jason P. Stadtlander

Microsoft releases 14 patches for Windows

bug-162019

Microsoft released patches for 14 vulnerabilities in its Windows operating system, Office and Internet Explorer software on Tuesday, including four it deemed critical, it’s highest severity rating.

All four of the critical bugs could allow attackers to remotely execute programs on a targeted system, something that in the past has allowed hackers to steal personal information such as passwords or take over machines for the purpose of sending spam.

The patches were released as part of the company’s monthly “patch Tuesdaysecurity update for its major software products. The company had originally planned to deliver 16 updates Tuesday, but two are marked as yet to appear. They include one that was expected to carry a critical rating.

At 14, the number of patches is a monthly record for 2013 and 2014.

They include a problem with Windows Object Linking and Embedding that could allow remote code execution if the user visits a website containing malicious code. If the user is logged in as the administrator, the attacker could gain the ability to install programs and change and delete data. A related patch for Internet Explorer fixes the vulnerability with malicious websites and 16 other problems with the software, said Microsoft.

A security update for the Microsoft Secure Channel software in Windows fixes a problem that leaves Windows Server vulnerable to attack from specially crafted packets. The fourth critical patch fixes a hole in Windows that allows attackers to invoke Microsoft XML Core Services from a malicious website and then remotely execute code on a target system.

A further seven patches are marked as important—the second highest rank.

One vulnerability in Microsoft Office allows for remote execution of code, four additional problems allow attackers to assign themselves higher privileges and two allow bypass of certain security features in Windows.

via Microsoft releases 14 patches for Windows security problems | PCWorld.

Article: 5 steps to keep your accounts safe from hackers and scammers

Throughout the flood of hacks and data breaches at retailers, restaurants, health care providers and online companies this year — Home Depot, Target, Subway, Adobe and eBay were just a handful — the one safe haven was the banks. Unlike other companies, banks had a long history of keeping bad guys away from our money and personal data.

Unfortunately, that’s no longer something we can take for granted, as JPMorgan Chase customers discovered recently when the financial giant admitted that hackers had stolen information, including checking and savings account details, from 80 million customers. Even worse, the hack went on for two months before the company noticed anything was amiss. That’s not very comforting.

There’s no way you can prevent a data breach from occurring at a company that has your business. You can, however, make sure your accounts are secure from other forms of attack.

Here are my Top 5 methods to maintain safe and secure online accounts.

1. Lock down your password

Maintaining good password security is one of the easiest ways to protect your accounts.

A strong password — eight or more characters with upper-case characters, lower-case characters, numbers and symbols in a random order — is very hard for hackers to break. Click here to learn how to create a password like this that’s still easy to remember.

Of course, you need to create a unique password for every account. That way, if hackers get one of your passwords in a data breach, they can’t immediately get into your other accounts.

While you’re making your passwords strong, don’t forget to beef up your security questions, too. A strong password is worthless if a hacker can answer your security question after a quick trip to Facebook.

2. Secure your connection

When logging into a sensitive account, the best place to do it is at home. I’m assuming here that you’ve followed my other security tips about securing your network and making sure your computer doesn’t have a data-stealing virus.

Of course, in an emergency, you might need to connect to a sensitive account when you’re on the go. For banking, it’s best to use your bank’s app and a cellular connection.

If you have to use Wi-Fi, add extra security with a Virtual Private Network. This creates a secure, encrypted link with a third-party server, and you access your sites through that link. It’s an extra level of protection that hackers shouldn’t be able to crack. On a laptop, CyberGhost is a good option. On a tablet or smartphone, check out Hotspot Shield VPN or avast! SecureLine VPN.

Know that VPNs slow down your Internet speed. Turn them off for streaming videos and general browsing.

3. Set up account alerts

Many banks will automatically send you text alerts when purchases or withdrawals on your card exceed an amount that you specify. Click here to learn more about setting up text alerts. Check your credit cards and other accounts for similar options.

Many online accounts also offer something called two-step verification, or two-factor authentication. This is great. In order to log in from an unfamiliar device or location, you need a password and a code from a separate email account or smartphone text.

Click here for instructions on setting up two-step verification for Microsoft, Facebook, Google and other online accounts. It takes just a few minutes and can save you a bunch of time and hassles.

While we’re on the subject of two-factor authentication, some banks now feature an embedded chip that generates a new pass code for every use. Ask your financial institution if it offers cards with Chip Authentication Program (CAP) or Dynamic Passcode Authentication (DPA) technology. They don’t advertise this. You have to know to ask.

4. Avoid phishing scams

Even if hackers don’t get your credit card information or account number, they usually get the next best thing: Your name and email address.

That’s exactly what they need to launch a phishing attack. A popular type of phishing attack is a fake email claiming to be from a real company that asks you to click on a link or download an attachment.

Thanks to data breaches, hackers know exactly what companies you use. You might get an email claiming to be from JPMorgan Chase telling you that your account has a problem and you need to click a link or download a file for more details. Click here to learn the warning signs of a phishing email so you aren’t fooled.

Of course, the link will take you to a malicious site disguised as a Chase page, or the email attachment will contain a data-stealing virus. Either way, hackers can get your username and password, or other sensitive information.

Remember, no legitimate company will ask you to click a link or download an email attachment to update your account details.

5. Be vigilant

The best way to make sure your online banking account, or any other account, stays safe is to pay attention. Catching small problems early can prevent hackers from making bigger ones later. Here’s why:

In the cybercriminal world there’s a term, “fullz.” A fullz is all the information a thief needs to assume the identity of someone else and apply for credit under their name.

When hackers get your fullz, they often group it with fullz from other people and sell the whole package online. Click here to learn more about fullz and how they’re bought and sold.

After buying a fullz, a criminal will test the waters. He’ll place a few small-scale purchases using your account details. If you don’t take any action, he’ll continue making small purchases until he’s earned the amount he paid for your “fullz,” and then some.

Finally, the criminal will max out your card or drain your account without a second thought. How do you stop this? Watch your accounts. If you notice a strange transaction, call your bank or credit card company immediately. Better to err on the side of caution.

Copyright 2014, WestStar Multimedia Entertainment. All rights reserved.

On the Kim Komando Show, the nation’s largest weekend radio talk show, Kim takes calls and dispenses advice on today’s digital lifestyle, from smartphones and tablets to online privacy and data hacks. For her daily tips, free newsletters and more, visit her website at Komando.com. Kim also posts breaking tech news 24/7 at News.Komando.com

http://www.foxnews.com/tech/2014/11/01/5-steps-to-keep-your-accounts-safe-from-hackers-and-scammers/

Microsoft Patch Tuesday tackles three critical vulnerabilities, including ‘Sandworm’ | PCWorld

After a relatively quiet few months, Microsoft Patch Tuesday is back in full force, covering three zero-day vulnerabilities that administrators should attend to as quickly as possible.

Microsoft issued eight security bulletins Tuesday, covering a total of 24 vulnerabilities found in Windows, Internet Explorer, Office and the .Net framework. Three of the bulletins are marked as critical, which means administrators should test and apply these patches immediately. A single bulletin can cover multiple vulnerabilities within one technology.

Three of these vulnerabilities are already being exploited by malicious attackers, hence they are being called zero-day vulnerabilities. This is the first time in recent history—and perhaps ever—that Microsoft has fixed three zero-day vulnerabilities in a single round of patches, which Microsoft typically issues on the second Tuesday of each month.

“Sandworm” is the most notorious of the three and is a vulnerability in Microsoft Windows that has already been used in attacks on NATO and a number of European government agencies, telecommunication firms and energy companies, according to cyberthreat intelligence firm iSight. Microsoft Bulletin MS14-060 fixes this bug.

“This is an urgent one to fix,” said Wolfgang Kandek, chief technology officer for IT security firm Qualys.

Microsoft marked MS14-060 as important rather than critical because for the attack to work, it would require a user to click on a file. Qualys ranks this vulnerability as more severe in that it is pretty easy to trick a single person into clicking on a file, such as a PowerPoint presentation, which would be all that would be required for an attacker to gain access to an internal network with a well-crafted script, Kandek said.

Sandworm is a good reminder for administrators to make sure that they set the user permissions correctly on desktop and laptop computers, meaning not to give an end user full administrative privileges on the machine, Kandek said.

Internet Explorer gets patched, too

The second zero-day flaw addresses a problem in Internet Explorer and the fix is found in MS14-056. This vulnerability “could allow an attacker to break out of the sandboxing capabilities in Internet Explorer,” said Amol Sarwate, director of vulnerability research at Qualys.

The third zero-day, addressed in MS14-058, also comes from a flaw within Windows, namely from the way the operating system kernel drivers handle TrueType fonts. An attacker could embed some malicious code within a TrueType font. When a user visits a site with these ill fonts, Windows will download the font package and automatically execute the code buried within.

Beyond Microsoft’s patches, administrators will also have a busy week with patches from Adobe and Oracle, Kandek said.

On Tuesday, Adobe released a set of patches for its Flash multimedia player. Oracle is also releasing a wide range of patches for its enterprise software. In particular, administrators should take a look at the Java patches, Kandek advised.

via Microsoft Patch Tuesday tackles three critical vulnerabilities, including ‘Sandworm’ | PCWorld.

5 Ways to Create a Password You Can Remember – wikiHow

5 Ways to Create a Password You Can Remember – wikiHow.

Coming up with a password that is both safe and memorable gets harder and harder the more of them we have to memorize. Combining words, phrases, numbers, and coding them with simple substitutions will ensure that your personal information is safe. It is important to be able to come up with passwords that are personal enough to remember but varied and complex enough to be secure, so learning how to create appropriate passwords is a crucial skill that you will undoubtedly use often.

Read more on WikiHow.com

E Pluribus Unum Gone Digital – Wired

E Pluribus Unum Gone Digital: Connected Software Is the Next Step in Productivity | Innovation Insights | WIRED.

Starbucks as workplace: How’s your work-life balance in the mobile age?  Global X/Flickr

E Pluribus Unum Gone Digital: Connected Software Is the Next Step in Productivity | Innovation Insights | via WIRED

Google. Evernote. Wunderlist. Mailbox. Dropbox. GoToMeeting. The newest wave of apps is all about leveraging the right tools to help you get things done across multi-screen. This proliferation of mobile technology has promised liberation for today’s workforce. So why do we feel more chained to our work than ever?

Nearly 1.3 billion (yes, billion) people now work untethered from their desks, and organizations are getting serious about keeping this new distributed workforce connected and productive with tools that support with mobility and collaboration.

The arrival of the mobile workforce has given many entrepreneurs the hope that they will be able to find some time for life outside of work. But with time as the ultimate commodity in today’s increasingly busy world, the work-life balance that many seek is still more of an illusion than reality.

We should be at a point where we can spend our Sunday afternoon playing catch with our kids, instead of wasting hours sifting through emails to get a handle on where our business stands. Or have time to go out and meet with prospective clients and make deals that will grow our business, instead of being bogged down and overwhelmed while pulling all of the pieces together.

So why is this still a problem in a time when we have more productivity tools and technologies than ever before? Because all of our tools are entirely disconnected, and its contributing to our ever more fragmented workflows. We’ve put too much of an emphasis on our email as a productivity tool, with the hopes that new productivity management and content sharing tools from Google Docs to Asana will pick up the slack where email fails.

But that’s not happening. Workers are still spending 28% of their office time on emails daily, which amounts to more than 650 hours a year and 13 hours a week.

Microsoft, Apple and Google have tried to solve this information overload, with more than half of the workforce stating that they are demoralized when they can’t manage all the information that comes their way each day, but have ultimately failed to create a solution that enables everyone, from the small business owner to the corporate manager, to get their work done faster and more efficiently.
The tools that we turn to for personal productivity have made the shift from web to multi-screen and while they are useful, they are not transformative. Why? Because they are all great at doing one thing — but don’t talk to each other.

Ultimately, we’ve gotten away from the simplicity of work. No one should have to open 5-6 different tools, email, Google Docs, GoToMeeting, Dropbox, Basecamp, Evernote and the myriad of other tools we use, in order to get an update on just one project. All of these tools have become somewhat counterproductive as only 2 percent of us can actually multitask between all of them and because more than 50% of us are now spending more time trying to be productive than actually working.

In trying to make things simpler we’ve only diminished productivity, which combined with wasted time, negatively affects the bottom line.

So how do we solve this snowballing productivity problem? We need all of these software tools to work together as one, creating a digital E Pluribus Unum.

By approaching the productivity problem from a position of connectivity, our workflow immediately becomes more efficient because our tools are working for us, and doing the information sifting and organizing so that we don’t have to.

For example, CEOs should not be copied so often that they have 300 emails coming through their inbox each day. This system makes email another job that managers don’t have time for, and ultimately defeats the purpose of email as a tool for communication.

However, if email, project management, meetings, documents, notes, etc. are all unified in one place, CEOs can utilize the time they used to spend searching for the latest email update to actually get something done.

Working on the go can also be as productive as working at your desk if you’re able to access apps in a single connected place that doesn’t require opening and closing different programs constantly in order to complete one task on a phone or tablet. At the end of the day, everyone needs to be able to see it all at a glance when out of the office, whether we’re at the kitchen table or on the train.

Technology has helped us break the chains and free ourselves from being stuck at a desk all day, and now its time to keep track of what really matters when it comes to working efficiently — context and clarity.

We have realized how fragmented and disconnected our workflows have become, now its time to reconnect.

Steven Berlin is co-founder and CEO of Uskape.

Originally posted by:

Related articles across the web

5 Million Gmail Passwords Leaked, Check Yours Now

5 Million Gmail Passwords Leaked, Check Yours Now.

5 Million Gmail Passwords Leaked, Check Yours Now

According to the Daily Dot, nearly 5 million usernames and passwords to Gmail accounts have been leaked on a Russian Bitcoin forum. Here’s what you should know.

The list has since been taken down, and there’s no evidence that Gmail itself was hacked—just that these passwords have been leaked. Most sources are saying that lots of the information is quite old, so chances are they were leaked long ago—though others are claiming 60% of the passwords are still valid (not to mention really, really horrible).

5 Million Gmail Passwords Leaked, Check Yours Now

To check if your password was one of the leaked, plug your Gmail address into this tool (which also checks against recent Yandex and Mail.ru leaks). If you’re paranoid, you may also want to change your password at this time. As always, make sure you use a strong password and enable two-factor authentication on  your account. Hit the link to read more.

Update: Looks like the IsLeaked tool is having some trouble due to unusually high traffic—if you get an error message, try reloading the page or checking back later.

5 Million Gmail Passwords Leaked to Russian Bitcoin Forum | The Daily Dot

Why Breach Detection Is Your New Must-Have, Cyber Security Tool | TechCrunch

Why Breach Detection Is Your New Must-Have, Cyber Security Tool | TechCrunch.

Cyber attacks are all over the news, and it seems like no one is immune — Home Depot, Target, Adobe and eBay included. So why are CIOs still fighting cyber criminals with one hand tied behind their backs?

Shockingly, most companies are still relying on outdated, only partially effective methods to protect their sensitive data, mainly with technology that focuses on preventing incoming attacks. But actually stopping bad guys from slipping inside enterprise networks and getting their hands on sensitive data is nearly impossible these days. In fact, among organizations with over 5,000 computers, over 90 percent have an active breach of some sort at any given time. What’s worse, those organizations may not even know about it…

…The most concerning part of all this is that very few organizations are now using new breach-detection technologies and can actually discover these ongoing breaches themselves, meaning attacks are even more destructive for their victims. Despite numerous alerts, Target, for example, didn’t detect the recent breach that led to 40 million stolen credit card numbers….Read More

 

 

First Google Glass Detector | Coming Soon| WIRED

For Sale Soon: The World’s First Google Glass Detector | Threat Level | WIRED.

Cyborg Unplug, a gadget no bigger than a laptop charger that plugs into a wall and patrols the local Wi-Fi network for connected Google Glass devices, along with other potential surveillance gadgets like Google Dropcams, Wi-Fi-enabled drone copters, and certain wireless microphones.

THE PLUG CAN SEEK OUT AND DISCONNECT NEARBY SURVEILLANCE DEVICES ON ANY NETWORK IT CONNECTS TO—A MORE LEGALLY AMBIGUOUS USE OF THE GADGET.

“Basically it’s a wireless defense shield for your home or place of work,” says Oliver. “The intent is to counter a growing and tangibly troubling emergence of wirelessly capable devices that are used and abused for surveillance and voyeurism.”

Our Opinion: Just Don’t be a Glasshole

 

Older posts