Free Help from Tech Experts

Geeks To Go is a helpful hub, where thousands of volunteers serve up answers and support. Check out the forums and get free advice from the experts, including malware removal and how-to guides and tutorials. Converse about Windows 10, get system building advice or download files... Go to forums >>

Archive for Security

Heartbleed–Things you should know and what you can do about it

 

What Is It?

By now I’m certain you’ve heard of the Heartbleed bug. If you haven’t, then you should know that it is a flaw found in one of the most common open source SSL implementations on the internet that COULD allow an attacker to get sensitive information from the web server. A successful attack could expose the server’s SSL private keys that would allow the attacker to decrypt the data traveling to the site, such as usernames and passwords.

As of now there have been no confirmed attacks using this bug, but an exploit of the bug is completely untraceable so there’s no way to be certain if a site has been targeted.

Places to learn more:
General information
LastPass and the Heartbleed Bug
How Heartbleed Works: The Code Behind the Internet’s Security Nightmare

How can you tell if a site is affected?

First, you need to figure out how vulnerable your data might be. There are several  lists of vulnerable sites that you can manually search through and several online tools that can be used to check specific sites (lastpass and SSL Labs have two particularly useful tools, linked below). There is a Chrome extension that can help identify vulnerable sites as you visit them. The folks at www.Mashable.com have a “hit list” of sorts that lists several sites that they have had direct communication with and recommendations as to what you should do to protect yourself on those sites.

Since Google’s Android operating system is built on open source principles, it is heavily integrated with OpenSSL so any Android device may be vulnerable to this bug as well. Lookout Security has developed a tool to check your device for vulnerability (linked below). If your device is vulnerable you will have to wait for an update for the device.

How can you protect yourself now and in the future?

Once you’ve identified what sites you’ve used that contain sensitive information, you need to change your passwords. You should make sure that they have patched their systems before you change your password for good but many experts are saying that you should change the passwords now just to be sure that any data captured in the last 2 years is safe.

Many systems online were not affected at all because they run on server platforms that don’t use OpenSSL (like Microsoft IIS). These sites have not been compromised by this bug and you should make your own judgment as to whether or not you should change your passwords. If you have used the same username and password combination on an unaffected site as you have on an affected site, you should change your password on both, and make sure they’re different this time.

If you have two factor authentication in place (which you should on any service that supports it) you are at an advantage since even if someone has your username and password they don’t have your second authentication method (typically an app or a text to your mobile phone). You should probably still consider changing your passwords on these sites to be safe.

If you use a password manager (like LastPass or Keepass) then you should most likely regenerate new passwords for your important sites. If you’re using LastPass, they have updated their app to include a tool that will automatically alert you of the Heartbleed status of any sites that you have saved or generated passwords for and give you suggestions as to when you should change their respective passwords.

You should never use the same logon and password for two important sites (like your banking site and your email). If you are using the same information on multiple sites that are important to you, you should change them now so that they are different.

The best thing you can do is not panic and stay aware of the current status of this bug. Keep checking the status of your frequently visited SSL enabled websites and if any of your important sites aren’t patching their systems, find a different company to do business with.

Don’t Be Scammed by Fake Tech Support Calls

It’s happened to me a number of times. The phone rings, and often the caller id display reads “Private.” Upon answering, I’m greeted by someone with a heavy Indian accent who informs me that he/she is calling from the Windows Support Center, and that for several weeks my PC has been sending out many error messages. This caller wants me to allow remote access to my computer so the errors can be analyzed, then fixed remotely, for a fee.

telemarketer

If you get one of these phone calls, hang up. First off, there are no “Windows Support Centers” that monitor error messages from your PC. They just don’t exist. Secondly, neither Microsoft, nor any of its partners, will place unsolicited calls and offer to fix your PC. The real purpose of these calls is to gain access to your PC. From that point, the caller could install malware to capture personal data, or alter settings to make your PC less secure. They’ll also show you fake alerts and problems in event viewer, in order to dupe you into paying for repairs. Once they have your credit card information, not only are you charged for unnecessary services, but you’ve just provided your credit card information to a scammer.

What if you’ve already succumbed to one of these calls? First off, change your password for your computer, bank accounts, email, etc., but don’t do this from the infected computer. Make the change from another PC. If your credit card has been charged, call your credit card company and work with them to reverse the charges. They can also work with you to monitor your card for fraudulent activity. Scan your computer with whatever antivirus program you use (you do use one, right?), and if you’re concerned, you can ask for help here at Geeks to Go! to help ensure that your computer is clean.

If you want more information about these types of scams, then visit Microsoft. For more information about telemarketing scams in the US, visit the FTC.

The Blackphone: No more snooping around

blackphone

In a time where Privacy is just a myth, Silent Circle & Geeksphone have announced the formation of a new Switzerland-based joint venture and its first surveillance-thwarting product, the Blackphone. This Blackphone runs a new security-oriented version of Android called PrivatOS. They claim that the Blackphone will put privacy and control directly in the hands of the user.

The Blackphone will be a carrier and vendor-independent smartphone that will allow consumers and businesses to make and receive secure phone calls, exchange secure texts, transfer and store files, and video chat without compromising privacy on the device. But all this is possible only if both the users have the Blackphone smartphone.

Though nothing has been revealed on the specs of the phone, the company claims that the hardware is a “top performer”. More importantly, there isn’t a lot of detail yet about how the privacy measures are going to work other than encrypted messaging, “secure telephony”, and privacy measures baked into the hardware, including on the CPU.

How to Install the Enhanced Mitigation Experience Toolkit (EMET)

A recent zero-day exploit in Internet Explorer affecting IE 6, 7, 8 & 9 (not 10) requires action on your part. You could stop using IE and use an alternate browser. An even better idea, install the free security tool, Enhanced Mitigation Experience Toolkit (EMET). Deploying EMET will help to prevent a malicious website from successfully exploiting issues like in Security Advisory 2757760. EMET in action is unobtrusive and should not affect the Web browsing experience.

1. Download EMET Setup.msi to desktop, download folder or other convenient location.

emet-download

2. Double click EMET Setup.msi to run

emet-setup

3. Read the welcome screen and click Next

emet-setup-1

Read the rest of this entry »

State Sponsored Malware, the New Normal?

Google State Sponsered Malware

Computer security is hard. Stopping state-sponsored malware might prove impossible. Consider this recent example of a security breach that hasn’t yet been reported to be state-sponsored, but has the hallmarks. Cloudflare is a service that promises to make sites faster and more secure. Recently one of their clients had their DNS records changed. The incident report reveals a lengthy and complex attack involving redirected voicemail, tricked email account recovery, and a flaw in Google Apps two-factor authentication. What if the ultimate target was not in fact the CloudFlare client, but rather some victim who could be vulnerable to exploitation through the CloudFlare customer compromise? How could this victim have prevented the attack, or even known about it?

Read the rest of this entry »

Keeping Windows 8 Release Preview Secure from Malware

Is Windows 8 Release Preview compatible with Microsoft Security Essentials?

No. As we’ve written previously, there will be no Microsoft Security Essentials available for Windows 8 Release Preview, or the Release to Manufacturing (RTM) final version. However, Windows Defender has been expanded to include real-time malware detection and removal. If you’ve used MSE before, Windows Defender in Windows 8 will have a very similar look and feel. It also shares the same signature detection as MSE and Forefront.

Confused? Technically speaking, Microsoft Security Essentials has not been renamed Windows Defender, or combined with it, but it sure feels and looks that way. Blame the antitrust lawyers.

defender-about

Do I need to install Windows Defender?

Read the rest of this entry »

All your device are belong to us – device hacking dangers

PacMan-SequoiaAvi Rubin is Professor of Computer Science at Johns Hopkins University. He offers a TEDx talk in which he discusses hacking of devices. Would you be surprised if?

  • A defibrillator pacemaker could induce fibrillation wirelessly (Dick Cheney would be more fun at parties)? Or the device could be disabled remotely?
  • The brakes on your car could be engaged, or disabled through your car radio?
  • Your car could be located via GPS, remotely have the doors unlocked, anti-theft bypassed, and started (so it’s warm, or cool when stolen)?
  • Your car could be used for covert surveillance? E.G. use GPS to track vehicle on a map, stream audio from the in-cabin microphone. Without knowledge.

Read the rest of this entry »

Secunia PSI 3.0 Beta – Now with Autopatching

secunia-psiAccording to Secunia, 78% of vulnerabilities on Windows systems, are from non-Microsoft programs. These 3rd party programs have become a favorite target of hackers, and keeping all the software on your system can be quite a challenge. Enter Secunia PSI…

Secunia Personal Software Inspector (PSI) Beta is a free security scanner that identifies vulnerabilities in non-Microsoft (third-party) programs which can expose PCs to attacks

Secunia is a critical piece of software in any consumers efforts to prevent malware. In its latest beta version (3.0) Secunia offers a greatly simplified interface, and one major new feature, auto-updating. Their stated goal, ““Would your grandparents, or mum or dad, be able to use it easily?” Did they go too far, or maybe not far enough?

Read the rest of this entry »

TDL4 Infection Update Win32/Olmasco MAXSS Pihar

TDL4

TDSS/TDL4 has been a resilient and common rootkit used to infect computers, installing botkits, fake antivirus, and browser redirects. Just as it appeared development of the rootkit had stalled, some new variants have been appearing. Many antivirus programs are not detecting these new variants. They are detected by ESET as Win32/Olmasco, and BitDefender as MAXSS or Pihar. If not detected by antivirus, the most common symptoms are browser redirects and multiple Internet Explorer processes not started by the user that will respawn when terminated.

These variants have begun appearing in our malware removal forums. For example here and here. Due to changes in how they operate, these new variants require some new techniques to remove. Previously the MBR (Master Boot Record) was overwritten. The new version leaves the MBR untouched, but creates a hidden partition and marks it as boot. This means tools and techniques that scan the MBR for changes, or rewrite the MBR will no longer work, and may result in an unbootable system. Newer techniques and tools for removal are still being developed, but mostly involve booting offline, using a live Linux CD like gparted.

Read the rest of this entry »

2011: Malware Targets Your Friends, Your Pocket, and Your Apple

ipad_jobsMcAfee recently released it’s threat predictions for 2011 (PDF). Among the forecast for 2011:

  • Social Media including Facebook, Twitter and instant messaging will distribute more malware than email. Related are short URL service abuses, and personalized attacks that appear to originate from your friends. Think twice before clicking a short URL to open that video your Facebook friend sent you. If you’re required to install something to view the video, it’s almost certainly malware.
  • Mobile malware has been predicted for some time. Could 2011 be the year mobile malware makes its presence felt? Smartphone use has exploded, for both personal and  business use. Rootkits and botnets are making their way onto these mobile devices. They are attractive targets. Not only are the devices used for banking and online access, but the camera and microphone can be hijacked as well. If malware has “root” access on your phone, chances are it has access to your email, Facebook, contacts, even GPS location.

Read the rest of this entry »