Free Help from Tech Experts

Geeks To Go is a helpful hub, where thousands of volunteers serve up answers and support. Check out the forums and get free advice from the experts, including malware removal and how-to guides and tutorials. Converse about Windows 10, get system building advice or download files... Go to forums >>

Archive for Security

Exchange Server – Chinese Hafnium Hack

If your organization runs Exchange Server with OWA, assume that it was compromised between 02-26-21 and 03-03-21. Exchange Server versions 2013, 2016, and 2019.

  1. Patch ASAP Multiple Security Updates Released for Exchange Server – updated March 8, 2021 – Microsoft Security Response Center
  2. Check for 8 character aspx files in C:\\inetpub\wwwroot\aspnet_client\system_web\
  3. Scan Exchange Server logs with Microsoft’s IOC detection tool: Microsoft IOC Detection Tool for Exchange Server Vulnerabilities | CISA
  4. More technical information to determine if systems are compromised: Mitigate Microsoft Exchange Server Vulnerabilities | CISA

Unfortunately, none of these will remove the threat actors, web shells or backdoor trojans left behind. An estimated 60,000 organizations worldwide have been impacted.

Why I Still Teach Malware Removal

When Microsoft introduced Windows 10, it used the tagline “The most secure Windows ever – and built to stay that way”. In a perfect world, everyone would now be running on Windows 10 and enjoying the enhanced security features that are included. This is real life, however, and that’s not how it works. There are still millions of PCs running Windows XP, four years after Microsoft ended support for the product, and millions more than that running Windows 7. Aryeh Goretsky, a researcher for ESET, states in a white paper that the number of computers “…running Windows XP has stayed about the same over the last few quarters at around 5.5 percent.  While that may not sound like much, it means there may be somewhat over 80 million computers out there still using Windows XP.” ComputerWorld estimates that at the end of 2019, just a year from Windows 7’s retirement, an estimated 47% of Windows computers will still use that OS.

Read the rest of this entry »

Heartbleed–Things you should know and what you can do about it

 

What Is It?

By now I’m certain you’ve heard of the Heartbleed bug. If you haven’t, then you should know that it is a flaw found in one of the most common open source SSL implementations on the internet that COULD allow an attacker to get sensitive information from the web server. A successful attack could expose the server’s SSL private keys that would allow the attacker to decrypt the data traveling to the site, such as usernames and passwords.

As of now there have been no confirmed attacks using this bug, but an exploit of the bug is completely untraceable so there’s no way to be certain if a site has been targeted.

Places to learn more:
General information
LastPass and the Heartbleed Bug
How Heartbleed Works: The Code Behind the Internet’s Security Nightmare

How can you tell if a site is affected?

First, you need to figure out how vulnerable your data might be. There are several  lists of vulnerable sites that you can manually search through and several online tools that can be used to check specific sites (lastpass and SSL Labs have two particularly useful tools, linked below). There is a Chrome extension that can help identify vulnerable sites as you visit them. The folks at www.Mashable.com have a “hit list” of sorts that lists several sites that they have had direct communication with and recommendations as to what you should do to protect yourself on those sites.

Since Google’s Android operating system is built on open source principles, it is heavily integrated with OpenSSL so any Android device may be vulnerable to this bug as well. Lookout Security has developed a tool to check your device for vulnerability (linked below). If your device is vulnerable you will have to wait for an update for the device.

How can you protect yourself now and in the future?

Once you’ve identified what sites you’ve used that contain sensitive information, you need to change your passwords. You should make sure that they have patched their systems before you change your password for good but many experts are saying that you should change the passwords now just to be sure that any data captured in the last 2 years is safe.

Many systems online were not affected at all because they run on server platforms that don’t use OpenSSL (like Microsoft IIS). These sites have not been compromised by this bug and you should make your own judgment as to whether or not you should change your passwords. If you have used the same username and password combination on an unaffected site as you have on an affected site, you should change your password on both, and make sure they’re different this time.

If you have two factor authentication in place (which you should on any service that supports it) you are at an advantage since even if someone has your username and password they don’t have your second authentication method (typically an app or a text to your mobile phone). You should probably still consider changing your passwords on these sites to be safe.

If you use a password manager (like LastPass or Keepass) then you should most likely regenerate new passwords for your important sites. If you’re using LastPass, they have updated their app to include a tool that will automatically alert you of the Heartbleed status of any sites that you have saved or generated passwords for and give you suggestions as to when you should change their respective passwords.

You should never use the same logon and password for two important sites (like your banking site and your email). If you are using the same information on multiple sites that are important to you, you should change them now so that they are different.

The best thing you can do is not panic and stay aware of the current status of this bug. Keep checking the status of your frequently visited SSL enabled websites and if any of your important sites aren’t patching their systems, find a different company to do business with.

Don’t Be Scammed by Fake Tech Support Calls

It’s happened to me a number of times. The phone rings, and often the caller id display reads “Private.” Upon answering, I’m greeted by someone with a heavy Indian accent who informs me that he/she is calling from the Windows Support Center, and that for several weeks my PC has been sending out many error messages. This caller wants me to allow remote access to my computer so the errors can be analyzed, then fixed remotely, for a fee.

telemarketer

If you get one of these phone calls, hang up. First off, there are no “Windows Support Centers” that monitor error messages from your PC. They just don’t exist. Secondly, neither Microsoft, nor any of its partners, will place unsolicited calls and offer to fix your PC. The real purpose of these calls is to gain access to your PC. From that point, the caller could install malware to capture personal data, or alter settings to make your PC less secure. They’ll also show you fake alerts and problems in event viewer, in order to dupe you into paying for repairs. Once they have your credit card information, not only are you charged for unnecessary services, but you’ve just provided your credit card information to a scammer.

What if you’ve already succumbed to one of these calls? First off, change your password for your computer, bank accounts, email, etc., but don’t do this from the infected computer. Make the change from another PC. If your credit card has been charged, call your credit card company and work with them to reverse the charges. They can also work with you to monitor your card for fraudulent activity. Scan your computer with whatever antivirus program you use (you do use one, right?), and if you’re concerned, you can ask for help here at Geeks to Go! to help ensure that your computer is clean.

If you want more information about these types of scams, then visit Microsoft. For more information about telemarketing scams in the US, visit the FTC.

The Blackphone: No more snooping around

blackphone

In a time where Privacy is just a myth, Silent Circle & Geeksphone have announced the formation of a new Switzerland-based joint venture and its first surveillance-thwarting product, the Blackphone. This Blackphone runs a new security-oriented version of Android called PrivatOS. They claim that the Blackphone will put privacy and control directly in the hands of the user.

The Blackphone will be a carrier and vendor-independent smartphone that will allow consumers and businesses to make and receive secure phone calls, exchange secure texts, transfer and store files, and video chat without compromising privacy on the device. But all this is possible only if both the users have the Blackphone smartphone.

Though nothing has been revealed on the specs of the phone, the company claims that the hardware is a “top performer”. More importantly, there isn’t a lot of detail yet about how the privacy measures are going to work other than encrypted messaging, “secure telephony”, and privacy measures baked into the hardware, including on the CPU.

How to Install the Enhanced Mitigation Experience Toolkit (EMET)

A recent zero-day exploit in Internet Explorer affecting IE 6, 7, 8 & 9 (not 10) requires action on your part. You could stop using IE and use an alternate browser. An even better idea, install the free security tool, Enhanced Mitigation Experience Toolkit (EMET). Deploying EMET will help to prevent a malicious website from successfully exploiting issues like in Security Advisory 2757760. EMET in action is unobtrusive and should not affect the Web browsing experience.

1. Download EMET Setup.msi to desktop, download folder or other convenient location.

emet-download

2. Double click EMET Setup.msi to run

emet-setup

3. Read the welcome screen and click Next

emet-setup-1

Read the rest of this entry »

State Sponsored Malware, the New Normal?

Google State Sponsered Malware

Computer security is hard. Stopping state-sponsored malware might prove impossible. Consider this recent example of a security breach that hasn’t yet been reported to be state-sponsored, but has the hallmarks. Cloudflare is a service that promises to make sites faster and more secure. Recently one of their clients had their DNS records changed. The incident report reveals a lengthy and complex attack involving redirected voicemail, tricked email account recovery, and a flaw in Google Apps two-factor authentication. What if the ultimate target was not in fact the CloudFlare client, but rather some victim who could be vulnerable to exploitation through the CloudFlare customer compromise? How could this victim have prevented the attack, or even known about it?

Read the rest of this entry »

Keeping Windows 8 Release Preview Secure from Malware

Is Windows 8 Release Preview compatible with Microsoft Security Essentials?

No. As we’ve written previously, there will be no Microsoft Security Essentials available for Windows 8 Release Preview, or the Release to Manufacturing (RTM) final version. However, Windows Defender has been expanded to include real-time malware detection and removal. If you’ve used MSE before, Windows Defender in Windows 8 will have a very similar look and feel. It also shares the same signature detection as MSE and Forefront.

Confused? Technically speaking, Microsoft Security Essentials has not been renamed Windows Defender, or combined with it, but it sure feels and looks that way. Blame the antitrust lawyers.

defender-about

Do I need to install Windows Defender?

Read the rest of this entry »

All your device are belong to us – device hacking dangers

PacMan-SequoiaAvi Rubin is Professor of Computer Science at Johns Hopkins University. He offers a TEDx talk in which he discusses hacking of devices. Would you be surprised if?

  • A defibrillator pacemaker could induce fibrillation wirelessly (Dick Cheney would be more fun at parties)? Or the device could be disabled remotely?
  • The brakes on your car could be engaged, or disabled through your car radio?
  • Your car could be located via GPS, remotely have the doors unlocked, anti-theft bypassed, and started (so it’s warm, or cool when stolen)?
  • Your car could be used for covert surveillance? E.G. use GPS to track vehicle on a map, stream audio from the in-cabin microphone. Without knowledge.

Read the rest of this entry »

Secunia PSI 3.0 Beta – Now with Autopatching

secunia-psiAccording to Secunia, 78% of vulnerabilities on Windows systems, are from non-Microsoft programs. These 3rd party programs have become a favorite target of hackers, and keeping all the software on your system can be quite a challenge. Enter Secunia PSI…

Secunia Personal Software Inspector (PSI) Beta is a free security scanner that identifies vulnerabilities in non-Microsoft (third-party) programs which can expose PCs to attacks

Secunia is a critical piece of software in any consumers efforts to prevent malware. In its latest beta version (3.0) Secunia offers a greatly simplified interface, and one major new feature, auto-updating. Their stated goal, ““Would your grandparents, or mum or dad, be able to use it easily?” Did they go too far, or maybe not far enough?

Read the rest of this entry »