Archive for the ‘Security’ Category

Ok so the epsilon company that handles credit and email contacts for: Best Buy. JP Morgan Chase. Citibank. Walgreens. Disney. Barclay’s Bank. US Bancorp. Marriott. Ritz Carlton. LL Bean. Home Shopping Network. TiVo.

Was hacked into. Meaning if you have accounts or ever created an account through these guys you may be getting some phishing scams coming your way.

Be careful and do not respond.

Sad day when a company has bad enough security that allows this many clients to have so much trouble.

Full Press Release

Typically when your computer gets bogged down with all the internet cookies and images you can remove them in your IE web browser or go to internet options in the control panel.

However if you use flash player for anything. For example youtube.com then you may need to clean out your Flash cookies. That means you have to go to a special url to clear them. Fun eh?



 

Click here to go to that super special site.

change the storage settings to None and Delete all sites. This will clear your flash cookies.

If you have known me for long you will know how much I tout performance and safety on your PC, MAC (OSX) (cause Apple products are the easiest hacked computers), or Favorite Linux Distribution (Fedora Core, Ubuntu, Suse , etc…).

The best way to keep your internet surfing clean fun and fast not to mention safer. Using a controlled or 3rd party DNS provider.

First we should explain what a DNS is….

From Wikipedia:

“The Domain Name System (DNS) is a hierarchical naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participants. Most importantly, it translates domain names meaningful to humans into the numerical (binary) identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide. An often-used analogy to explain the Domain Name System is that it serves as the "phone book" for the Internet by translating human-friendly computer hostnames into IP addresses. For example,www.example.com translates to 192.0.32.10.”

"…The Domain Name System distributes the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain. Authoritative name servers are assigned to be responsible for their particular domains, and in turn can assign other authoritative name servers for their sub-domains. This mechanism has made the DNS distributed and fault tolerant and has helped avoid the need for a single central register to be continually consulted and updated.”

What does this mean?

Its how you use English names and translate them into a Physical Address or IP address.

Every day your router goes out and gets the latest dictionary of DNS addresses that you request via multiple DNS servers.

So how does this help me with anti-malware and site blocking? Well there are companies and services that will take over or become a man in the middle to filter you requests and block known DNS names that harbor unsafe, disgusting or unwanted web content. The greatest part of this filtering is you do not have to install software to get this protection and monitoring like many web filters do (Net Nanny and Such.).

Today I am going to focus on 3 services (DNS):

 

OPENDNS: My favorite by far. Create an account and setup your filtering preferences. Take the DNS IP address’s and magically it all works. DNS address: 208.67.222.222 and 208.67.220.220

GoogleDNS: I like the speed however not sure exactly what “other” things google is tracking. DNS address: 8.8.8.8 and 8.8.4.4

NortonDNS: This is a beta program but promises to do as well as its software suite with this extra bit of protection. DNS Address: 198.153.192.1 and 198.153.194.1

 

With all three of these services you will see significant speed increase accessing your favorite sites. You will also see better protection with “accidental” clicking on bad links.

Be safe and if you have any questions please feel free to call us (801)682-3064 for assistance.

Just in case you didn’t know Malvertising is the #1 way to get infected due to the numerous security holes found in:

Adobe Reader (acrobat)
Adobe Flash Player
Sun’s Java

Those are the top 3 applications being exploited right now.   You may be wondering how you got infected with a fake anti-virus program (for example) without ever clicking on any ad.  See the simple explanation below.

Here’s how Malvertising Works

  1. A legit website like CNN.com sells advertising space because it has thousands of views every day. (again, this is just an example)
  2. A malicious person or group purchases some of this advertising space and submits an ad that appears perfectly fine to the CNN.com advertising editors.
  3. The ad goes live.
  4. At some point the ad becomes malicious and starts scanning clients for outdated Adobe Reader, Adobe Flash or Java binaries.
  5. Once an exploit is available the malicious ad injects malware into the clients PC.
  6. The anti-virus may or may not detect it, it’s really just luck.  If the threat is old, then there’s a good chance it will.  If it’s just a few minutes old then there’s a good chance it won’t.
  7. The ad may stay live for minutes, hours, days, etc until someone notifies the web master of that domain.

How can you stop these attacks?

  1. Keep your Adobe Reader and Flash Updated.  This is not exactly an easy task since Adobe seems to find security holes every other week.  Open Adobe Reader and click help — check for updates (at the time of this writing I just discovered I had 2 waiting to be downloaded!).  Both programs do automatic update checking, however a lot of people just cancel the update.  Bad idea.
  2. When Java alerts you that an update is available then yes…install it.  Lot’s of my clients never install this update.  It’s really important that you do.
  3. Configure the Adobe Reader plugin in each of your web browsers not to load PDF’s automatically.
  4. Browse the internet with Sandboxie as much as you can.  That goes for everyone who uses the computer.
  5. Always download and install your Windows Updates.
  6. Follow steps 1 – 5 and you’ll probably never experience the end result of a malicious ad.

Sadly adobe and sun products are constantly getting new updates and do not uninstall the old updates so the potential for re-infection can still happen. If you don’t need these applications or you do not use applications that require these updates then promptly remove them.

You have noticed that even Apple a large supporter of adobe has decided not to add flash or java to their latest OS updates.

Special thanks to the remove-malware.com people for the information.

The wild west was one of the most interesting frontiers that our crazy forefathers decided to conquer. Those who pursued wealth fame or the all mighty easy dollar where either successful and overcome by other evils or broke and tried to make a life in a desert (semi-arid) landscape west of the Rockies.

Now a days we have the frontier of our intellect (could be argued.) or the internet. We have special tools that allow us to copy and paste and to download *FREE* stuff (video, Music, Software, Virus’s). There’s Gold in them there internets! While its true you can download to your hearts content *FREE* stuff; beware its not all free and or Gold. Some might call it fools gold. Kind of reminds me of the old adage “you get what you pay for.”. Truth is most the free stuff you can consume (download) has got some code that will make your Windows, Apple OSX and Linux Operating systems crash and burn. Possibly incurring data loss that you cannot afford to lose. Yes I said Apple and Linux too. No one gets a free ride.

Some of the more well known ways of getting your *FREE* stuff is P2P types of programs:

Limewire 

Lime Wire: Has been the king of the P2P networks most recently. Funny enough it offers a paid for version to make you think the content you download is not illegal. Of course the paid for version does also unlock more bandwidth and more open connections. Interestingly enough some of the open source community came out with a better app that allows for the paid version tools called Frost Wire. 

Kazaa 

Kazaa: Was the king of P2P sharing and still is around but the service has been under serious watch by the MPAA and RIAA.

 

 

WinMX WinMX: Now defunct. Was the Largest P2P up until 2005 and then was shutdown. Most likely due to pressure or lawsuits from various copyright owners.

 

BitTorrent:The New Sheriff in town. However harder to understand by most non-geek types. Very much harder to track but very open and determines how many others have the same file.

Usenet: A very old distribution network. Open mostly for discussions and trading ideas became a haven for file sharing and virus sharing.

IRC Chat: Another very old distribution network. Rumored to be the networks in which when your computer is infected with a virus. The virus (usually trojan horse) gets instructions from this network.

Truth be told all of these networks spread a ton of virus’s. Please make sure you are very careful when using these networks. They will bite.

 

So I have been in the business of building and rebuilding every type of personal and business computer (Laptop, Desktop, Workstations and Servers).WINPCVIRUS

I have seen my share of virus/spyware infections from easy to kill to so nasty it requires a full rebuild of a said computer. One thing I have been noticing as of late is the the Virus that gets installed and acts as a Antivirus Application. These are the most annoying Virus/Spyware applications. I have seen these applications download more and more Virus’s as well as a plethora of spyware in so much as over loading the Operating System and basically shutting down the computer.

Please if you get one of these type of virus’s or you get a pop up asking you to download it to kill the virus’s. This is a bad idea. Please do not download these type of applications. First they want you to pay for them even sometimes to the point they ask for a large subscription payment. They disable any and all antivirus application.

These applications are essentially evil please stay clear.

Update: This Virus is spreading quickly among many even very protected machines (updated antivirus and antispyware) If you encounter any of these types of Viri please unplug your network cable (commonly called ethernet or data cable).

Common Names I have encountered:

Personal Antivirus (Hardest of them to remove)

Antivirus 2008

Antivirus 2010

WinPC Antivirus

there may be more….

Here is a run down on how to clean. Feel free to contact me if you are unsure how to do this.

  1. Download Malwarebytes’ Anti-Malware, or MBAM, from the following location and save it to your desktop:

    Malwarebytes’ Anti-Malware Download Link

  2. Once downloaded, close all programs and Windows on your computer, including this one.
  3. Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MBAM onto your computer.
  4. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and  Launch Malwarebytes’ Anti-Malwarechecked. Then click on the Finish button.
  5. MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.

MalwareBytes Anti-Malware Screen

On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer for Personal Antivirus related files.

MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below

.You should click on the OK button to close the message box and continue with the PersonalAntivirus removal process.

You will now be back at the main Scanner screen. At this point you should click on the Show Results button.

A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.

  1. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
  2. You can now exit the MBAM program.

Your computer should now be free of the PersonalAntivirus program. If your current anti-virus solution let this infection through, you may want to considerpurchasing the PRO version of Malwarebytes’ Anti-Malware to protect against these types of threats in the future.

A large issue with all versions of Windows is by default the Operating system is installed to not show your file extension. FolderOptions

So why is this a problem? Well since Virus developers and Script kiddies learned of this they would mask the virus file as a jpeg. So please what ever version of windows you are using please uncheck Hide extensions for known file types.

If you notice in the diagram on the left I would and do the following on every install of any Windows version I install.

-Uncheck Automatically search for network folders and printers

-Check: Do not cache thumbnails

-Bullet: Show hidden files and folders

Click apply and then Apply to all folders. Windows will prompt you to make sure. Click ok.

Now when you download a file or someone sends you a file you know what the true extension of the file.

*Warning this article can tend to be very technical. However if you read it over it will help you with understanding how to correctly backup your data from the very simple to the very complex.

destroyed-computer

See that picture? When it happens to you, it may not look quite that bad (or be quite that obvious), but data loss sucks. And it does happen. I’ve been working with computers for 10+ years, and I’ve had it happen a couple times myself. Did I mention how much it sucks?

I’m not going to spend a couple pages telling you why you should backup, I’m just going to be straight about it, unless you really couldn’t care less if that happened to your computer, you are flat out stupid if you are not backing up your data on a regular basis.

Instead of telling you why to backup, I’m going to tell you how to ensure that you are not going to get your data back, even if you think you are backing it up.

Method 1: I’ll just back the data up to CD/DVD.

Well sure, this will work for a bit, but:

  1. Ever try to save 20GB to CD? Or 250GB to DVD? Ugh.
  2. How long do you think that optical desk is going to be readable?

Going this route, you can quickly end up trapped behind a small mountain of plastic. Or lets say you manage to somehow keep the optical disks to a manageable quantity, will the marker you labeled it with make the disk unreadable in a year, or is the dye layer unstable, rendering your disk unreadable in six months, or will the glue on the label you made for the disk make it worthless in a year or two? These are just a couple of examples of why optical media should not be considered an archive grade solution.

Method 2: ok then, I’ll just copy the data to a USB hard drive.

Sure it’s better than nothing, but single HDD solutions are not going to keep your data safe. Hard drives fail. In fact it will happen to every single hard disk you will ever come across. The only question is; when? It’s not a matter of if, or of MTBF (mean time between failure), it is more a matter of “you never know, it could fail in ten years, or in ten seconds”.

Don’t get me wrong, if this is the only way you can back the data up, then it is your only choice, and it’s better than nothing. Just be aware, as soon as you copy the data to that USB HDD, the “Clock of Death” is ticking.

Much better would be to copy the data over to a machine with a RAID storage system (preferably RAID5).

Method 3: I bought actual Backup Software (or use a vetted Open Source solution), and run Incremental Backups (to tape!) every single day!

Ok, so you spent some money on a tape backup solution, spent hours reading the manual and configuring your backup. Congratulations, I bet you think your data is safe! Until you find out how Incremental Backups really work (this usually happens after a disaster, and the tapes is all you have left of your illegal mp3’s downloaded movies warez mission critical data).

Let’s pretend for a minute that your backup tapes look something like this:

Full_backup_tape (tape 1 – doesn’t matter what you tell it to be, the first backup is always and without exception, a full backup)

Incremental_backup_1 (tape 2)

Incremental_backup_2 (tape 3)

Incremental_backup_3 (tape 4)

Incremental_backup_4 (tape 5)

Incremental_backup_5 (tape 6)

And then you have a catastrophic failure. So you’re sitting there at 2am merrily running the restore, and you hit a snag: tape 2 won’t read. Doesn’t matter why, the tape could be bad, maybe you left it out of the tape safe overnight, and the radio station next door managed to erase it with the magnetic waves they transmit (this actually happened), the data is gone. So is all data after it. See Incremental backups require that all tapes since the last full backup be present and working. So tapes 3-6 may as well be empty, because you are never getting the data off of them. Ever.

If you can’t run full backups every day, use Differential backups instead of Incrementals. Let’s say that in the scenario the user had been running differentials rather than incrementals. They could then restore to current using just the original full backup, and the last differential.

Method 4: Now I’m running differential backups to tape every single day!

But you fail to check the backup logs every day, and the backup job you though had been running for the last year actually failed 273 days ago, and has been requesting the “correct” tape since then. I’ve seen this one a lot (in fact, I think this would be the most popular reason for data loss if you have backup software running).

You’ve got to check your backup logs. It sucks, and it’s boring, but it’s one of those things you just have to do.

Method 5: Alright, I’m running differentials to tape, and have been checking my logs for the last 2 years every single day!

But you’ve never run a test restore. If you haven’t restored data from the tape successfully, there is no data on the tape. The tape was bad, the backup software failed (silently of course), the gremlins ate it.

Method 6: Ok, now I spend two hours reading the log and then randomly restoring files from my backups (before putting the tapes in the tape safe) every single day!

And then your server room catches fire. All machines, and the safe holding the backup tapes are destroyed. You never took any offsite, because you have a tape safe. It happens. It’s unfortunate.

Method 7: Enough, I give up on tape! Now I run a full backup to a RAID5 NAS every single day!

But you ordered your NAS with the drives form the manufacturer, and they used 4 HDD’s from the same batch, and two failed. This is the one that always gets them! The strength of RAID5 is that more than one drive has to fail before the RAID is unrecoverable. The weakness is that hard drives from the same batch tend to fail at the same time (or thereabouts).

To strengthen your RAID system, always make sure that you have drives from different batches, if not from different manufacturers (this is not always the best idea, but that is an argument for another time). For instance: to take care of my backup needs at home, I bought a Buffalo Terastation. Unfortunately, Buffalo sent me a Terastation with 4 drives from the same batch (you can usually tell if they all have the same date on them, sometimes there will be a batch code on the drive). I bought 3 more of the same model drive from 3 different manufacturers, and now have the most healthy RAID I can.

These are not the only ways to lose data, but they are by far the most common. How would I know? I was the Worldwide Manager of Technical Support for a backup software company for several years. And I always got to be the one to explain to the customers why their data is gone.

So what do I do?

There are as many answers to that question as there are IT shops with backup systems. Here is how I protect data at my office:

I backup all data every day (full backup) to a NAS configured in RAID5, with a hot spare. I check the health of the RAID every day (it takes about two minutes). Once a week I backup the entire RAID to LTO3 tape, and take the tapes offsite (currently I am taking them home, where they go into a DATA rated fire safe (there is a difference, do your homework), and then into my large safe where I keep all my other valuables. My ideal would be to have them delivered to a bank safety deposit box, but that costs money.

At home, I back up all my data to the aforementioned Terastation. Once per month, I copy all the data off to a USB HDD (actually two of them), and take one to work where it goes into the tape safe.

Is it perfect? No. Does it stand a much better chance of keeping that data alive through a catastrophic event? Absolutely. You don’t have to go to these lengths to protect your data, but you should be aware of the risks.

http://www.asktheadmin.com/2009/06/how-to-lose-your-data

Minimize the Chances of an Online Predator Victimizing a Child

  • Warn your children about potentially dangerous people who may try to befriend them online.
  • Keep the computer in a public space in your house, not a bedroom.
  • Don’t allow children to use a screen name profile or to give out personal information online.  (not even what school they go to or city they live in)
  • Use parental controls provided by your service provider or blocking software.
  • Monitor or discourage all chat room usage.
  • Insist children never agree to meet someone they’ve met online without permission.

Types of Children Predators Target and Prey Upon

  • Children with lower self-esteem
  • Children who divulge too much personal information online.
  • Children who frequent chat rooms

Signs Your Child Might Be at Risk Online

  • Your child spends large amounts of time online, especially at night.
  • You find pornography on your child’s computer.
  • Your child receives phone calls from people you don’t know or is making calls to numbers you don’t recognize.
  • Your child turns the computer off or quickly changes the screen on the monitor when you come into the room.
  • You child becomes withdrawn from the family.  Offenders try to drive wedges between a child and their family, trying to accentuate any minor problems at home a child may have.
  • You child is using an online account belonging to someone else.  Offenders will sometimes provide potential victims with a computer account for communications with them.

Monitor not only computer activity but also cell phone activity. Examine cell phone bills for suspicious activity.

Learn about text messaging or “sexting”. Taking revealing pictures of themselves is becoming a trend.  Pictures are then sent to classmates via email or cell phone and end up online and in the hands of predators.  Learn the technology and learn the language.

As we all know Windows Operating Systems have been hammered with people attempting to hack and send virus’s as well as Spyware(malware). We have had some good defense against these evil types of individuals with Symantec and AVG and McAffee. Even Microsoft’s Live Onecare is a great Antivirus and my favorite overall for defeating the known bad virus and identity theft software that plaques every windows personal computer.

Recently Microsoft has been talking about a plan to create a free antivirus application for all Windows PC Operating Systems(XP-Windows 7). Today. I got a look at the latest offerings from Microsoft and its new Antivirus (Microsoft Security Essentials). This antivirus is quite nice and small (of course it is in Alpha(Alpha is pre-beta meaning it has a few bugs and needs to be cooked a bit more)) Over all the install was easy and much less intrusive than its competitor Symantec 360 and AVG in all its versions. Simple clean and easy to run.

In my opinion this has been a feature that Windows has needed for a very long time. I will supply a link when the Microsoft Security Essentials goes beta. I am assuming the time line will be fairly soon as the rumor is September for full release.

Until then continue to update you computers antivirus and scan for virus’s often.

*Update: Here is the link to Microsoft Security Essentials

-Mike Dopp





Developed by Redoubt Solutions, LLC.