TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Security

Hackers Are Now Targeting Macintosh Computers

Until recently, MacIntosh computer users have long enjoyed relative freedom from hacker attacks; however, Symantec says online criminals are now setting their sites on Mac users.

Online porn hunters are the latest target. Visitors to porn sites are led to believe they can download a free video player when in fact they are installing malicious code onto their Macs.

Once the users authorize the transaction, the hackers can redirect the users future browsing to fraudulent web sites and possibly steal the user’s information or passwords.

Sometimes they simply send ads for other pornographic websites. This results in thousands of dollars in income for the criminals.

While common thinking is that Macs are essentially more secure than PCs, security experts argue differently. They believe Macs are no more secure than PCs, and that the relatively low number of viruses, exploits and other cyber attacks directed at Mac users is due to Apple’s relatively small share of the computer market.

With that said, the fact remains that for every single attack on a Mac, there are at least 100 attacks on Windows-based systems.

Almost All Windows Computers Missing Patches

Survey By Security Company Reveals 95% Of Computers Need Updating

Nearly all Windows computers are likely running at least one unpatched application and about four out of every ten contain 11 or more vulnerable-to-attack programs, a study by an Internet and network vulnerability tracking company revealed.

According to Secunia ASP, more than 95% of the PCs that have downloaded and installed its Personal Software Inspector (PSI) utility sport one or more application for which security fixes are available.

Secunia tracked the first PSI scan after its installation to get an idea of patch status before users start to update their machines, which can also be done through the utility.

Out of about 20,00 machines; 95.46% of them have an unpatched application on their hard drive. “There is a newer version available form the vendor that corrects one or more vulnerabilities,” said Jakob Balle, Secunia’s development manager. “But the users have yet to install the secure version.”

Some of the other statics cited by Balle were just as damning: 41.94% of the machines scanned by PSI have 11 or more vulnerable applications; and more than two-thirds, or 67.63%, of the PCs have 6 or more unpatched programs.

“Close to all computers are running with several insecure application installed,” Balle pointed out.

And the picture is probably even darker than the one he painted. “These results should be considered ‘best case’ scenarios; The real numbers are likely to be worse,” he said, citing the self-selected group that the data represents.

“The users of the Secunia PSI are most likely more vigilant and security minded/conscious than your ‘average’ user.”

Secunia released the free patch detection utility a year ago, but shifted it to Release Candidate 1 (RC1) stage earlier this month. The Copenhagen based company claims nearly 191,000 users have downloaded and run the program.

PSI runs on Windows 2000, XP, Vista, and Server 2003, and can be downloaded from the Secunia site, at https://psi.secunia.com/.

 

Safely Dispose Of Old Computers

Protect The Environment & Your Personal Information

With the new year upon us, many of you may have upgraded your old PCs for shiny new ones. So what should you do about that old PC left over?

Whatever you do, don’t just throw it into a dumpster! Not only is it an environmental hazard you could be fined for, but you also don’t want complete strangers getting access to your old files, passwords, financial information, and e-mails.

First, keep your old PC around for a few months until you are absolutely certain that you transferred all of the files and programs you needed to your new PC.

Next, you need to make sure the hard drive is wiped clean of any data you had stored on it — and simply deleting the files is not enough. We recommend you seek professional help in clearing the hard drive from any old PCs you are disposing of.

Finally, you may consider donating your old PCs to a charity such as Youth for Technology (www.youthfortechnology.org) or Computers With Causes (www.computerswithcauses.org). Many of these organizations will clean your hard drive to prevent identity theft, and you can write off the donation on your taxes!

Free Report: What Every Business Owner Must Know About Protecting and Preserving Their Critical Data!

If You Depend on Your Computer Network to Run Your Business, This is One Report You Don’t Want to Overlook!

This report will outline in plain, non-technical English common mistakes that many small business owners make with their computer network that cost them thousands in lost sales, productivity, and computer repair bills, as well as providing an easy, proven way to reduce or completely eliminate the financial expense and frustration of these oversights.

You’ll Discover:

• The single most expensive mistake most small business owners make when it comes to protecting their company data.

• The universal misconception business owners have about their computer networks, and how it can end up costing between $9,000 and $60,000 in damages.

• 6 Critical security measures every small business should have in place.

• How to greatly reduce – or even completely eliminate – frustrating crashes, slow performance, and other annoying computer problems.

Get Your Free Copy Now by e-mailing info@expertsmi.com.

 

How To Keep Hackers Away From Your Data

No one wants to have their network “hacked,” but what exactly can a hacker do? Plenty, and you are right to be afraid!

One common way for hackers to access your network is through spyware or viruses, which are malicious programs written to imbed themselves into your network to gather private information, steal financial data, access passwords, e-mail addresses, and spread themselves to other users.

But one of the most common ways for hackers to access your system is through e-mail, or spam e-mail to be more specific. Even if you have the latest anti-virus software installed, hackers are very clever at getting you to circumvent your anti-virus software through phishing e-mails.

Phishing is when a hacker sends you a legitimate looking e-mail from a trusted source — like PayPal, your bank, eBay, or any number of other legitimate business websites. These e-mails will tell you that your account is expired or will be closed if you don’t go to a designated website and update or verify your account information.

Although you may have seen these e-mails before, be very careful! Hackers are brilliant at making not only the e-mail seem legitimate, but also at making the website you go to look like the real thing.

If you fall prey to their scam, the site will gather your private information (usernames, passwords, accounts, etc.) and then use that to access your bank account or to charge your credit card.

To protect yourself, install a spam filter and NEVER open or respond to any e-mail requesting account verification. Instead, call the company. If it is a legitimate request, you can verify that with them over the phone.

Top Mistakes That Make You A Prime Target For Identity Theft

The numbers are staggering: according to the 2007 Identity Fraud Report, identity theft cost consumers and businesses a whopping $56.6 billion dollars.

Identity theft occurs when someone steals your name, Social Security number (SSN), bank account number, or credit card to open accounts, make purchases, or commit other fraudulent crimes.

The Methods They Use to Steal Your Identity
The methods identity thieves use include low tech strategies (like going through your trash can, also known as “dumpster diving”) to highly sophisticated phishing scams that include cloned PayPal or bank websites that trick you into giving your username, password, or account number.

Other ways include:

  • Stealing records from an employer or bribing an employee who has access to the records.
  • Hacking into the company’s employee records.
  • Stealing mail, such as bank account or credit card statements, tax documents, pre-approved credit cards, or new checks.
  • Abusing employer’s access to credit reports.

How Identity Theft Affects You
Once someone has stolen your identity, they can use your credit cards or bank account to purchase expensive consumer goods like computers and electronics that can easily be resold for cash.

They can also open and charge up new credit cards, which can be a real mess to straighten out with vendors and credit reporting agencies.

Other criminal activities include taking out auto loans in your name, opening a new phone or wireless service in your name, or writing counterfeit checks to drain your bank account. Some have even used it to file for bankruptcy to avoid paying debts they’ve incurred.

How to Protect Yourself and Your Employees
Never give your personal information, Social Security number, credit card number, or bank account numbers over the phone or online unless you know for certain you are dealing with a legitimate company.

Make sure your employees are given an AUP (acceptable use policy) that educates them on the dangers of phishing scams and spam e-mails designed to either trick you into giving your information or installing a virus that secretly steals the information stored on your PC without your knowledge.

You can recognize a secure website, as it has an https:// at the beginning of the web address (regular web sites only have http: and no “s”) at the top of the page on which you are submitting your information.

It also must have a picture of a lock in the bottom right corner of the page. If you don’t see both of these measures in place, do not submit your information.

And even if you DO see this, use a credit card instead of a debit card or pay by check option because you’ll get security protection from your card’s issuer.

Visa, MasterCard and American Express all have a zero liability policy. If you notify the bank of unauthorized trans-actions, you pay nothing.

Shred all medical bills, financial statements, credit card applications, tax statements, or any other mail that contains confidential information about you before you throw them into the trash.

Never open e-mails or attachments from e-mail addresses you are unfamiliar with, and NEVER respond to e-mails that ask you to verify your account information because your account is being closed, suspended, or charged.

If you want to verify this, call the bank or the company to see if it was a legitimate e-mail.

Signs That You’ve Fallen Victim to Identity Theft  
If you see any unexplained charges or withdrawals from your bank accounts, if you receive credit cards that you did not apply for, or if you start receiving bills or collection letters for items you have not purchased, someone may have stolen your identity.

Always follow up with the business or institution to find out exactly what is causing the situation as quickly as possible. The faster you act on identity theft, the easier it will be for you to clear your name.

Critical Bugs Plague Quickbooks Online Edition

The federal government’s cyberdefense arm has warned users of the popular QuickBooks small-business accounting software that they risk losing data and control of their PCs to hackers.

According to two advisories published by the U.S. Computer Emergency Readiness Team (US-CERT), the ActiveX control that enables Intuit Inc.’s QuickBooks

Online Edition contains flaws that attackers can exploit simply by getting users to view an HTML e-mail message or visit a malicious website.

Of the two bugs discovered and reported by US-CERT, the one spelled out here is the most dangerous. Not only could attackers seed a vulnerable Windows PC with malware, US-CERT, but “an attacker can also retrieve files from a victim’s PC.”

Copenhagen-based vulnerability tracker Secunia ApS ranked the vulnerabilities “highly critical,” its second-most serious threat rating.

QuickBooks Online Edition is a Web-based subset of the traditional on-disk software, and it uses a subscription pricing model that starts at $19.95 per month.

According to US-CERT, Version 9, and possibly those prior to that, contain the ActiveX vulnerabilities. US-CERT recommended that users update to Version 10 as soon as possible or, failing that, set the so-called “kill bit” to disable the control.

Doing that, however, means that users won’t be able to access QuickBooks Online through Microsoft’s Internet Explorer, the only browser supported by the service.

Intuit’s support site showed no mention of the bugs today. Ironically, one of the documents in the Online Edition’s support database, entitled “What is the ActiveX control for, and is it safe?” answers: “The short answer is yes, our control is safe.”

ActiveX vulnerabilities in non-Microsoft products are nothing new, of course. Just over a month ago, for example, a critical ActiveX flaw was spotted in Yahoo Widgets, a development platform that runs small, Web-based, gadget-like applications on Windows desktops.

Researcher: Don’t Trust Google Toolbar

Makers of some of the most popular extension software used by the Firefox browser are not doing enough to secure their software, a security researcher said Wednesday. The problem is that many widely used Firefox extensions, including toolbars from Google, Yahoo, and AOL, do not use secure connections to update themselves, according to Christopher Soghoian, a security researcher.

The Indiana University doctoral student discovered the Firefox issue last month while examining network traffic on his computer. He noticed that many of the most popular Firefox extensions are not hosted on servers that use the very secure SSL Web protocol.

Although the corporation behind Firefox, Mozilla, hosts the majority of Firefox extensions on its own SSL-enabled Web site, it is common for commercial extension-makers such as Google to host their software on an unsecured site, Soghoian said in an interview.

This leaves users vulnerable to a “man-in-the middle” attack, where Firefox could be tricked into downloading malicious software from a site it mistakenly thought was hosting an extension.

It wouldn’t be easy for an attacker to pull this off, however. In one scenario, the hacker would set up a malicious wireless access point in a public area where people are using wireless connections. He could then redirect extension update traffic to a malicious computer. “An attacker who sets up a wireless access point can then infect anyone who connects to it,” Soghoian said.

Data Security And Theft Top IT Concerns For 2006, Continuing Into 2007

The number of personal records exposed in data security breaches surpassed 100 million this year.

So says the Privacy Rights Clearinghouse, which has been keeping count ever since a high-profile data leak at information broker ChoicePoint in early 2005. It keeps track of thefts and losses of gear such as laptops, storage tapes and drives, as well as of hacking incidents and insiders who leak data.

The count climbed throughout 2006: Boeing, the Department of Veterans Affairs, Hewlett-Packard, McAfee, the University of California, and many others made headlines as a result of breaches.

Most incidents come to light because of laws requiring public notification of data loss in cases where data is unencrypted. In response, security companies are increasingly pitching encryption products for secure storage–for example, Seagate Technology is building it into its drives. Microsoft is also getting into the game: business versions of Windows Vista have a full-disk encryption feature called BitLocker.

But encryption technology still lacks usability, a panel of industry experts said at an event celebrating the 30-year anniversary of cryptography.

Meanwhile, banks and credit agencies are hawking credit-monitoring services. In September, researchers named several banks as a consumer’s best bet in terms of offering protection against identity theft.

Breaches are only one way people’s identities can be compromised. Phishing scams are getting more widespread, and fraudsters are getting trickier in their attempts to con Internet users. People with high incomes attract more phishing e-mails and lose more money to them than other Internet users, according to a November Gartner report.

Scammers are helped by an apparent influx of cross-site-scripting bugs. These Web security flaws could let attackers craft a URL that looks like it points to a trusted site, but serves up content from a third, potentially malicious site. This year, this type of bug was found in many popular Web sites and in Google’s search appliances.

Phishing shields are now common. Microsoft has built one into its latest browser, IE 7, and Mozilla offers a similar feature in Firefox 2.

Alternative approaches to combat phishing include a new DNS service, OpenDNS, whose free address-lookup service blocks phishing sites and other threats.

Yahoo added an antiphishing feature to its site that displays a custom image on the log-in screen to verify that it is indeed a Yahoo page.

But if confidential data isn’t exposed through data breaches or pilfered through a phishing scam, there’s still malicious software. Criminals are crafting more-targeted Trojan horse attacks that seek to sneak onto PCs through zero-day flaws, experts have warned. In addition, some malicious software is now designed to let cybercrooks surf into online banks with you to steal your money.

You could also be exposed while on the go. Privacy watchers warn that people carrying passports equipped with radio chips could have the information in the document read from a distance. The solution: keep the passport closed and in a foil bag.
— from CNET News Service