TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

Security

Hackers Are Now Targeting Macintosh Computers

Until recently, MacIntosh computer users have long enjoyed relative freedom from hacker attacks; however, Symantec says online criminals are now setting their sites on Mac users.

Online porn hunters are the latest target. Visitors to porn sites are led to believe they can download a free video player when in fact they are installing malicious code onto their Macs.

Once the users authorize the transaction, the hackers can redirect the users future browsing to fraudulent web sites and possibly steal the user’s information or passwords.

Sometimes they simply send ads for other pornographic websites. This results in thousands of dollars in income for the criminals.

While common thinking is that Macs are essentially more secure than PCs, security experts argue differently. They believe Macs are no more secure than PCs, and that the relatively low number of viruses, exploits and other cyber attacks directed at Mac users is due to Apple’s relatively small share of the computer market.

With that said, the fact remains that for every single attack on a Mac, there are at least 100 attacks on Windows-based systems.

Safely Dispose Of Old Computers

Protect The Environment & Your Personal Information

With the new year upon us, many of you may have upgraded your old PCs for shiny new ones. So what should you do about that old PC left over?

Whatever you do, don’t just throw it into a dumpster! Not only is it an environmental hazard you could be fined for, but you also don’t want complete strangers getting access to your old files, passwords, financial information, and e-mails.

First, keep your old PC around for a few months until you are absolutely certain that you transferred all of the files and programs you needed to your new PC.

Next, you need to make sure the hard drive is wiped clean of any data you had stored on it — and simply deleting the files is not enough. We recommend you seek professional help in clearing the hard drive from any old PCs you are disposing of.

Finally, you may consider donating your old PCs to a charity such as Youth for Technology (www.youthfortechnology.org) or Computers With Causes (www.computerswithcauses.org). Many of these organizations will clean your hard drive to prevent identity theft, and you can write off the donation on your taxes!

Almost All Windows Computers Missing Patches

Survey By Security Company Reveals 95% Of Computers Need Updating

Nearly all Windows computers are likely running at least one unpatched application and about four out of every ten contain 11 or more vulnerable-to-attack programs, a study by an Internet and network vulnerability tracking company revealed.

According to Secunia ASP, more than 95% of the PCs that have downloaded and installed its Personal Software Inspector (PSI) utility sport one or more application for which security fixes are available.

Secunia tracked the first PSI scan after its installation to get an idea of patch status before users start to update their machines, which can also be done through the utility.

Out of about 20,00 machines; 95.46% of them have an unpatched application on their hard drive. “There is a newer version available form the vendor that corrects one or more vulnerabilities,” said Jakob Balle, Secunia’s development manager. “But the users have yet to install the secure version.”

Some of the other statics cited by Balle were just as damning: 41.94% of the machines scanned by PSI have 11 or more vulnerable applications; and more than two-thirds, or 67.63%, of the PCs have 6 or more unpatched programs.

“Close to all computers are running with several insecure application installed,” Balle pointed out.

And the picture is probably even darker than the one he painted. “These results should be considered ‘best case’ scenarios; The real numbers are likely to be worse,” he said, citing the self-selected group that the data represents.

“The users of the Secunia PSI are most likely more vigilant and security minded/conscious than your ‘average’ user.”

Secunia released the free patch detection utility a year ago, but shifted it to Release Candidate 1 (RC1) stage earlier this month. The Copenhagen based company claims nearly 191,000 users have downloaded and run the program.

PSI runs on Windows 2000, XP, Vista, and Server 2003, and can be downloaded from the Secunia site, at https://psi.secunia.com/.

 

Free Report: What Every Business Owner Must Know About Protecting and Preserving Their Critical Data!

If You Depend on Your Computer Network to Run Your Business, This is One Report You Don’t Want to Overlook!

This report will outline in plain, non-technical English common mistakes that many small business owners make with their computer network that cost them thousands in lost sales, productivity, and computer repair bills, as well as providing an easy, proven way to reduce or completely eliminate the financial expense and frustration of these oversights.

You’ll Discover:

• The single most expensive mistake most small business owners make when it comes to protecting their company data.

• The universal misconception business owners have about their computer networks, and how it can end up costing between $9,000 and $60,000 in damages.

• 6 Critical security measures every small business should have in place.

• How to greatly reduce – or even completely eliminate – frustrating crashes, slow performance, and other annoying computer problems.

Get Your Free Copy Now by e-mailing info@expertsmi.com.

 

How To Keep Hackers Away From Your Data

No one wants to have their network “hacked,” but what exactly can a hacker do? Plenty, and you are right to be afraid!

One common way for hackers to access your network is through spyware or viruses, which are malicious programs written to imbed themselves into your network to gather private information, steal financial data, access passwords, e-mail addresses, and spread themselves to other users.

But one of the most common ways for hackers to access your system is through e-mail, or spam e-mail to be more specific. Even if you have the latest anti-virus software installed, hackers are very clever at getting you to circumvent your anti-virus software through phishing e-mails.

Phishing is when a hacker sends you a legitimate looking e-mail from a trusted source — like PayPal, your bank, eBay, or any number of other legitimate business websites. These e-mails will tell you that your account is expired or will be closed if you don’t go to a designated website and update or verify your account information.

Although you may have seen these e-mails before, be very careful! Hackers are brilliant at making not only the e-mail seem legitimate, but also at making the website you go to look like the real thing.

If you fall prey to their scam, the site will gather your private information (usernames, passwords, accounts, etc.) and then use that to access your bank account or to charge your credit card.

To protect yourself, install a spam filter and NEVER open or respond to any e-mail requesting account verification. Instead, call the company. If it is a legitimate request, you can verify that with them over the phone.

Top Mistakes That Make You A Prime Target For Identity Theft

The numbers are staggering: according to the 2007 Identity Fraud Report, identity theft cost consumers and businesses a whopping $56.6 billion dollars.

Identity theft occurs when someone steals your name, Social Security number (SSN), bank account number, or credit card to open accounts, make purchases, or commit other fraudulent crimes.

The Methods They Use to Steal Your Identity
The methods identity thieves use include low tech strategies (like going through your trash can, also known as “dumpster diving”) to highly sophisticated phishing scams that include cloned PayPal or bank websites that trick you into giving your username, password, or account number.

Other ways include:

  • Stealing records from an employer or bribing an employee who has access to the records.
  • Hacking into the company’s employee records.
  • Stealing mail, such as bank account or credit card statements, tax documents, pre-approved credit cards, or new checks.
  • Abusing employer’s access to credit reports.

How Identity Theft Affects You
Once someone has stolen your identity, they can use your credit cards or bank account to purchase expensive consumer goods like computers and electronics that can easily be resold for cash.

They can also open and charge up new credit cards, which can be a real mess to straighten out with vendors and credit reporting agencies.

Other criminal activities include taking out auto loans in your name, opening a new phone or wireless service in your name, or writing counterfeit checks to drain your bank account. Some have even used it to file for bankruptcy to avoid paying debts they’ve incurred.

How to Protect Yourself and Your Employees
Never give your personal information, Social Security number, credit card number, or bank account numbers over the phone or online unless you know for certain you are dealing with a legitimate company.

Make sure your employees are given an AUP (acceptable use policy) that educates them on the dangers of phishing scams and spam e-mails designed to either trick you into giving your information or installing a virus that secretly steals the information stored on your PC without your knowledge.

You can recognize a secure website, as it has an https:// at the beginning of the web address (regular web sites only have http: and no “s”) at the top of the page on which you are submitting your information.

It also must have a picture of a lock in the bottom right corner of the page. If you don’t see both of these measures in place, do not submit your information.

And even if you DO see this, use a credit card instead of a debit card or pay by check option because you’ll get security protection from your card’s issuer.

Visa, MasterCard and American Express all have a zero liability policy. If you notify the bank of unauthorized trans-actions, you pay nothing.

Shred all medical bills, financial statements, credit card applications, tax statements, or any other mail that contains confidential information about you before you throw them into the trash.

Never open e-mails or attachments from e-mail addresses you are unfamiliar with, and NEVER respond to e-mails that ask you to verify your account information because your account is being closed, suspended, or charged.

If you want to verify this, call the bank or the company to see if it was a legitimate e-mail.

Signs That You’ve Fallen Victim to Identity Theft  
If you see any unexplained charges or withdrawals from your bank accounts, if you receive credit cards that you did not apply for, or if you start receiving bills or collection letters for items you have not purchased, someone may have stolen your identity.

Always follow up with the business or institution to find out exactly what is causing the situation as quickly as possible. The faster you act on identity theft, the easier it will be for you to clear your name.

Important Security Alert For Anyone Using Instant Messaging In The Workplace

According to the Radicati Group, 85% of businesses—both large and small— are now using instant messaging (IM) as a communication tool.

Unfortunately, hackers are rapidly developing ways to use IM to spread viruses and gain access to computers and networks.

Instant-messaging security vendors FaceTime Communications and IMlogic Inc. have both reported an exceptionally high spike in attacks over recent months.

IM attacks work similar to e-mail viruses; the sender tries to get the user to click on a link that takes them to a website where they’ll be infected with a virus, or it tries to get the user to download a file.

Many of these attacks appear to be from legitimate sources or people on a “buddy” list.

Just recently, FaceTime discovered a threat on AOL’s instant messenger system.  They quickly contacted AOL but tens of thousands of computers had already been infected with a peer-to-peer file sharing program called BitTorrent.

Hackers then used this program to upload movies to the victim’s hard drive and use their computer as a vehicle for sharing it with others.

These attacks are also getting more complex. Savvy IM users will often reply to an IM and ask their buddy if the link or file sent was safe.

However, hackers have now developed an intelligent bot that will actually automatically respond to the message confirming the file or link is safe. One bot actually had 6 different responses depending on the question that was asked by the user.

Just like viruses, worms, and other security threats, businesses need to put measures in place to protect themselves from these new threats.

The first step is educating your employees about these threats through your employee’s acceptable user policy. However, since there is always a chance someone will click on a link or download a file, education is not enough.

If you currently use IM, we urge you to contact our office at (734) 457-5000 so we can discuss  installing the proper software and security measures to make sure you don’t fall victim to these growing attacks.

Critical Bugs Plague Quickbooks Online Edition

The federal government’s cyberdefense arm has warned users of the popular QuickBooks small-business accounting software that they risk losing data and control of their PCs to hackers.

According to two advisories published by the U.S. Computer Emergency Readiness Team (US-CERT), the ActiveX control that enables Intuit Inc.’s QuickBooks

Online Edition contains flaws that attackers can exploit simply by getting users to view an HTML e-mail message or visit a malicious website.

Of the two bugs discovered and reported by US-CERT, the one spelled out here is the most dangerous. Not only could attackers seed a vulnerable Windows PC with malware, US-CERT, but “an attacker can also retrieve files from a victim’s PC.”

Copenhagen-based vulnerability tracker Secunia ApS ranked the vulnerabilities “highly critical,” its second-most serious threat rating.

QuickBooks Online Edition is a Web-based subset of the traditional on-disk software, and it uses a subscription pricing model that starts at $19.95 per month.

According to US-CERT, Version 9, and possibly those prior to that, contain the ActiveX vulnerabilities. US-CERT recommended that users update to Version 10 as soon as possible or, failing that, set the so-called “kill bit” to disable the control.

Doing that, however, means that users won’t be able to access QuickBooks Online through Microsoft’s Internet Explorer, the only browser supported by the service.

Intuit’s support site showed no mention of the bugs today. Ironically, one of the documents in the Online Edition’s support database, entitled “What is the ActiveX control for, and is it safe?” answers: “The short answer is yes, our control is safe.”

ActiveX vulnerabilities in non-Microsoft products are nothing new, of course. Just over a month ago, for example, a critical ActiveX flaw was spotted in Yahoo Widgets, a development platform that runs small, Web-based, gadget-like applications on Windows desktops.

Net Security Purr-Fected: Pictures Of Kittens Are The Unlikely New Weapon Against Online Fraud And Spam

There’s a new way to combat internet fraud, prevent spam and keep online shopping secure. But your first impressions may be that it’s not exactly high tech. It takes the form of a simple question: From a gallery of fluffy-animal snaps, can you tell which are cats and which are dogs?

Your answer is enough to find out whether you are human or an automated spam program, designed to send unwanted email.

The dog/cat question is the latest example of a security device called a Captcha, a simple puzzle that usually takes the form of a string of distorted letters and numbers.

Captcha stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart.

The idea behind a Captcha is that users have to perform a task that is simple for a human but incredibly difficult for a computer. Distorting random letters and numbers makes them confusing to a computer but readable to the human eye.

Regular web users will be familiar with Captchas, as they are ubiquitous on shopping, email and networking sites; during initial registration and sometimes log-in, Captchas are used as an additional gateway to passwords.

Although a number of computer researchers have claimed that they invented the Captcha, it’s generally acknowledged that Carnegie Mellon University led the charge after being asked by Yahoo in 2000 to create a security tool to stop spammers using computer programs to set email accounts and then use these accounts to send millions of spam messages.

According to Luis von Ahn, a member of the original Carnegie Mellon team, “Captchas are still the best defence against many types of automated attacks, and I believe they will be used for the foreseeable future. The only ones that can be broken are the extremely primitive ones that use a constant font, and apply no distortion to the characters other than thin lines that are easy to remove automatically.”

But as programs are written that can read heavily distorted codes, the distortions become even more extreme. And as they do so, some of the Captchas are becoming too tricky for many humans to decipher at first attempt. More and more users are finding that they need two or three attempts before they can confirm their shopping orders or set up their new email account. So, creators of Captchas are exploring new avenues.

Von Ahn is the executive producer of a new project, Recaptcha.net, which uses old tomes to create new Captchas. While digitally scanning books to make them available online, character recognition software often fails to recognise a word, because of smudges or damaged paper. If von Ahn’s software can’t read it, he’s assuming that other computers will also struggle. “The words in my Captchas come directly from old books that were recently scanned, and we are using people’s answers to decipher what the words are.”

Picture recognition is an increasingly popular alternative. People are asked to look at a grid of images and pick the ones that have something in common – straightforward for humans but impossible for computers, as it’s difficult for computers to accurately classify images.

Pix Captcha (www.captcha.net), a Carnegie Mellon project, displays pictures of certain things – worms, babies and so on – and then asks people to select the corresponding noun from a drop-down menu.

Most altruistic is a Microsoft research project called Asirra (research.microsoft.com/asirra) – Animal Species Recognition for Restricting Access – that uses pictures of rescue-home dogs and cats from Petfinder.com. It asks you to click on the cats, rather than the shots of aardvarks, bears and dogs thrown in to baffle the computers.

It also helps find homes for domestic animals – each image has a tag reading “adopt me” on it.

Although still in the “beta” testing stage, Asirra has a database of over two million images with which it can create Captchas. It has the potential to change the way we stay secure online – and give animal lovers everywhere a dose of cuteness.

Adapted from The London Independent.

Researcher: Don’t Trust Google Toolbar

Makers of some of the most popular extension software used by the Firefox browser are not doing enough to secure their software, a security researcher said Wednesday. The problem is that many widely used Firefox extensions, including toolbars from Google, Yahoo, and AOL, do not use secure connections to update themselves, according to Christopher Soghoian, a security researcher.

The Indiana University doctoral student discovered the Firefox issue last month while examining network traffic on his computer. He noticed that many of the most popular Firefox extensions are not hosted on servers that use the very secure SSL Web protocol.

Although the corporation behind Firefox, Mozilla, hosts the majority of Firefox extensions on its own SSL-enabled Web site, it is common for commercial extension-makers such as Google to host their software on an unsecured site, Soghoian said in an interview.

This leaves users vulnerable to a “man-in-the middle” attack, where Firefox could be tricked into downloading malicious software from a site it mistakenly thought was hosting an extension.

It wouldn’t be easy for an attacker to pull this off, however. In one scenario, the hacker would set up a malicious wireless access point in a public area where people are using wireless connections. He could then redirect extension update traffic to a malicious computer. “An attacker who sets up a wireless access point can then infect anyone who connects to it,” Soghoian said.