Wednesday, August 28, 2013



I caught a link to the "Symantec May/June Intelligence" white paper and thought I'd read it here and there when I had time and then let you know if there were any HUGE threats in cyberspace. It starts off with a summary by Ben Nahorney who said mobile (cell phone) threats weren't as bad this year as they were at the same type last year, and the Spam rate had dropped to 67% (from 71.9% in the first quarter of this year). I feel like I'm writing about employment vs. unemployment percentages for some reason, but let's continue past the summary.

This is where the numbers get a bit scary: The number of identities (like yours or mine) exposed so far this year were 77,996,740, and that's a lot of people folks. Bot-zombie computers dropped from over 300 thousand to a mere 162 thousand in May.

Mobile malware variants (a variation of malware already out-and-about) dropped from 748 in March to 312 in May. It goes without saying [ed. - yet I'll say it] that the majority of these were Android based. And just to prove I really didn't know there was one, here is an excerpt:

May 24  "A highly respected media organization became the latest high
profile hacking victim of the Syrian Electronic Army (SEA). The
SEA has been targeting the websites and social media accounts
of well-regarded news organizations"

Regarding the number of identities breached, they had a simple chart that confirms that a picture (or chart) is worth a thousand words.

As well, another nifty chart regarding data breaches -

How many times have we heard of some big company or government employee losing a laptop?
I've been asked a lot about where the Malware comes from, but occasionally I'm asked about "SPAM". "Where does all of this stuff come from?" customers ask. See chart below.

I'll let those tired eyes of yours get back to a baseball stats to check on the Red Sox,

'Nuff Said

Tuesday, August 27, 2013



Microsoft has said that the 8.1 update is ready for RTM (release to manufacturers) even though it isn't finished, and may not until it's close to be ready for Windows 8 users to download [ed. - which was previously set for October 17th]. Unlike previous releases IT professionals and developers will not get access to 8.1 two weeks prior to it's release as they have had in the past. It seems like Windows 8 and now 8.1 has a perpetual cloud hovering over them.

From what I've read, Windows 8 users will get a "Start" button, but it will lead to the Metro interface rather than the typical Start/programs/show all programs and other features not available in Windows 8. That was several months ago, so it's possible this may have changed - we'll have to see.


About a week ago I read a serious (with some dark humor) article written by Gregg Keizer, entitled XP-Z with story content relating to Microsoft pitching Windows XP users off the cliff next March/April. He wrote:

"Call them the "walking dead" of vulnerabilities. Call it XP Z -- "Z" for zombies."

You can find the article HERE. While the reference to zombies was funny to me, the lack of further security patches or even one last Service Pack will make some people abandon XP for whatever is available, while other will take their chances. Perhaps some users should hedge their bets by purchasing Windows 7 now, before they stop selling it, then find a computer to put it on. Or you can keep reading further down the Blog...


Apparently the New York Times was hacked recently, by what some have called the "Syrian Electronic Army" (I didn't know there was one, did you?). You can read all about the exciting news from the article, HERE.


I'm sure you heard a lot about the NSA and other agencies snooping in on our phone calls, emails etc. and how many companies like Google and others are coming clean with information about this issue. Well Facebook said they had approximately 25,000 requests from the Government in just the first half of this year. Once again, whatever you post online will stay there forever, so watch those P's and Q's...

SPEAKING OF: Gregg Keizer

Well, I was several paragraphs ago, he has another article about XP and Microsoft, stating that Microsoft will continue to make patches for XP after the spring 2014 deadline - but it will be a pay-for-patch operation. On one hand they want XP to go away, yet on the other hand Microsoft will milk XP users for all $$$ they can. This article can be found HERE.

That's it for today -

'Nuff Said,

Thursday, August 15, 2013



Stats of late show that Windows 8 has a very small market share (under 4% I believe), while Windows 7 is growing and currently at-or-about 17%, and the bane of Microsoft's existence has been Windows XP, which I think is still used on 40% of the computers in the world. They've tried this, they've tried that, but Microsoft can't seem to kill it off.

In the first quarter of next year (March?) all support for XP ends. That means no security patches for I.E.8 or the OS itself. This has been known for awhile.

As of late I've been reading about how XP computers will be a "Hackers Haven" after the support ends because they can they attack a variety of exploits that will remain unpatched [ed. - are you still with me?].

So if the "stats" remain about the same what could Microsoft do? Easy. Just before the support ends they can push down the last security patches that XP will ever see, adding so many holes in the OS that users will leap to the next OS like rats jumping off a burning ship as their computers continue to be infected. The end result: 0% XP computers and Microsoft is suddenly selling the latest OS like hotcakes.

Creepy thought...

'Nuff Said,

Wednesday, August 14, 2013



I've said it before and I'll say it again: "There are way too many Android Apps filled with Malware". The creature among us would be the innocent Android app with malware, or the potential backdoor for malware to enter. When you get an App for free, or nearly free, there are advertisements within it so that the App maker can make some money, and there's nothing wrong with this unless the App was designed with malware intent, or, had a way for malware to infect your phone or tablet.

Just recently (August 12th) Wade Williamson wrote an interesting article for the Paloalto Research Center Blog entitled: "Mobile Devices = New Malware and New Vectors". Two excerpts:

"Mobile applications are heavily dependent on ad revenues to make money for the developer. However, mobile ads work a bit differently than the ads you encounter on a web-page, which are simply delivered from a web-server to your browser. Instead, the mobile application needs to reach out to the Internet and pull the correct ad in order to get paid. To do this the application developer must typically install an SDK or some piece of software for the ad network into the mobile application itself.

This embedded software hook ensures the right content gets served to the application, the ads get tracked, and the app developer ultimately gets paid. The problem is that this hook is a bit of an intentional backdoor into the mobile application and device, and not all mobile ad networks are as reputable as AdMob. So if the mobile ad network turns malicious, then a completely benign application could begin bringing down malicious content to the device. What you have at that point is a ready-made botnet. The only difference is the ad network converts from pushing benign approved content to malicious content – the architecture is the same."

Please read his complete article HERE.

'Nuff Said,

Sunday, August 11, 2013



Most people by now have been using a wireless network in their home for years now, and wi-fi networks continue to grow each year as manufacturers continue to make new devices that require it.

10 years ago there weren't devices to stream movies from the Internet, like Roku wireless receivers - nor were there services like Netflix around for streaming them. Netflix was there, but strictly by mail. So if you're setting up a wireless network you are either:
  • Replacing an old wireless router that died
  • Have always used a desktop, but now you have and iPad or Kindle and would like wireless Internet access
  • Have just purchased wireless blu-ray players and want to stream movies from places like Netflix or Amazon, or,
  • Moved to a larger home and your old wireless router won't cover the new square footage coverage, or,
  • Have just awoke from a long 15 year sleep and your trying to catch up with technology (I know who you are. I've seen your ad on Craigslist -"For sale: Packard Bell computer running Windows 98, complete with Epson dot matrix printer")
If you are replacing an older wireless router that has just died, or doesn't seem to make the distance any longer you are probably replacing the router below, one of the most popular wireless routers of it's time.

Linksys WRT54G

While many old routers are still working today they lack advancements in wireless security. Your wireless router may work perfectly fine for you - but you, and your data may not be as secure as it should be.

From this point on, I'll simply refer to these as routers. There is a difference between a "Router" and a "Wireless Router", with wireless being that difference. Typically on the front of your router you have a series of lights, and a WiFi icon which usually lights up once it is configured.  The other lights will tell you if you have a connection to your modem, and the rest will only light up when you connect a network device with a network cable. If one or more of those lights are off it either means nothing is plugged into that port on the back, or, the network device is turned "OFF".


This rear view of a still-in-production Netgear router is fairly easy to figure out, especially with the supplied chart that comes in the box with it. From the left we have a on-off button, a jack for the power supply, 4 RJ-45 network cables jacks, spaced farther away is a yellow RJ-45 network cable jack, and finally a USB port. The antennas are internal.

The yellow jack is what you connect the cable from from your Internet providers modem (Comcast, Windstream, etc.) to. Any network device close enough can plug into the 4 other jacks. If you're wondering about that USB port, wonder no longer. It's a relatively new feature that allows you to attach an external hard drive to it so that any data on it can be shared with everyone in the house. This comes in really handy for photos and music. 

You can also plug in a USB printer and make it available to everyone as well, although wireless printers are so inexpensive these days it's almost a waste of a USB port. I mentioned an external hard drive above, but it can also be one of those pocket flash drives as well.


Back to security. If you were to purchase a router today you would have several security options: WEP (oldest, and easier to hack), WPA,WPA2-Personal, and possibly WPA2-Enterprise. The most frequent choice is WPA2-Personal, with a choice of AES ( Advanced Encryption Standard ), TKIP ( Temporal Key Integrity Protocol or TKIP ), or both. I suggest both.

If you have some older wireless devices around the house you may find that they won't work on anything but WEP. On several occasions I've run into issues where the customer just got a "Nook" wireless book reader as a gift and their connection to the Internet kept dropping. It turned out (after exploring many different possible solutions) that it worked fine on WEP and only WEP. After explaining the security possibilities to them, they chose WEP so they could use that device. 

Many times a person may not feel comfortable setting up a wireless router, so they will call in "Uncle Bob" to configure it. If Uncle Bob is not available they may use the EZ-Install cd that came in the box. The ez-install cd will accomplish what you want - it will get your wireless devices on the Internet, but most do not suggest or tell you to change the SSID (name of the router), as well as the admin password to make adjustments via your web browser. Next to choosing "no security", these are two of the most important things you should do. Why?

Let's start with the SSID. Most SSID's are named after the brand of router you just bought, so if someone in your area clicked chose to see what other wireless connections were available and you hadn't changed it they would see "D-Link", "Netgear", "Linksys", etc. and to a hacker, half of the battle is already won - they know the brand of your router (some SSID's even have the model number as well) and the hacker can Google for the default admin login and password for that router.

That's where changing the admin password comes in. If you've changed it, they can't waltz in and either lock you out of your own network, or more likely, get your wireless password so they can use your Internet connection without you knowing it. This could have serious repercussions for you and your family if the hacker downloads music or movies illegally via your router. If they've done a lot of downloading then it's possible you'll get a warning letter from your ISP, or even worse, a visit along with a subpoena to take your equipment for evidence, and have their forensic team go through each device with special utilities, looking for the files, or deleted files.

It may not have been you, or anyone in your family that did this, but the trail leads them to your ISP, then to your modems IP address, and that's all they need. So if the ez-install cd doesn't prompt you for this you'll either have to try and do it yourself by going into the wireless router via your web browser, or call in someone with the expertise who knows how to secure your router effectively. Oh, one last thing regarding changing the name/SSID of the router; try to refrain from using your first or last names. If it's someone in the neighborhood and they see "The Smith's, or Andersons", they'll know who they're dealing with. Now that I've thrown that log into the fire, I'll end PART ONE on this topic -

'Nuff Said

Thursday, August 8, 2013



I know I've touched on this subject on this blog or another, but increasingly people are getting phone calls from "Microsoft Security", "Microsoft Software Validation Team", "Your Anti-Virus Support Team", and who knows what other aliases they use.

Usually they sound like they are in India, and in many cases the connection is fair-to-poor which helps the person they are calling feel like it's more legit. They will try to convince you that either you have been infected by a terrible virus, or that your computer shows up in their database as having fake Microsoft software, or Operating System and request a remote login to either verify the validity of the software, or to remove the terrible virus. They are very convincing.

Some people just hang up on them, others string them along - then hang up, but others get caught in their web and give them remote access to their computer. The computer owner can see screens open and close, sometimes in CMD (command prompt mode) and figure these guys are really helping them out, until the call ends, the computer reboots, and their hard drive is blank.

Data like passwords, logins, where you bank, etc. have been uploaded, and by erasing the drives, they have covered their tracks. Besides the login/password issues, they have lost all of their photos, music, and other data files. If they didn't backup their system - it's all lost. If they use a backup system like Carbonite then they just have to concentrate on changing login names, passwords, and in extreme cases, bank account numbers.


So as a reminder, should you get one of these phone calls - Hang Up on them. Not only are the end users affected by this, but the Tech who has to handle the call (me), can feel their pain as well.

'Nuff Said,