Update on Internet Explorer XPocalypse

The Internet Explorer vulnerability being called XPocalypse is being patched by Microsoft even for XP.  The attack that appears to rely on having Adobe Flash Player installed exploits IE 9, 10 and 11, but Microsoft warns the underlying vulnerability is in all versions on IE. Originally, Microsoft was not intending to patch XP but has included it in the update. This is good news for XP users.  You get a little more life from your operating system and protection from XPocalypse. The update went live, May 1, at 10 PDT. If you are like most people, you have automatic updates turned on, and you'll get this new update without having to do anything.  If you haven't turned it on automatic updates yet, you should do so now.  Click the "Check for Updates" button on the Windows Update portion of your Control Panel to get this going. Read the Microsoft Blog post here.   … [Read more...]

Update on Heartbleed

On April 1, 2014, Google security notified the OpenSSL team of the bug later called Heartbleed.  The choice of April Fools Day seems curious with Google's fondness for pranks, but the risk is real.  OpenSSL is the open source project for Secure Sockets Layer (SSL) that establishes links between Web browsers and servers. If you think this is esoteric, your are not alone.  In fact, a majority of Internet users did not change their passwords despite the warnings. Even with the vulnerability, it is complicated to exploit someone in the real world.  If you are concerned, change your passwords and avoid unfamiliar domains. Symantec has additional information and guidance here. … [Read more...]

Update on CryptoLocker Attacks

CryptoLocker and its variations is one of the worst infections seen. It changes how we think about backup and protecting computer systems. Since CryptoLocker attacks network attached drives even in the Cloud, we have to focus on a backup plan that provides a point-in-time restoration rather than a revision restoration. Additionally, even though the virus itself is easy to remove, we have to focus on early detection. Below are our additional safeguards that we suggest adding to your computer system. Point-in-time restoration: Since this threat can encrypt any files that are shared even those in the Cloud or on a server, an offline backup is essential.  Since most backups today are disk-to-disk, we suggest rotating disk backups between two or three devices. This means getting an additional NAS or USB drive to swap out at least twice a week. We already recommend a three-tiered backup … [Read more...]

The Internet is the Wild, Wild West…

… and there ain’t no Sheriff in town! Just like the western frontier, the Internet is a place where opportunity abounds, but it is not without danger.  If you understand risk, manage uncertainly and protect yourself from diabolical people, the Internet is a magical place. When online, a good rule to follow is “when in doubt – don’t.” Two main problems with the Internet are that 1) there are more scammers than can be counted and 2) it is hard, sometimes impossible, to determine authenticity. In the Wild, Wild West if some cowboy came riding up to you, you’d better be a quicker shot or have a trusted friend covering your back.  You could never take any chances because there were all kinds of hoodlums out there, alone or in gangs, that were trying to separate you from your property.  And if you had established your homestead (website, email address), you’d have even more to worry … [Read more...]

Your Package Has Been Returned and Your SSL Certificate is Suspended!

We have a very good Spam filter, but still every now and then a phishing email will slip through.  My business email is easy to find so I get  a wide assortment of unsolicited emails. This week I received a deviation on a scam that has been around for years - your package was returned and click this link to get it.  I also received one that my LogMein SSL Certificate had been suspended - click here to fix. Of course, the links are malicious and at least, would come with some irritating pop-ups and at worse, steal your identity, seize your system and ruin your computer. These exploits are designed to cause an immediate emotional response that will make you click before your think.  Because if you look closer, the fraud is apparent.  The mail and parcel carriers do not typically use email for package routing information although some will let you elect mobile or email notification.  The … [Read more...]