Browsing articles in "Internet Security"

Understanding Zero-Day Vulnerability

Jan 16, 2015   //   by nick   //   Blog, Internet Security  //  No Comments

What is a Zero-Day Vulnerability?

A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.

In order for the vendor to rectify the vulnerability, the software company must release a patch. Often patches are released on a regular basis, one example being Microsoft’s Patch Tuesday. On the second Tuesday of each month, Microsoft releases security fixes that resolve identified holes. If however a critical vulnerability is discovered, a patch may be released outside of schedule.

Browsers are similarly vulnerable and it’s a good idea to keep your browser updated for added security as well as features. To check if any updates are available for your browser of choice, open the browser and click either “Help” or the browser name, depending on which browser you’re using. A quick online search will provide step-by-step instructions. Alternately, you could set up automatic updates, again, depending on browser. Here is an example of Google Chrome.

Update Google Chrome

To make sure that you’re protected by the latest security updates, Google Chrome can automatically update if it detects that a new version of the browser is available.

Keeping Chrome updated
Learn about what happens when Chrome updates to a new version.

Check for an update manually and see the current browser version

Click the Chrome menu Chrome menu on the browser toolbar and select About Google Chrome. The current version number is the series of numbers beneath the “Google Chrome” heading. Chrome will check for updates when you’re on this page. Click Relaunch to apply any available update.

When are updates available

Normally updates happen in the background when you close and reopen your browser. However, if you haven’t closed your browser in a while you might see the Chrome menu on the browser change colors to green Update Chrome, orange Sync error, or red . If you see green that means an update has been available for 2 days, orange – 4 days, and red – 7 or more days. To apply an available update, just follow the steps below.

  1. Click the Chrome menu on the browser toolbar.
  2. Select Update Google Chrome.
  3. In the confirmation dialog that appears, click Restart. The browser saves your opened tabs and windows and reopens them automatically when it restarts. If you’d prefer not to restart right away, click Not now. The next time you restart your browser, the update will automatically be applied.

Windows 8 users: Make sure to close all Chrome windows and tabs on the desktop and Windows 8 app, then relaunch Chrome to apply the update.

Zero day vulnerabilities can be serious security risks. When searching for an appropriate antivirus solution, look for security software that protects against both known and unknown threats.

Internet Searches Gone Bad

Oct 28, 2014   //   by nick   //   Blog, Internet Security  //  No Comments

Throughout the past 17 year years I have had the opportunity to troubleshoot thousands and thousands and thousands of computer problems. I have conquered computer network troubleshooting, virus cleaning, secure wireless networking, called credit card companies and stopped the auto charge on consumer credit cards for anti-virus and an array of other tasks. Recently I have seen a lot of online scams thriving. One of the things that bothers me the most is folks being scammed, and right in their own home.

Listen Closely: If an end-user wants to call Dell to troubleshoot issues on their computer they might go online and do a search for “Dell support phone number” and this is exactly where the problem starts. There are multiple utilities available to the scammers that enable them to see just how many searches were performed for certain keyword like “dell support” The scammers already know how many users type in Dell support on a monthly basis and they have managed to get their company names to the top of your internet search through paid advertisement. As an ordinary computer user you think that you have identified the 1-800 number for Dell but actually its an advertisement from a malicious company, many times they are overseas organizations. So then you go ahead and call the supposed Dell support number and bam,you get the these yokels. They will walk you through several different steps of troubleshooting and lead you to believe that you are in good hands and then at that moment they ask to remotely connect to your computer. Once they connect you sit back and watch them do their thing. Low and behold they find a problem and want to charge hundreds and hundreds of dollars to fix it for you, a problem that likely doesn’t exist or has been greatly exaggerated.

In one instance last week a client of mine right here in Wallingford, CT had a problem with their magic jack telephone system so they searched online and got the 1-800 number for magic jack support, or so they thought. The short of it is that they almost paid a kings ransom but they called me on their cell phone while they remained on the phone with “magic jack support”. I was in the area and had a few minutes so I paid them a quick visit. The so called magic jack support team had told the user that someone from a foreign country had hacked into their computer and that they could fix the problem for a few hundred dollars. The scammers were logged in and pulled up a command prompt, the black screen with white text. They ran a netstat command that shows the devices connected to your network, of course theirs was the one from a foreign country! The other thing that these low lifes did was type in the words ” zues virus detected… others are connected to this machines…) They were trying to scare these users into thinking all sorts of bad things. The fact in this case was that there was absolutely nothing wrong with their machine, they had a problem with their PHONES which is why they tried to call magic jack. They pulled the wrong number from their internet search and this is where it lead them.

The important points here are obvious. You need to pay very close attention to the output of your internet searches. Look at the website and make sure that you pull the phone number from the intended website. For instance if you wanted to call Dell then you should navigate to dell.com. From there you can drill down until you find the support options on their webpage. You can then be certain that you have the correct phone number. Be careful and if you have concerns call your local computer repair shop. Most if not all shops will be happy to advise you for free. Its not a big deal to take a 60 second phone call to help out one of our members of the community from the overseas scam shops looking to rip into your pockets.

2014: Best Anti-virus and Internet Security Software of the Year

Oct 27, 2014   //   by nick   //   Internet Security  //  No Comments

*2014: PCmag rated and voted Symantec Norton Internet Security as best in class*

It is essential to arm your computer with an aggressive and intelligent anti-virus software to protect and clean virus and malware threats to your computer and laptop in real time. Installing a good internet security software suite will not only protect you against that catastrophic malware/virus crash but will also keep your computer systems running well by stopping the spyware and ongoing automated cleaning of tracking devices. Very plainly put we fix computers and laptops seven days a week here at Mr Computer and do plenty of virus and malware removal. We very rarely see a computer come into the shop with Symantec on it that is suffering from viruses and trojans, we just don’t see them.

Norton by Symantec is one of the most used antivirus software suites and this popularity is not in vain. It is easy to install and update. It gives reports, daily scanning and excellent protection against malware.One of its best features is that rapidly disinfects computers that have already been attacked by a virus. We highly recommend Symantec products and we support them 100% with our extensive experience installing and configuring the software.
.

USA Today Reports Department of Homeland Security tells Americans to Avoid Internet Explorer

Apr 28, 2014   //   by nick   //   Internet Security  //  No Comments

In a report from USA today Americans are advised not to use Microsoft Internet Explorer until a fix is found for the newest malicious exploit. It appears that this newest security flaw allows malicious hackers to get around security protections in the Windows operating system. They then can be infected when visiting a compromised website.

This is more proof that Windows XP users really need to give up the outdated operating system and refresh their technology. The downfall for Win XP users is that they will not receive a security patch and will be completely vulnerable even with antivirus software. Microsoft pushes security patches on the first Tuesday of the month. It remains to be seen if Microsoft can patch this flaw by May 6th, we hope so.

Http://www.usatoday.com/story/tech/2014/04/28/internet-explorer-bug-homeland-security-clandestine-fox/8409857/

Feb 1, 2014   //   by nick   //   Internet Security  //  No Comments

On January 30th Yahoo announced that its mail has been the focus of a coordinated hack and that at this time it has confirmed a number of users e-mail accounts have been compromised – you may be one of them. It is not clear how many users have been compromised, or exactly how. Yahoo doesn’t have a history of providing much information but it would be prudent for any Yahoo mail users to take precautions. Between the vague statements about malicious code and “a third party was probably to blame” Yahoo has been resetting the credentials of affected users via e-mail and SMS if your mobile is on file. While details are scarce at this time this continues a trend of bad security and resilience news for Yahoo who experienced a multitude of issues in 2013. The company made clear in their announcement that a third party database with shared credentials was likely the source and that they had no evidence the usernames and passwords were taken directly form their systems. Whether the third party was one they provided data to, or whether it was a random third party with shared credentials is not particularly clear. There is insufficient detail to lay blame at this time, but certainly it would be prudent to take steps to secure yourself.

The best way for my neighbors here in Connecticut to protect against being hacked is to minimize your exposure by hardening your public profile. Changing your password on a monthly basis and creating one that has more than just numbers and letters but also include symbols, underscores and hyphens is the best method. Look for a follow up post from Mr. Computer on best practices for hardening your publicly used passwords.

Mr. Computer

Facebook

UA-31237446-1css.php