Threatpost has reported on a new zero-day vulnerability that is affecting the Oracle Java plugin used in all popular web browsers, and this time, all operating systems, including Apple’s OS X which is typically excluded from most security exploits. So far, the white hats are ahead of the game on this one, having detected and then demonstrated the hack to Oracle in a “proof of concept” as opposed to discovering malware in the wild exploiting the security hole. In case you missed it, Oracle experienced a similar situation not less than a month ago with Java 7, so it’s likely there are more holes waiting to be discovered.
What this means for you:
This is a fairly significant vulnerability according to the folks that discovered it, as it affects multiple version of Java, including the most recent version 7 release, and multiple operating systems. However, it does not appear to be widely exploited yet, giving Oracle time to patch it up before malware writers can disperse malware to take advantage of this hole. According to Oracle, Java is in use on billions of devices, so if they were to ignore this vulnerability, there could be serious repercussions. If Oracle drags its feet on releasing a patch, you may want to consider disabling the Java plugin in your browser, or uninstalling it altogether. Before you do that, make sure you don’t rely on Java for any critical business applications – you may be surprised to find out just how often you use Java without knowing it!
![Internet_Explorer_7_Logo[1].png](https://c2techs.net/wp-content/uploads/2012/09/Internet_Explorer_7_Logo[1]_0-460x260_c.png "Internet_Explorer_7_Logo[1].png")
In a rare, out-of-band release, Microsoft released an update on Sept 21 that patched the much bally-hooed vulnerability that affected all versions of its browser as far back as IE 6. This security flaw was significant enough to warrant the German government recommend to its citizens that they use another browser until MS could address the exploit, which it did on the 19th in a “fixit” tool downloadable via their website, and now in an MS Update that will be delivered automatically to all validated Windows OS systems.
What this means for you:
Microsoft normally releases its updates on Tuesday, so the more savvy among you might have already noticed the unusual appearance of an update request from your Windows machine as early as last Friday evening. Regardless of when you see it, you should allow update to download and patch your OS as soon as possible, especially if you use IE as your internet browser. If your computer is managed by a corporate IT department, the update may go through internal testing before being released to update your computer. Assuming you’ve not made any changes to how your OS stays up to date, you should be patched, or will be patched the next time you reboot your computer. To make sure you’ve received this update, you can visit your Control Panel, open Windows Update and check your update history for “Cumulative Security Update for Internet Explorer (2744842)”. If this has been successfully installed, you been patched!
Either stop what you are doing and read this article from PC World, or mark it for later and keep reading this story, because this may be the most important thing you do this month.
Easily searchable personal information available on the web plus easy-to-guess passwords can lead to identity theft. Not worried about that? You should be. It’s a problem that won’t be going away anytime soon, and it won’t just affect your personal life – it can impact your business as well. Keep in mind that being targeted by a hacker versus getting infected by malware are two very different levels of danger. A direct hacking attempt is focused and presents a very clear threat to you, your loved ones and your business.
What this means for you:
Google yourself. Try various combinations of your name (including former names if appropriate). Now try your family members. Look for data that you might consider sensitive: age, birthdate, address, names of financial institutions, work or home addresses, and most importantly look for anything that you’ve used as a password. Don’t freak out! Google doesn’t know you that your dog’s name is your favorite password, but a clever hacker might figure it out just by guessing.
If you’ve sufficiently worried yourself, here’s what you need to do to harden your personal security profile:
- Use longer passwords (8 or more characters) that are not easily guessable. That means you need to stop using your Mom’s birthday, your cat’s name, etc. Mix it up with numbers and punctuation. Hackers can crack a 5-digit/letter password in a single hour just by brute force. If you want to be really safe, use a Passphrase.
- Don’t use the same password/passphrase on your important accounts, like Banks, email, data encryption, etc.
- Search your email (especially if it’s cloud-based like Gmail or Hotmail) for any emails that contain passwords, delete those emails immediately. Delete any emails that list account/login names for important accounts. Do this even if the information is no longer valid – hackers can use the info to make better guesses about active account names and passwords.
- Check your privacy settings for any social networking accounts you use (or have used in the past). If you don’t understand how they work, learn how they work or remove your account if you can’t/won’t take the time. This includes Facebook, G Plus, Pinterest, Yelp, etc. Anywhere you’ve typed in personal information about yourself may be a potential leak you didn’t know you needed to plug.
In the end, if you are able to make yourself even incrementally harder to hack than someone else, hackers are more likely to move on to easier targets. Obviously, if you need help hardening your personal or business security profile, don’t hesitate to give us a call!
Image: FreeDigitalPhotos.net
![maps_gallery_1[1].jpg](https://c2techs.net/wp-content/uploads/2012/09/maps_gallery_1[1]-460x260_c.jpg "maps_gallery_1[1].jpg")
It would seem that Apple’s new Maps application introduced with iOS 6 on Sept 19 has had a bit of a rough start. As one might expect, the technology media rakes in the clicks with glee when the industry’s golden child stumbles, and reports are already coming in of the new app’s misguided attempts at navigation. Gizmodo’s Kyle Wagner reminds Apple fans that comparing the new app to the reigning heavyweight champ, Google Maps, is perhaps not the fair, given Google has had years to amass and refine the billions of points of data that are required to present an accurrate picture of our world.
Given this, critics still rightly point out that Apple’s open feud with Google in other areas (namely Android vs. iPhone and Siri vs. Google Now) has amounted to Apple taking out its frustration on its customers by replacing the highly functional Google Maps with it’s own, still very beta, version of Maps.
What this means to you:
If you rely heavily on your iPhone for navigation, you can continue using Google Maps as a native app as long as you don’t upgrade to iOS 6. If you’ve bought an iPhone 5, you can use Google Maps through the phone’s browser, though it’s definitely a lot less elegant and usable in this fashion. It may be many months, if not years, before Apple’s Map app can match Google turn for turn, and let’s face it, Google isn’t standing still at this point. It’s unclear whether Google will create an app store version of it’s Maps application for future download on the iPhone, and even less clear whether it will even make it through Apple’s strict and sometimes arbitrary approval process.
Bromium, a new startup by the same braintrust that founded Xen – a popular virtualization platform now owned by industry giant Citrix – is promising their new product, “vSentry” will return computer users to the heady days of pre-virus computing. The basic idea behind this product is basically a combination of virtualization and hardware/software compartmentalization that creates agents called “microvisors” that act as a disposable “mini-computer” that are fired up to do things like read email, surf the web, play games, etc. and are then discarded completely once you have finished with that task. Conceptually, if, during the course of that task, the microvisor was attacked and infected by malware, the malicious code would end up going nowhere in the end, as the agent was dismissed from use. Think of the microvisor as a pair of impermeable, disposable gloves, tossed into the waste bin after every use, without the landfill aftermath.
What this means for you:
Based upon what I could tell, the product is still in the very early stages, and not yet readily available to the average computer user. It’s nice to imagine an internet where you can open an email from a friend, click a strange attachment and not worry about utterly destroying your computer. Even with the best-in-industry anti-malware software installed on your computer, the weakest link is still the operator at the keyboard. Until this product becomes a reality, and gets installed on every computer, vigilance is still your best defense against the wild internet. Always make sure your anti-malware software is installed, updated and WORKING. Always back up your data, and make sure those back ups are good. And if you are ever in doubt about your computer’s security, give us a call!
CORRECTION: iOS 6 will work on iPhones from the 3GS version up. Thanks to Dave McAdams for catching that!
Apple will begin pushing the iOS6 update to its mobile device platforms on Wednesday, September 19, 2012. Along with the expected performance improvements and bug fixes, there are a handful of features that may of interest to Apple users who are not purchasing an iPhone 5.
Here are the most important changes:
- Google Maps will be replaced by Apple’s own Maps application
- Passbook is a brand new Apple app that they intend to replace paper ticketing for things like travel, movies, loyalty cards and more
- Facebook is now integrated into most of Apple’s native applications
- Siri’s search capabilities have been expanded to include things like sports scores, movie times, restaurant reservations and launching apps. It will also work on the latest iPad and the iPhone 4s, but not on older mobile devices.
- You can sync your Safari tabs between your mobile device and desktop Macs via iCloud.
- You can share photo streams with other iOS 6 users, as well as stream your photos to your Apple TV.
- Facetime can now be used on cellular networks, not just wifi.
What this mean to you:
If you are using an Apple mobile device that is NOT an iPhone 5, 4s 3GS or newer, or the 3rd generation iPad, then there’s nothing you need to worry about, as iOS 6 is not available for your device. However, if you do have a qualifying device, the upgrade will come in “over the air” if you already have iOS 5 installed. You will need to upgrade your iTunes software to version 10.7 if you plan on plugging your device into your computer. Before you upgrade, make sure you backup all of your important data (contacts, music, photos, etc.) as upgrades can go wrong, and if they do, it usually means wiping your device in order to restore it to functionality. Wiping = erasing all your personal data = disaster without a proper backup. If you rely on your phone as a critical business tool, including some 3rd-party apps, you may want to wait until you have some business downtime, just in case the upgrade goes sideways, or causes problems with your apps.
Ars Technica is reporting that there was a significant increase in exploitation attacks over the weekend on a previously unknown vulnerability in Microsoft’s Internet Explorer, including the most recent version, IE9. What’s very unusual is that this vulnerability appears to occur in all major versions of Microsoft’s OS, including Windows XP, Vista and 7, and and uses the Adobe Flash Player plugin to gain a foothold on a user’s computer. This exploit has been able to circumvent most commercial anti-virus and anti-malware programs in use currently.
What this means to you:
On an Apple computer like an iMac or MacBook? Nothing you need to worry about – this exploit only affects Windows-based computers.
For all Windows users: Until Microsoft admits to, and then patches this vulnerability (so far they haven’t responded), and until the major anti-malware manufacturers like McAfee, Symantec, etc. can successfully detect and protect against this exploit, using any version of Internet Explorer will come with increased risk, especially if you surf to unknown or undocumented sites (ie. follow a link sent by a friend or co-worker, without knowing whether the link is legitimate). If it’s possible, I would recommend installing and using Google Chrome or Mozilla Firefox, at least until MS can patch this vulnerability.
At minimum:
- Make sure your computer has a working anti-virus program installed, updated and running.
- Avoid browsing websites with which you are unfamiliar.
- Stay alert for unusual behavior on your computer, such as sluggish performance, unusual pop-up windows and inability to surf to websites, specifically anti-virus websites and the alternate browser sites that I linked above.
Keep in mind, if your computer is managed by an IT department, using a browser other than IE may not be allowed, or, if it is allowed, Chrome and/or Firefox may not work with some of your company’s web applications, as many are designed and tested to work with IE only.
Apple announced their much anticipated iPhone 5 smartphone today, confirming that it was indeed the same design as has been appearing in leaked photos throughout the run-up to today’s launch. It goes on pre-sale via the Apple store on September 15, 2012, starting at $199 for the 16GB model, up to $399 for the 64GB version, most likely with a 1 or 2 year contract. Pre-orders will ship the following Friday, September 22.
What This Means to You:
The new iPhone 5 is lighter, thinner and larger than the previous model, the iPhone 4s, (which will now be available for the discounted price of $99). It has a faster CPU, a larger screen (with numerous technical improvements), a better front and back camera, but most importantly, it has a new hardware connector, dubbed “Lightning” that is 80% smaller than the current 40-pin connector that has been in use for years.
It’s probable that the larger case manufacturers have had early access to prototypes of the new iPhone, so you can expect at least a handful of cases will be available for purchase around the time the iPhone 5 ships, but Apple doesn’t anticipate Lightning-compatible accessories to be available until Christmas 2012. Until then, an adapter is available that will allow you to connect iPhone 5’s to “legacy” 40-pin accessories. Keep in mind that the adapter by itself will probably render dock-style accessories unusable with an iPhone 5, as it looks rather large and flimsy.
(Image courtesy of www.gdgt.com)
Once the darling of the business world, RIM’s BlackBerry phone platform has seen a continous erosion of its dominance in the corporate world since Apple’s iPhone first arrived on the scene in 2007. Two recent articles in PC World and CNET underline RIM’s continuing struggle to remain relevant in an iPhone/Android world.
According to those that have seen it, RIM’s impending release of version 10 of the BlackBerry OS will put the company’s phones on par with its competition, but at the cost of incompatibility with the existing Blackberry Enterprise Server (BES) infrastructure installed in just about every business that supports them.
On top of this huge stumbling block, retailers are pulling back their commitments to BlackBerries, according to one analyst, signaling a general lack of confidence in the strength of the platform and brand.
What this means for you:
If your company has standardized on BlackBerries for its employees and you have a decent investment in technology and resources to support it, you should have nothing to worry about in the short term, but should closely evaluate future spending to support this platform. Your 2-5 year plan should look into expanding your communication network to include the other smartphone platforms, if they aren’t already in use in your enterprise. The BlackBerry platform still has numerous strengths, mostly in the area of asset managment, security and reliability, but the older devices lack modern appeal and versatility. Today’s modern employee, especially the younger generations, view their phones as an extension of both their professional and personal lives, and the continued lack of innovation on the platform has eroded their credibility, utility and appeal across the board.
While it’s possible that RIM may work a miracle and come back from the brink of extinction, I rate their chances as highly unlikely.
Numerous sources are reporting that web services provider GoDaddy.com is currently suffering from a severe, widespread outage of its DNS and webhosting services, crippling thousands of its customers’ websites. GoDaddy’s website and phone support are also unavailable. Though GoDaddy is not commenting on the reason for the outage, responsibility for the outage is being claimed by hacker “Own3r” who is allegedly the Security Leader of the infamous hacktivist group “Anonymous“.
#tangodown godaddy.com by @anonymousown3r
— Anonymous Own3r (@AnonymousOwn3r) September 10, 2012
What this means to you:
GoDaddy is one of the world’s largest domain registrars, and by default, also one of the largest DNS providers as well. The easiest way to explain DNS is to liken it to a directory that matches the domain name (e.g. “c2techs.net”) with that website’s actual IP address (eg. “76.89.143.130”). Whenever you type a domain name into your browser, you are actually reaching out to that domain’s “name server” (hence “DNS”) so that your browser knows where to find the webserver that serves pages for that particular domain name.
Even if your site isn’t hosted by GoDaddy, if the above attack has taken GoDaddy’s DNS servers offline, your site is still unreachable unless the browser (or the human behind it) knows the IP address of your domain name and uses that instead.
What can you do about it:
While their service is down, not a whole lot. Once they come back online, you can transfer any GoDaddy services to any number of other providers. I use Hover.com and have been very happy with their simple and low-key approach. If you’ve registered domains with GoDaddy, then you are more than capable of handling the transfer process, especially if you start the transfer from Hover.com, but there are a few gotchas here and there that may complicate the process. Website transfers are a bit more complex, and unless you are an accomplished website administrator, I’d suggest you contact us for help. C2 Technology provides a full complement of web services including domain registration, website design and hosting.