After all my warnings about scareware, Google comes along with a warning on its search results pages that many of you might believe is scareware, but it’s not – it’s real.
Google Malware Warning
According to Google’s Online Security Blog
This particular malware causes infected computers to send traffic to Google through a small number of intermediary servers called “proxies.” We hope that by taking steps to notify users whose traffic is coming through these proxies, we can help them update their antivirus software and remove the infections.
This malware is actually a result of scareware, or fake anti-virus software that infects computers. And, Google admits, there may be a whole new slew of fake scareware ads that look like the Google warning. A valid Google warning will only be seen at the top of a search results page.
So, if you see this warning it’s time to run an AV scan. You do have anti-virus installed, right? And it’s up-to-date, right? If not, Google will even help you at their Help Center..
————————
HOSB RSS Feed
Just a quick security checklist for all small business offices and office computers…
- A hardware firewall (router) protecting all business computers – can be upgraded to a SMB security device for larger offices
- Encrypted Wi-Fi Network
- Employee Training
- Don’t download or install software
- Limit use of USB drives
- Don’t divulge passwords
The following should be on all business computers…
- Secure Profile Login
- Security Suite
- Should cover all types of malware and optionally include secure web browsing (software checks for known malware sites)
- Subscription valid and virus database updated daily
- Full computer scan at least weekly
- Updated Software
- A good tool for this is Secunia (http://secunia.com/)
- Data Backup System
The following should also be on all business laptops and smartphones although they can also be on office computers if susceptible to theft…
- File Encryption – like TrueCrypt (http://www.truecrypt.org/)
- Password Software protecting all passwords with a master password – like LastPass (http://lastpass.com) or RoboForm (http://www.roboform.com/)
- Optional: LoJack (http://www.absolute.com/en/lojackforlaptops/) or other tracking software
- Optional: BIOS password
This is just a minimum. There are other options like disabling USB ports on employee computers, restricting employees to Limited User accounts, restricting Internet access, requiring re-login to Windows after a screensaver kicks in, etc.
How does your business stack up?.
————————
HOSB RSS Feed
Adobe is releasing an out-of-cycle patch for Adobe Reader and Adobe Acrobat today to patch a vulnerability for iPod Touches, iPads and iPhones.
The patch will affect all operating systems, not just Apple products. The next scheduled release of Adobe patches was October 12th, but due to the critical nature of this vulnerability Adobe is releasing the patch early.
From the Adobe Security Bulletin:
Adobe is planning to release updates for Adobe Reader 9.3.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 for Windows and Macintosh, and Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and Macintosh to resolve critical security issues, including CVE-2010-2862 discussed at the Black Hat USA 2010 security conference and the Adobe Flash Player update as noted in Security Bulletin APSB10-16. Adobe expects to make these updates available on Thursday August 19, 2010.
Adobe’s Flash Player was just patched yesterday. If your Flash Player hasn’t automatically updated, go to adobe.com to get the update..
————————
HOSB RSS Feed
Computers don’t feel pain. At least, up until now. Trust me, I’ve done things to my computer that defy the Geneva Conventions and while acting surly for a week or so, it didn’t show any evidence of real pain.
But, a group of researchers at Florida Tech is exploring ways to have future computers experience pain.
The problem, according to Richard Ford, a computer science professor and head of the research team, it that computers, for all their computing ability, are essentially dumb.
“Computers are brittle,” Ford said. “Your computer will screw up in the same way every single time. It doesn’t learn. It doesn’t adapt. If there is a (string of code) that’s messed up in your computer, it’s going to crash in the same place every time. It’s all just ones and zeros at the end of the day.”
So he’s started looking at ways to teach a computer to feel pain so it can determine there’s a problem and heal itself, much like humans use fevers and antibodies to overcome infections.
The idea is to model the human immune system in computers – to become aware of an attack, overcome the attacker, repair the damage, and be immune from the same future malware attack, all without external assistance.
Estimated time to mass production? 10 – 15 years.
Further Reading:
Machine, Heal Thyself.
————————
HOSB RSS Feed
Apple is a secretive company by nature, but there are always people who were born to take things apart to see how they work and delve into area where they’re not wanted.
One White Hat hacker came up with a program called JailbreakMe 2.0 to allow you to run unapproved apps, themes and tweaks on your iPhone, iPad or iPod Touch.
However, there are also Black Hat hackers out there, too. Jesus Diaz at Gizmodo just released a vulnerability on all three above mentioned gadgets from Apple that don’t even need any action on your part other than opening a PDF file.
From the Gizmodo post:
Right now, if you visit a web page and load a simple PDF file, you may give total control of your iPhone, iPod touch, or iPad to a hacker. The security bug affects all devices running iOS 3.1.2 and higher.
Update: Initially we thought that this exploit only effected iOS4 devices, but it turns out all iPhones, iPod Touches and iPads running 3.1.2 and higher are susceptible.
The vulnerability is easily exploitable. In fact, the latest one-click, no-computer-required Jailbreak solution for iOS 4 devices uses this same method to break Apple’s own security (although in a completely benign way for the user).
How it works
It just requires the user to visit a web address using Safari. The web site can automatically load a simple PDF document, which contains a font that hides a special program. When your iOS device tries to display the PDF file, that font causes something called stack overflow, a technical condition that allows the secret ninja code inside the font to gain complete control of your device.
The result is that, without any user intervention whatsoever, that program can do whatever it wants inside your iPhone, iPod touch or iPad. Anything you can imagine: Delete files, transmit files, install programs running on the background that can monitor your actions… anything can be done.
It’s not just a problem with Apple. Virtually all smart phones are susceptible to hacking and viruses. Security and antivirus apps have yet to catch up. But secrecy is not a good defense.
The vulnerability is easily exploitable. In fact, the latest one-click, no-computer-required Jailbreak solution for iOS 4 devices uses this same method to break Apple’s own security (although in a completely benign way for the user).
How it works
It just requires the user to visit a web address using Safari. The web site can automatically load a simple PDF document, which contains a font that hides a special program. When your iOS device tries to display the PDF file, that font causes something called stack overflow, a technical condition that allows the secret ninja code inside the font to gain complete control of your device.
The result is that, without any user intervention whatsoever, that program can do whatever it wants inside your iPhone, iPod touch or iPad. Anything you can imagine: Delete files, transmit files, install programs running on the background that can monitor your actions… anything can be done.
.
————————
HOSB RSS Feed
We often get clients asking us for a recommendation on anti-virus software. This occurred last week when one of our clients was infected with a scareware trojan (again). He couldn’t download anything off the web because the trojan was blocking it and was standing at the anti-virus software rack at the local Office Max. He had been using AVG on his new computer, which didn’t block the scareware.
So let’s talk about antimalware protection for your home office or small business. First, there are Internet security suites that can contain a firewall, anti-virus, antimalware, anti-phishing, anti-spam, parental control, identity theft protection, backup software and any number of other features which you may or may not need.
Then there is dedicated anti-virus/antispyware software that specializes in protecting your computer from a virus/worm/trojan. Continue reading .
————————
HOSB RSS Feed
Recommended
