WPA WiFi standard has been compromised

Rumors floating around the computer security world the last few days have been verified. Researchers have found a way to bypass the security used on most wireless routers, laptops and cell phones.

The flaw is in the WiFi standard itself and not with any make or brand of routers. So it may take some time before a wide release of a fix becomes available.

A first look at what sort of attack may be used against this flaw seems to indicate that an attacker would have to be in range of a WiFi device. So while still serious, it would limit attacks to hackers within a few hundred feet of your router.

For now I am sure that the WiFi standard will be worked on as well as a rush by manufactures to implement patches. As this flaw has just been found there are only a few things an end user may do at this point…

  1. Update your security patches for routers and other WiFi devices.
  2. Limit your public WiFi use until patches are released (AND INSTALLED).
  3. Make sure the websites you’re using are secure by logging onto only secure sites that use the HTTPS protocol. If you do not know how to do this then install a plugin for your browser such as HTTP Everywhere that will make sure your connected securely.

UPDATE: 1:16 PM 10/16/2017

It seems Microsoft had a heads up with this problem and has some fixes. You can choose just to do a regular update to get your computer patched or go here and download for your “flavor” of Windows.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080

Taking out the trash

Seems in the past few weeks a bunch of old tech favs have fallen by the wayside.

Piriform’s Ccleaner had a bad security breach that left it’s utilities hacked and without a clear response and explanation on how their security failed so badly are now off my list of recommend software.

AIM Messenger, once a classic instant messaging platform is calling it a day. Now if AOL will just stop scamming all the computer illiterate with their AOL Desktop software I will be happy.

And Today Microsoft admits that they are now out of the phone business. Letting Windows 10 mobile die off. If not so gracefully.

The one rule in technology is it always changes, and I am happy to see the above fade away in favor of more modern,  secure and helpful technology that I can tell my computer repair clients about.

 

 

Homeland Security and US-CERT forward nonsense alert

Just got an email from US-CERT forwarding a FTC alert stating that you should use Equifax to monitor the effect of the Equifax breach on your credit accounts?!?!?!

See this line in the email…
Alternative security recommendations include using fraud alerts and free credit monitoring from Equifax.

Forgive me if I don’t get it. But this seems to me like letting the doctor that left the scalpel inside your gut, go back in for another try. It is the industry standard to have an outside agency or company monitor a break of this magnitude. Until they have proven they have fixed the breach AND a resolution has been implemented for ALL those that have been affected.

jeeesh !!!

CCleaner Hacked

If your using CCleaner, know that the company that produces it has said it’s been hacked. Uninstall ASAP and if you wish to still use it download the latest version.
via…
https://techcrunch.com/…/avast-reckons-ccleaner-malware-in…/

Watch out for fake antivirus programs

Just came across this Fake antivirus / scamware
“professional cleaning software”.

Could you be any more creative with a name?

If you decide to install security / antivirus software consult an expert first or you may end up with a fake that does nothing but take your money.

 

From Homeland Security / US-CERT

If your using Thunderbird to check your email…

Original release date: August 21, 2017

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.3 and apply the necessary update.

Get the update version here

Know your software

On computers as well as smartphones I find people download software without even doing a google search to see if it is any good. Yet alone to check if the software is just bait for a virus infection or has had other issues discovered with it. Such as bugs or not working with certain O/S or hardware.

In addition software that is great today can be dangerous tomorrow if hackers compromise the source code or somehow are able to control the website providing the downloads for the software.

Yesterday some popular extensions for google chrome created by Chris Pederick have been reported to have been compromised by hackers.

If your running any of these add-ons you should remove them ASAP…

Chrometana
Infinity New Tab
CopyFish
Web Paint
Social Fixer

This is just one days hacking news as both Chrome extensions TouchVPN and Betternet VPN were also compromised in June.

So before downloading any program make sure you check it out. And if you need help ask a computer professional such as RenoGeek to help you with your software choices and security.

Ransomware protection

Once again a new ransomware is in the news. Starting in the Ukraine and spreading worldwide in just a few hours. As always happens once a new malware hits the news I get phone calls asking how the person can protect themselves from the new thing on the block. And my answer is the same. Good anti-virus products. Good computing habits and Back up, Back up and did I say backups?

With a good, well maintained backup even the worse virus or malware will just mean you need to re-install the O/S and copy your data back. Without a good backup you could spends months re-creating important work data and maybe loose important things like personal documents and pictures permanently.

In addition, a good anti-virus will help fend off malware and not clicking on every link sent via email from your friends and co-works can also limit your exposure to these new threats.

As always if you need help with computer security or other computer issues please give RenoGeek a call.

Information about wannacry

Most people over the last week have seen reports about the new ransom-ware that has been released and is infecting computers worldwide. Some big companies like Fed-Ex and even the English  health care system have had outages due to this new bug. And I have already gotten many calls and emails about it since the week began.

So what can you do about it? Well first as with all computer problems the best insurance is a good backup stored in a location under your control. The virus can not encrypt files it has no access to. So a back up on a external hard drive not attached to your computer is ideal.

Next the older your O/S the higher your chance of getting this or many of the other viruses floating around the Internet. So update to a current O/S and make sure you keep up with the current security patches. Which you can find here.

Last practice safe hex (old computer joke)…
Don’t click on links from unknown sources. Don’t read email from people you do not know or with weird spam like subject lines. Don’t visit download and porn sites. Use a modern antivirus products (that are also updated).

If none of this makes sense or your not sure you have followed these instructions correctly, feel free to give RenoGeek a call to setup a service call to double check your security.