Author Archive
Last week saw the addition of another chapter to the never-ending malware saga that is Adobe Reader. A clever exploit for a vulnerability was uncovered by researcher Mila Parkour and Reader as well as Acrobat currently remain unpatched.
PC World reports that the exploit uses rigged PDF files that include code to exploit the zero-day flaw. It has been called impressive and clever because it first gets around 2 Microsoft-created protections. The sophisticated exploit bypasses two important defences that Microsoft erected to protect Windows, ASLR (address space layout randomization) and DEP (date execution prevention), researchers have confirmed.
Second, the attack also boasts a valid digital signature by Vantage Credit Union. VeriSign has revoked the signature to prevent further usage but the malware that’s already out there will still be carrying what looks like a valid signature.
The attacks have been targeted to specific corporations and individuals but now that the word is out the hackers will probably expand its target range. Adobe has not offered any word on how to avoid the attacks or when they will have a patch ready. They did warn users on Tuesday about the malware.
To get infected the bad PDF needs to be viewed so it does require some interaction and disabling JavaScript will block the attack. This is the latest attack to use digital signatures to fool defence systems, it bears a resemblance to the Stuxnet worm which was a problem for some companies over the summer.
It wouldn’t be surprising if in the future more malware uses these sophisticated techniques with digital signatures since they have been effective.
|
Getting a computer virus is frustrating to say the least, and can be dangerous to the health of your PC. Malicious software can erase your precious data and even wreck havoc to your hard-earned credit rating with identity theft.
In the event that you’d prefer a professional to handle your virus woes, consider hiring a consultant such as ourselves who specialize in these types of threats.
Computer consulting firms, such as ourselves, dedicate our careers to advising business owners on when to upgrade their hardware. As with all business decisions, the answer boils down to a comparison of cost vs. benefit. While this may be true, quantifying the costs and benefits of hardware is not always an easy task. There are 3 factors you should consider when deciding if upgrading your hardware is the smartest choice:
Does it require more robust hardware to run itself? If this is the case, than upgrading is the smartest choice. Other situations that require upgrading are broken PCs and system crashes. Clearly, in each of these cases, the consequences of NOT upgrading will cost you more in the long run. In business, it’s always better to be proactive.
Pat L
|
© 2010 4 Your Computer Repairs. All rights reserved. |
Most Companies require them and a lot of home users do not but for those who do, just how good is your password?
I often advise people on passwords and how to make them more secure and if you like spaceballs you will know about one of the simplest easy to crack passwords going around
but here a re few more that are common and should not be used
- password
- 1234
- 12345
- 123456
- 1234567
- 12345678
- qwerty
- abc123
- letmein
- monkey
- myspace1
- password1
- blink182
- (your first name)
- god
- sex
- money
- love
- 696969
- admin
- password
But sometimes it is not even necessary to hack the password, I have seen people give out their password to work colleges and friends.
In one case someone had managed to get a co-workers password they then went on to use this account for looking up adult material while in work. The only reason that he got caught was he used this account while his co-worker was on a different shift, so after security and the IT department looked into it and then tracked the usage they were able to catch the person in the act. That person was instantly sacked, but things could have been different if they had only used that account when that person was working.
It used to be the case that good 6 character password would be sufficient and that someone could try 100 passwords per second (see table below, thanks to baekdal
But now there is a new threat.
Graphics cards
As the graphics processing unit (GPU) have become so powerful and fast in order to handle the the rendering for today’s games this has also lead to them being used for other things.
According to the Georgia Institute of Technology passwords with fewer than 12 characters can be decoded using brute force and to put the power of these graphics cards in to perspective:
The top graphics processors, today, offer about two teraflops of parallel processing power. Put this into comparison comparison, the world’s fastest supercomputer, in the year 2000, a cluster of linked machines costing $110 million, operated at slightly more than 7 teraflops
A teraflop is “a trillion calculations per second” and like every other computer technology, they are just going to get faster meaning they will crack your passwords faster. A brute force attack means they will try every combination of number, letters & symbol combinations until they find the right one.
Christian Brindley, Regional Technical Manager EMEA at VeriSign Authentication, said,
Lots of people think that they have a solid password – over 12 characters long, including a combination of letters, numbers and cases to increase their strength.
However, in today’s world passwords are simply not enough to protect sensitive information on their own. In fact, VeriSign research of UK online adults showed that 39% of us disagree that ‘user name plus password’ is a strong enough security measure.
If that was not bad enough Elcomsoft have software that is meant to audit your wireless security by hacking it and if you have not already guessed it, it uses your graphics card’s GPU to do it. No doubt some criminals will find a way of adapting this to try and hack their way into someone else’s network.
My Advise
For home users I would suggest a 8 character password and for businesses at least 12. They should include uppercase letters, lowercase letters, numbers and special characters like £, $ or &.
It is better a strong password that take a bit longer to log in than have it hacked and have sensitive details lost.
If you would like any more information then please contact us and we will happily give you some advise.
If you are fed up with the same controller as everyone else and want it to be different or want to stop your kids arguing about who’s controller is who’s then try our modifications. Below is a simple ring of light modification, while the LEDs I installed were blue you can get them in the following colours Blue, Red, Orange, Pink, Yellow and white.
Did you know someone can change the setting on your router so all your internet traffic goes through their servers and from this they can get your bank details as well as other personal information?
Routers come with a standard password and I usually use this to access clients routers without even asking if they know the password. This is because the router is usually the last place someone thinks of needing a password or they simply have not known it. Now, well for some time, criminals have taken advantage of it, they have developed malicious code to change your setting on the router.
This looks like the computer is affected by a virus but even after a computer has been cleared of everything it still has the same error and all computers will show the same symptoms. You may net even get any symptoms which makes it worse.
When you go to a website your computer does not know where that website is hosted so it looks for a DNS server. On nearly all home routers this will be set to get the address of these servers from your ISP automatically. So when you type in a website address it goes to these servers and they look up where the website is, return this information to your computer and you get the website displayed on your computer. This virus changes the settings so it does not get the DNS server of your ISP but theirs so they can see what you are doing and intercept any data they can.
For the full report see Forbes
How do you change this password? If you are confident then search for your routers model number and for the instructions. This should tell you what to do, if you are not sure then get a technician in to do it for you. It does not take long and you will know that this virus can not affect you.
4 Your computer Repairs Is a local company offering home and business IT support. Our technicians are trained and qualified to handle networking and windows problems. We have a wide network of partners who help us cover all aspects including Apple computers.
If you have any queries then please give us a call.
Testimonials
We have listed some of our testimonials from around the internet please feel free to follow the links to read the originals
Our latest testimonial from Est8 Planning
Our testimonial from Xpress image communication
Fixed my laptop which had frozen on start up. Excellent communication, came to pick my laptop up the next day. Had it fixed within an hour. Charged the quoted price.Will recommend to friends and work colleagues in need of this service.
Angela Greer Childminding Service
Steven saved me hours of work checking my PC setup up, giving me confidence in what I was doing and resolving problems for me. He turned up when he said he would and did the work quickly and without fuss. On the basis of my first experience of his service I intend to sign-up for his online backup and daily health check services. I would strongly recommend Steven to others.” March 10, 2011
Top qualities: Good Value, On Time, High Integrity
Sara Priestley Massage Therapist and Teacher
Steven fixed a fault on my notebook keyboard after someone had told me I could try a new keyboard to see if that would work. Not only did he find and fix the fault the price he quoted for a new keyboard should I need one was half the price I had been given previously. I really appreciated having my notebook picked up from my house and delivered it just made my life so much easier. I cannot recommend him highly enough. His knowledge and professionalism were impressive, I will certainly be using him for any IT needs in future.” August 20, 2010
Top qualities: Expert, Good Value, On Time
Although Steven had only started in business less than a year ago he delivered his services like an old pro. He has a depth of knowledge in IT and computer hardware that will be of benefit to anyone who needs new or to upgrade their current machines.
He is very helpful and trys hard to get a result for his customers.” May 8, 2010
Top qualities: Expert, Good Value, High Integrity
Tony Law
“I have now used Steven for a number of repairs to our PC and network problems which he has provided consistent quality of service at competitive rates. Quick reponces and reliable.” April 7, 2010
Top qualities: Great Results, Good Value, High Integrity
My Linkedin page with the above referals
We have partnered with some of the top companies to offer you products and services that meet and exceed your expectations
.
 |
 |
 |
 |
 |
This exploit affects all versions of windows .
Sophos has released a Windows Shortcut Exploit Protection Tool that claims to block any attacks trying to exploit the critical unpatched vulnerability in Windows shortcut files.
Currently, this tool protects only LNK files, other file types like PIF might be supported later
While Microsoft has suggested a fix or workaround to address the security issue, this tool blocks this exploit from running on your computer. The Windows Shortcut Exploit Protection tool runs whenever Windows tries to display an icon corresponding to a Windows shortcut. The tool intercepts this request and validates the shortcut. If the shortcut does not contain an exploit, the icon is displayed.
The Sophos Windows Shortcut Exploit Protection Tool works on Windows 7, Vista & XP only; and does not work on Windows 2000.
This bug has it’s vulnerability in the help and support system. This bug was first found by a Google engineer on the 10th of June but by the 15th criminals had exploited this with websites that have code to install Trojans, spam tools and viruses to the users computer without them knowing.
As Microsoft have not yet found a fix to this bug the advise is to switch the vulnerable part off, for which it has produced an automated tool which can be found on their website. Please download and run the files, also make sure your anti virus software is up to date.
While this affect Windows XP it also affect all of the following
- Microsoft Windows Server 2003 Service Pack 2, when used with:
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows Server 2003, Datacenter x64 Edition
- Microsoft Windows Server 2003, Enterprise x64 Edition
- Microsoft Windows Server 2003, Standard x64 Edition
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
- Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
- Microsoft Windows XP Service Pack 2, when used with:
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional
- Microsoft Windows XP Service Pack 3, when used with:
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional
If you want to know more then see their technet blog
Some models of Sony Vaio laptops need a BIOS update to stop them from overheating. Sony said they had a potential issue affecting VAIO VPCF11- and VPCCW2 models.
If you need to know more go to the Sony website and follow their instructions.
Today I received an email from my ISP saying it had quarantined an email from someone at UPS. I found this strange as I was not expecting anything from UPS and that my ISP thought it was a virus.
As I always check these things out I phoned UPS and even before I got to multiple choice menu it had a message saying they have had a number of calls about this email. The email says that a delivery was attempted but no one answered and asks the user to open an attachment to arrange another delivery. Well you might have guessed it is a virus and opening this attachment infects your computer.
If you get any unexpected emails from a large company especially Ebay and Paypal go to their websites directly and not though a link on the email and check it out either by logging in or in my case phoning the company. I know Ebay and Paypal have an email address you can forward your email and they will tell you if it came from them or not.
