2019 is right around the corner!

Happy New Year!

With Christmas now behind us, we all have these new gadgets, computers, entertainment center devices, and more!

Want some help setting up your new computer/electronics either before Christmas so it’s all ready to go, or right after Christmas so you or your loved ones can enjoy the new gift quickly?

Fran’s Computer Services can come to your home/office to get things all set up for you; whether it be a new computer, a new Mac, a new iPad or other tablet, a new phone, a new printer, a new router, or new devices in your entertainment center, or any other computer or electronic device.

Do you live in the Williamsburg/Hampton Roads or Tidewater areas?
Let us come to you and help you get your new Christmas device(s) setup so you can start enjoying them to the fullest!

Contact Us here or through Facebook, or give us a call/text at 757-941-5469.

 

Advertisements

Christmas is Coming!

Christmas is coming!

New gadgets, computers, entertainment center devices, and more!

Want some help setting up your new computer/electronics either before Christmas so it’s all ready to go, or right after Christmas so you or your loved ones can enjoy the new gift quickly?

Fran’s Computer Services can come to your home/office to get things all set up for you; whether it be a new computer, a new Mac, a new iPad or other tablet, a new phone, a new printer, a new router, or new devices in your entertainment center, or any other computer or electronic device.

Do you live in the Williamsburg/Hampton Roads or Tidewater areas?
Let us come to you and help you get your new Christmas device(s) setup so you can start enjoying them to the fullest!

Contact Us here or through Facebook, or give us a call/text at 757-941-5469.

 

Windows 10 Flaw allows attackers to open malicious websites – even if PC locked!

Windows 10 Flaw allows attackers to open malicious websites – even if PC locked – Bitdefender HOTForSecurity

“Israeli researchers Tal Be’ery and Amichai Shulman have discovered a way of just using voice commands to make locked Windows 10 computers visit a website under the control of malicious hackers… and potentially install malware.

The problem lies in Cortana, the voice assistant that Microsoft built into Windows 10. As Apple, for instance, has learnt to its cost on numerous occasions with Siri…”

More in the link.

Security researchers Martin Rakhmanov from Trustwave conducted a one-year-study on the firmware running on Netgear routers and discovered vulnerabilities in a couple dozen models!

Pierluigi Paganini at Security Affairs Blog has posted an article about these vulnerabilities.

But all is not lost, Netgear has just released many security updates that address vulnerabilities in a couple of dozen models due to these vulnerabilities.

Users are recommended to apply the security patches as soon as possible, they can be exploited by hackers to compromise gateways and wireless points.

If you can not do it yourself or do not feel comfortable doing it yourself, be sure to get help from your computer guru.

Malware infections tripled in late 2013 thanks to sneaky browser plugin, Microsoft says

Malware infections tripled in late 2013 thanks to sneaky browser plugin, Microsoftsays – PCWorld

A three-fold increase in Microsoft Windows computers infected with malicious software in late 2013 came from an application that was for some time classified as harmless by security companies.

The finding comes as part of Microsoft’s latest biannual Security Intelligence Report (SIR), released on Wednesday, which studies security issues encountered by more than 800 million computers using its security tools.

Microsoft has added detection of this malicious piece of crap to it’s  Malicious Software Removal Tool (MSRT), and let others know about it as well back in December 2013 according to the article.

Heartbleed, OpenSSL and Perfect Forward Secrecy

If you want to know the quick and easy way to understand what Heartbleed is, How the Heartbleed Bug Works and what it means to you in very simple and elegant terms, there’s this wonderful xkcd cartoon today:

Heartbleed Explanation: How the Heartbleed Bug Works - xkcd.com - Click on image to go to the site to see it larger

Heartbleed Explanation: How the Heartbleed Bug Works – xkcd.com – Click on image to go to the site to see it larger

And that my friends is pretty much it in the nutshell.

Due to this ‘bug’ or what could be commonly called in days gone by as a type of buffer overflow condition causing leaking of information, sometimes serious and important information.

You will or at least you should be hearing from secure websites where you have made purchases and have accounts, as well as banks you use, and many more secure websites as they update their SSL Certificates.

Many have been working on this and many have already taken care of this on their servers.

Once it is taken care of, then you want to change your password but not before.

If the website was vulnerable, they should be contacting you, or when you login you will see a notice about it. Soundcloud.com was a good example. When I logged in today, they presented a banner across the top about the Heartbleed vulnerability.

When/If a secure website was vulnerable, they will be contacting you when they get this fixed on their website server, so you can change your password.

The sad thing is that this bug has been out there for at least 2 years!

Here’s a really good article about this in layman’s terms and there are several sites for testing supposedly secure websites for your banks, credit card companies, email, etc.:

Heartbleed OpenSSL Bug FAQ for Mac iPhone and iPad users – Intego.com Blog

What CERT and others are recommending to these websites that are vulnerable is to implement Perfect Forward Secrecy like StartPage.com and ixquick.com where they have this knowledge base article:
“Heartbleed” is a security vulnerability in OpenSSL (Secure Socket Layer) encryption that permits eavesdropping on communications and access to sensitive data such as passwords. Heartbleed gives read access to the memory of the encryption functions of vulnerable servers, allowing attackers to steal the private keys used to encrypt data transmissions.StartPage’s vulnerability to this attack was limited, since we had implemented a more secure, upgraded form of SSL known as Perfect Forward Security (PFS) in July 2013. PFS is generally supported by most recent browser versions. Since PFS uses a different “per-session” encryption key for each data transfer, even if a site’s private SSL key is compromised, past communications are protected from retroactive decryption.

Security is a moving target, and we work hard to stay ahead of the curve. Immediately after the Heartbleed security advisory, StartPage’s encryption modules were updated and encryption certificates were changed.

In independent evaluation, StartPage and Ixquick outscore other search engines on encryption standards, earning an A+ rating. See Qualys’ SSL Labs evaluation of StartPage’s encryption features here:
https://www.ssllabs.com/ssltest/analyze.html?d=startpage.com&s=69.90.210.72

This problem is serious and needs to be addressed, but don’t panic. Secure websites that are vulnerable are working on the problem that was discovered this week.

Wait to hear from companies about whether they were vulnerable and that they have fixed the vulnerability on their secure webservers before changing any passwords.

Some good things to note, Apple and Microsoft have already notified that their services are not vulnerable. Here’s the Hit List from Mashable:

The Heartbleed Hit List: The Passwords You Need to Change Right Now – Mashable

Some big names that you might be happy to hear were not affected according to the Mashable article:

Apple, Microsoft, Amazon, eBay, PayPal, Target, Walmart, LinkedIn, Hulu, AOL email, Hotmail/MSN/Outlook.com emails and more.

All the Google servers have been updated:

You may have heard of “Heartbleed,” a flaw in OpenSSL that could allow the theft of data normally protected by SSL/TLS encryption. We’ve assessed this vulnerability and applied patches to key Google services such as Search, Gmail, YouTube, Wallet, Play, Apps, and App Engine.Google Chrome and Chrome OS are not affected. We are still working to patch some other Google services. We regularly and proactively look for vulnerabilities like this — and encourage others to report them — so that that we can fix software flaws before they are exploited.

More in the article.

More information on Heartbleed:

EDIT: Please check the comments for some additional links that are very helpful and informative about the Bleeding Hearts Club by EFF.org, the vulnerable routers from Cisco/Juniper Networks as well as some additional VPN  and other products. And some good news about 1Password.

Microsoft Patch Tuesday March 2013 – Flash and Java

Microsoft has released seven items in their Security Bulletin for March 2013. Most are for Microsoft Office, one is for Internet Explorer and two in Windows itself.

NOTE: If you are using Windows 8, in addition to the other Microsoft Windows, Internet Explorer and Microsoft Office updates, you will also get a Flash update. Don’t forget that Flash is built into Internet Explorer in Windows 8, just like Flash is included with and updated by Google Chrome. What that means is that you do not have to keep Flash updated for those two browsers – IE 10 in Windows 8 and Google Chrome  keep Flash updated for you.

More information at Security Garden blog.

You do still need to keep Flash updated for other browsers like Firefox and Opera, and Internet Explorer on earlier versions of Windows.

Also don’t forget that Oracle’s Java has had three, count them three, updates over the past month for Java. Make sure/verify you are at the latest version of Java: Java 7 Update 17.