Tag Archive for: windows

Chrome: From HTTP to HTTPS

, ,

Within the last year, Chrome has helped users understand that HTTP sites are not secure. More websites use HTTPS, a safer protocol, than ever before. So, how can you benefit from this transition? Find out here.

For several years, Google has moved toward a more secure web by strongly advocating that sites adopt the Secure HyperText Transfer Protocol (HTTPS) encryption. And last year, Google began marking some HyperText Transfer Protocol (HTTP) pages as “not secure” to help users comprehend risks of unencrypted websites. Beginning in July 2018 with the release of a Chrome update, Google’s browser will mark all HTTP sites as “not secure.”

Chrome’s move was mostly brought on by increased HTTPS adoption. Eighty-one of the top 100 sites on the web default to HTTPS, and the majority of Chrome traffic is already encrypted.

Here’s how the transition to security has progressed, so far:

  • Over 68% of Chrome traffic on both Android and Windows is now protected
  • Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
  • 81 of the top 100 sites on the web use HTTPS by default

HTTPS: The benefits and difference

What’s the difference between HTTP and HTTPS? With HTTP, information you type into a website is transmitted to the site’s owner with almost zero protection along the journey. Essentially, HTTP can establish basic web connections, but not much else.

When security is a must, HTTPS sends and receives encrypted internet data. This means that it uses a mathematical algorithm to make data unreadable to unauthorized parties.

#1 HTTPS protects a site’s integrity

HTTPS encryption protects the channel between your browser and the website you’re visiting, ensuring no one can tamper with the traffic or spy on what you’re doing.

Without encryption, someone with access to your router or internet service provider (ISP) could intercept (or hack) information sent to websites or inject malware into otherwise legitimate pages.

#2 HTTPS protects the privacy of your users

HTTPS prevents intruders from eavesdropping on communications between websites and their visitors. One common misconception about HTTPS is that only websites that handle sensitive communications need it. In reality, every unprotected HTTP request can reveal information about the behaviors and identities of users.

#3 HTTPS is the future of the web

HTTPS has become much easier to implement thanks to services that automate the conversion process, such as Let’s Encrypt and Google’s Lighthouse program. These tools make it easier for website owners to adopt HTTPS.

Chrome’s new notifications will help users understand that HTTP sites are less secure, and move the web toward a secure HTTPS web by default. HTTPS is easier to adopt than ever before, and it unlocks both performance improvements and powerful new features that aren’t possible with HTTP.

How can small-business owners implement and take advantage of this new interface? Call today for a quick chat with one of our experts to get started.

Published with permission from TechAdvisory.org. Source.

/by

Chrome users panic as new scam spreads

During the previous quarter, fake Chrome notifications urging users to dial a tech support number have grown dramatically. Research reveals that this tech support scam could possibly use an Application Programming Interface (API) to freeze the browser, convincing the user to get in touch with the support line and share their credit card details.

The End Game

The scam works by displaying an error message indicating a bogus security breach incident that renders a browser unusable. These scammers capitalize on the fact that a serious crash can’t be solved by simply closing the site, thereby sending the users into a panic. This encourages them to dial the number listed on the warning message.

On the other end of the line, the scammers would pose as Microsoft or Apple representatives to convince users into surrendering their credit card details to repair a non-existing security issue. The scams are generally carried out through legitimate sites or malicious ads that have been hacked.

The Ingenious Process

This new scam operates against Chrome by corrupting the window.navigator.msSaveOrOpenBlob programming interface, which basically uses it as a form of distraction. The hackers manipulate the browser and forces it to save a random document on a disk repeatedly at super fast intervals that are impossible to notice. After five to 10 seconds, Chrome will be completely unresponsive.

The Easy Fix

To recover, Windows users simply have to open Windows Task Manager (press ctrl + shift + esc keys) and stop the process there. On the other hand, macOS users just need to wait until a system message prompts them to close the unresponsive Chrome tab. Typically, the latter is a more appealing option since users would have the freedom to close only the corrupted page. Manually closing the whole browser means possibly losing unsaved files in any open Windows.

When faced with IT-related issues, you need to determine how you can approach them calmly. The threats in the digital world may be terrifying and intimidating, but causing a panic in your workplace isn’t the answer. Call us as soon as any problems arise, and we’ll help you as soon as we can. We can even hook you up with other security measures to beef up your network security.

Published with permission from TechAdvisory.org. Source.

/by

Enlist IT help when installing CPU updates

When it comes to security updates, time is usually of the essence. The longer you wait to install a fix from a vendor, the higher the risk of being compromised. But in the cases of the Meltdown and Spectre flaws, you might be better off waiting until a more reliable patch is released. Let’s review what’s going on and what the best course of action currently is.

Unsecured data storage

Spectre and Meltdown are the names given to two hardware flaws that allow hackers to see any piece of information stored on your computer. Although slightly different in execution, both take advantage of a hardware feature that computer chips use to access and store private information. For the last 20 years, security experts believed this information could not be stolen or spied on by malicious software, but that assumption was proven false on January 3, 2018.

Now that the Spectre and Meltdown vulnerabilities are public information, hackers can use them to create programs that steal passwords, social security numbers, credit card numbers, and anything else you type into your computer.

Because these problems are hardware-based, none of the updates will be able to secure the vulnerable storage; they’ll simply prevent your computer from storing anything in it. Currently, there are patches for:

  • Operating systems (Windows, macOS, and Linux)
  • Web browsers (Chrome, Firefox, Safari, Edge, and IE)
  • Chip firmware (low-level programs installed on the processor itself)

If you’re using an Apple computer, these updates are relatively easy to install. If you’re using a Windows or Linux-based computer, these patches may cause your machine to freeze, reboot unexpectedly, or significantly slow down.

Why should I wait to install the updates?

Intel, one of the chipmakers responsible for the Spectre and Meltdown flaws, has provided contradictory recommendations on more than one occasion. As recently as January 18, Intel recommended waiting for an updated patch, but in the same announcement also recommended “consumers to keep systems up-to-date.”

Experts believe detecting an attack that is based on one of these flaws will be relatively easy and represent an alternative to installing updates that could render your computer unusable.

What should I do?

IT support experts will be able to quickly and easily assess what is the best option for your computers. For example, our team can determine whether or not your hardware will conflict with the current patches, and either install them or set up a detection strategy that will help you mitigate the risks without ruining your computer.

If you need expert IT support for quick responses and ironclad security — give us a call today.

Published with permission from TechAdvisory.org. Source.

/by

Precautions against WannaCry ransomware

The WannaCry ransomware, a type of malware that encrypts a victim’s files and extorts them for money, has already affected thousands of machines worldwide. Unfortunately, the success of this attack is just the beginning. According to security researchers, other hackers will probably develop stronger WannaCry variants in the coming months. And if you don’t want your business to become a victim of these attacks, you must take the following precautions.

Update your software
The first (and probably best) defense against WannaCry ransomware is to update your operating system. New research from Kaspersky shows that machines running Windows XP, 7 and outdated Windows 10 versions were affected by the ransomware. To check whether your systems are up to date, open your Windows search bar, look for Windows Update, click Check for Updates, and install any major updates.

Also, don’t forget to download the latest security patches for your business applications and security software.

Run security programs
Many antivirus programs now have mechanisms for detecting and blocking WannaCry malware; so when you’ve fully updated your security software, run a full system scan.

Keep in mind that antivirus isn’t a foolproof security solution. Instead, run it alongside other security applications like intrusion prevention systems and firewalls.

Use data backup and recovery tools
If WannaCry does infect your computers, only a solid data backup and recovery solution can save your business. Before ransomware strikes, periodically back up your files in both an external hard drive and a cloud-based backup service.

External hard drives will serve as your local backup solution for quick recovery times. However, we recommend keeping the external drive disconnected when it’s not being used and plugging it in only when you need to back up files at the end of the day. This is because when ransomware infects a computer, it will usually look to encrypt local backup drives as well.

Cloud-based backups, on the other hand, allow you to store files in remote data centers and access them from any internet-enabled device. When selecting a cloud services provider, make sure they provide the appropriate cloud protections to your files. For example, your backup vendor should provide reporting tools to keep track of any anomalies in your files. Document versioning features are also important. This allows you to recover older versions of a document in case the current version is encrypted.

After your local and cloud backups are set up, perform regular tests to ensure your disaster recovery plan works.

Stay informed
Finally, it’s important to stay on guard at all times. WannaCry is just one of many ransomware strains affecting businesses today, and in order to stay safe you need to be constantly up to date on the latest cybersecurity- and business continuity-related news.

For more ransomware prevention tips and services, call us today. We’ll make sure hackers don’t hold your business hostage.

Published with permission from TechAdvisory.org. Source.

/by

Wikileaks’ charges of government spying

2017April6Security_CStaving off malicious cyber attackers is already a herculean task, so the last thing you need is to feel exposed from a totally new angle. That’s how many felt after Wikileaks’ accusations that the US government was spying on its citizens. However, the truth is a lot different from what the headlines would have you believe.

What devices and apps are supposedly vulnerable?

Wikileaks labeled its ongoing release of 8,761 classified CIA documents “Year Zero.” Nestled among those files are tools and correspondence that explain how operatives could snoop on communications, downloads, and browsing history. Here is a list of the “affected” applications and hardware:

  • Windows operating systems
  • iOS
  • Android
  • Samsung Smart TVs
  • WhatsApp
  • Signal
  • Telegram
  • Confide

Those are some very big names, right? Thankfully, it’s mostly hyperbole. The reality of the situation isn’t nearly as bad as it sounds.

Two considerations before freaking out

First, almost all these exploits require physical access to devices before anything can be compromised. For example, news organizations repeatedly reported that WhatsApp, Signal, Telegram and Confide all had encryption protocols that had been subverted by the CIA. That is 100% false.

What the documents actually revealed is that the CIA was aware of security gaps in Windows, iOS, Android and Samsung’s Tizen OS, which allowed the agency to snoop on messages before they were encrypted. Messages sent in these apps are still totally uncrackable as long as the devices they are installed on haven’t been physically compromised.

Takeaway #1: Physical security is still one of the most important aspects of cyber security. Most data security regulations require certain physical security protocols as a deterrent to breaches that take place via theft of social engineering — and for good reason.

The second reason not to worry is the hardware devices and operating systems that supposedly left encrypted messages vulnerable haven’t been sold for a long time. For example, only Samsung TVs from before 2013 were vulnerable to the always-on microphone bug — which was patched in an OS update years ago.

But what about iOS — surely that’s the scariest reveal of them all, right? Not quite. Only the iPhone 3G, discontinued in 2010, was susceptible to exploitation. Furthermore, Apple immediately responded that they were aware of this vulnerability and patched it in the version of iOS that was released in 2011.

Takeaway #2: Updating software is critical to keeping your data safe. As we saw in the Year Zero leaks, just one piece of outdated software can cause a domino effect of other vulnerabilities.

In reality, the most recent Wikileaks releases shouldn’t change your approach to cyber security at all. As long as you consider data security a never-ending battle, you’ll be safer than everyone too lazy or forgetful to lock up their server rooms or update their operating system.

But running a business doesn’t always leave you a lot of time for fighting a “never-ending battle,” does it? Fortunately, that’s exactly what we do for our clients every single day. To find out more about how we can keep you safe, call today.

Published with permission from TechAdvisory.org. Source.

/by