How To Fix: Browser stuck on a New Tab

Software, , , ,
11
Apr 2014

Typical Chrome New Tab page

Typical Chrome New Tab page

If your browser cannot leave a new tab page such as the Chrome one shown above and cannot navigate to another web page, here are a few possible remedies.

First, check if the keyboard or mouse is the issue.

Check if the backspace or other key is stuck. If that is the case, try to raise the key. Failing that, unplug the mouse and keyboard and see if the problem persists. Perhaps a key or short cut is being repeatedly triggered without the user’s knowledge. This can be confirmed by using a different keyboard or mouse.

Second, if it’s an issue with the browser

Other than Internet Explorer, you should save bookmarks into an html file then uninstall the browser thoroughly with an uninstaller tool such as Revo or from the Windows Control Panel. Reinstall the browser and see if the browser still freezes on the new tab page.

Internet Explorer is integrated with the Windows installation and cannot be simply uninstalled. For IE, after backing up desired new settings, configurations, and files, perform a system restore. Restore Windows to the last remembered time that the browser did not experience the new tab persistence problem.

For more tips or advice on troubleshooting common software issues, contact your local IT professionals.

Read More

Major Online Security Bug Found: Heartbleed

Internet, Security, , ,
08
Apr 2014

A major OpenSSL bug has been found that could affect 70% of secure websites.

A major OpenSSL bug has been found that could affect 70% of secure websites.

A major bug has been found in the popular OpenSSL library used by thousands of online merchants, email providers and banks.  The bug allows anyone on the internet to read a user’s private information while it is being sent back and forth to the website.  A security advisory has been issued by OpenSSL.

Why is the bug called Heartbleed?

The code affected by this bug is in the heartbeat portion of the protocol which keeps the connection to the website active.  When the bug is exploited it causes memory to leak its content while it is being sent over the internet, which contains sensitive and private information.

How does this affect me?

If the website you are logging in to, such as your bank, email or an online store uses a version of OpenSSL that has this bug:

  • An attacker can open a connection to your bank over and silently download among other things the keys used to prove the bank is who they say they are.
  • They can then pretend to be your bank and you will not notice anything different, while all of your communication is being stolen.

It is estimated that up to 70% of internet websites are affected by this bug.  Companies can fix the bug by upgrading to the latest version of OpenSSL, creating new certificates and removing old certificates.

How can I protect myself?

First check if the website you are accessing has an “https” in front of the address, meaning it should be a secure connection. All banks, email webpages and online stores should have this:

Check for https in front of your website address.

If it is a secure connection, enter the website here to check if the bug exists.

http://filippo.io/Heartbleed/ will let you know if the site has the Heartbleed Bug.

http://filippo.io/Heartbleed/ will let you know if the site has the Heartbleed Bug.

If it does exist, avoid using the website until they have upgraded their OpenSSL.  For further assistance with the Heartbleed bug or other security issues, contact your local IT professionals.

Read More

Post Windows XP: Exploit Attack is Imminent

Security, Software, Uncategorized, , ,
08
Apr 2014

 

The original Windows XP Background location taken in Sonoma Valley, California

The original Windows XP Background location taken in Sonoma Valley, California

Windows XP has officially been retired by Microsoft but does that mean you can safely continue running it at home or at the office?  A report put out by security firm F-Secure has recently highlighted some ways to stay somewhat safe while continuing to run the expired Operating System, while emphasizing that an exploit could be ready any day now:

1. Install the final updates for Windows XP from Microsoft

2. Make sure Microsoft Office is fully patched

3. Update all third party software

4. Run a firewall and antimalware protection

5. Run Micrososft’s EMET (Enhanced Migration Experience Toolkit)

Although these steps can help delay a system compromise, once Windows XP has been infected it is considerably more difficult to clean than other operating systems.  Virus and malware writers will now be able to look at the updates released for Windows 7 or 8 and know exactly where to attack Windows XP since the operating systems share some similar code.  The report also goes on to mention that an exploit on Windows XP will occur soon.

 

The latest F-Secure report highlights risks of continuing to run Windows XP

The latest F-Secure report highlights risks of continuing to run Windows XP

According to the report, web based attacks and infections doubled in the second half of 2013.  It is important to note that modern virus writers and criminals often do not want to damage a computer system.  It is much more lucrative to hold the system ransom for money or to steal sensitive information such as bank logins, email accounts and credit card information.

For more guidance on moving away from Windows XP or securing your home or office, contact your local IT professionals.

Read More

Scammers Hijack SOHO Routers to Steal User Information

Internet, Office IT, Office Network, Repairs and Upgrades, Security, Services, , , , , , , , ,
06
Apr 2014

TL-WR1043ND-01

TP-Link is among the vendors affected by the SOHO pharming campaign.

Recently, it was discovered that several hundred thousand routers fell victim to a hijacking scheme that could become a prevalent problem to many internet users worldwide.  The attack, dubbed as a ‘small office/home office (SOHO) pharming campaign,’ was targeting Vietnam, but according to a report by Team Cymru, the SOHO pharming campaign also made its way into regions like the US and Italy.

The criminals behind the pharming campaign took advantage of exploitable security holes in various consumer-grade routers, and from there they were able to redirect users to malicious websites to steal login credentials and/or dropped malware onto the users’ computer.  The scary part about this SOHO campaign is that more than one type of routers are affected.  According to Team Cymru, the compromised routers could be a brand name like D-Link or and off-brand like TP-Link.

soho-hijack

A diagram depicting the ‘man-in-the-middle’ hijacking scheme from Team Cymru.

Cyber security experts found that once the attackers had control of their targeted routers, they changed the devices’ Domain Name System (DNS) settings to force users to send out requests to the 5.45.75.11 and 5.45.75.36 IP addresses.  The new DNS settings then acts as a ‘middle-man’ and redirect users to malicious sites instead of legitimate ones.

While it is easy to point the fingers directly at the people manufacturing the routers, it’s not completely their fault.  There’s no such thing as a ‘hands-off’ policy when it comes to protecting yourself from intrusions by cyber criminals.  That said, there are a few things many router owners can do to lessen their chances of becoming victims to the router hijacking scheme.

  1. Disable router’s remote user-mode and graphical user interface. Disabling remote access will help keep users who aren’t directly connected to your network from accessing your routers’ admin properties.  Disabling the GUI will, reportedly, mitigate the likelihood that someone can find a hole in the routers’ software.  Instead of making changes to the routers’ setting via a graphical interface, try to change the settings via command lines.
  2. Corporate networks may want deploy tracking systems (i.e. an HTML code on the externally facing servers) to detect possibly malicious IP addresses.
  3. All SOHO router settings (especially DNS) should be controlled at the host level.
  4. Admins must proactively monitor router settings periodically to ensure that the router’s DNS is pointing at those that belong to their internet service providers (ISP).

These are just a few of the basic security measures you must consider if you or your organization is using a SOHO router.  Should you have any questions or concerns regarding the recent SOHO pharming campaign or what you should do tighten up your network security, contact our IT professionals.

Read More
1 2