Large_logo_square_bg_620x620_transIn an effort to continue providing our clients with the latest office technology security and support, Onsite PC Solution is changing its name to Ophtek.

Among the existing services being provided, Ophtek has evolved into the following wide array of business IT security and support services:

  • Desktop and Laptop Support
  • Mobile Device Management
  • Networking and Wifi
  • Knowledgeable IT Support Staff
  • Regular IT Support Visits
  • Dedicated Client Web Portal
  • 24/7/365 Hardware/Software/Network Monitoring
  • Pro-Active Hardware Monitoring
  • Server Management
  • Secure Cloud and Local Secure Backup
  • Disaster Recovery Planning
  • Security Patch Management

To learn more about how Ophtek can secure, support and improve your business technology, contact us today.

Read More


Windows 8.1 Administrator Access

Google publicly disclosed a Windows 8.1 bug that allows administrator access to PCs. The disclosure highlight a vulnerability affecting millions of users.

This has left Microsoft outraged, especially considering that they were about to release a patch for it.

The news originated from Forshaw, one of Google’s researchers who found the bug and published it online. The bug is backed up by the Google’s POC (proof of concept) scheme, which was tested on an updated version of Windows 8.1. It’s not entirely clear whether earlier versions of Windows, such as Windows 7 operating systems, are also affected by the bug.

Microsoft went on to express their displeasure by stating that such bug reports shouldn’t be released until after a fix has been made available.

According to Microsoft, for such a bug to cause problems, the perpetrator trying to access the computer would need to know the password of the local machine. This is still a big enough risk to have over a network, as any hacker will use this simple fact as motivation to steal passwords and ultimately gain elevated user privileges.

An unpopular decision?

Google’s Project Zero carries out research and bug testing on various systems. Once they find a bug, their policy is to give 90 days for the vendor to fix the issue.  The 90 days disclosure time had passed and Google went ahead and published their report a couple of days short of Microsoft releasing an update, on their patch Tuesday.

Patch Tuesday occurs on the second, and sometimes fourth, Tuesday of each month in North America.

Patch Tuesday occurs on the second, and sometimes fourth, Tuesday of each month in North America.

It leaves little to guess why Microsoft recently pulled their ANS (Advanced Notification Service) from the general public and made it only available to paid Premier support clients. This means that only paying customers would know of the security issues before their scheduled release on Patch Tuesday.

The vulnerability: Briefly explained

An internal function exists within the Windows 8.1 operating system, known as AhcVerifyAdminContext. Google’s proof of concept tested this using a couple of programs and some commands to bring up the calculator in Windows as an administrator.

Vulnerability Overview:

  • The vulnerability in unpatched versions of Windows 8.1 has a function which consists of a token. The problem is that this token doesn’t correctly verify if the user logged onto the computer is an administrator.
  • It checks the footprints from user’s impersonation token and matches these between the user’s SID and the system’s SID.
  • What it doesn’t do is verify the token’s impersonation level against anything else.
  • This leads to the vulnerability where an identity token can be added from a local process on the system, and as a result, skip the verification stage.
  • This vulnerability only needs to be exploited by someone who knows that it’s available on an un-patched version of Windows 8.1.
  • The hack could be something like an executable that creates a cache, and uses a registry entry on the computer to reload itself.
  • All that would be required is to use an existing application on the computer to run and elevate these privileges.

The proof of concept Google used includes two program files and a set of instructions for executing it. This resulted in the Windows calculator running as an administrator. Forshaw states that the bug is not in UAC (user access control) itself, but that UAC is used as part of it to demo the bug.

Protecting Yourself and Your Business

We suggest keeping your anti-virus updated, along with Windows Security Updates to patch up known vulnerabilities on the computer. Depending on your office set-up, it is also a good idea to enable firewall on PCs too if not at least your network.

For more ways to secure your business data and systems, contact your local IT professionals.

Read More


What is Google Fiber

Google Fiber is a new Gigabit Internet provider that could be coming to your area. What is Google Fiber and what should you know to be ready?

Will Google have to step on anyone’s toes to roll out such service and what impact can Google Fiber have on businesses and private users? Before we delve into all of this, let’s first understand what Google Fiber is.

What is Google Fiber?

Google is expanding their service portfolio to provide fast Internet to the market and become an established Internet Service Provider (ISP), in hopes of joining the ranks of their competitors AT&T, Comcast and others.
Google is also pushing out the boat by claiming to provide 100 times faster internet speed than other ISPs, with Gigabit (1000 Mbps) download speed. Google Fiber also offers 1TB Cloud storage and TV packages, in addition to their Internet service, to make the plan more appealing and practical to their potential customers.

With Google Fiber, businesses and private users would benefit by having:

The Roadblocks for Google Fiber

Running_utility_lines_fiber

Google is looking to roll out their Google Fiber services across the United States, and have already planned to include metropolitan areas such as San Antonio, Phoenix, Salt Lake City, San Jose, Portland, Nashville, Atlanta, Charlotte and Raleigh-Durham.

Since this covers a wide geographic area with different topology to contend with, Google needs to be able to access the utilities infrastructure in order to install the service, which has become their main obstacle. Therefore in efforts to overcome this obstacle, Google has filed a request to reclassify ISPs under Title II of the Telecommunications Act to the Federal Communications Commission (FCC). If reclassification is granted by FCC, then Google will be able to run their Fiber installation on the same poles their competitors currently use to provide broadband.

This would be a huge victory for Google, but a nightmare for Comcast, AT&T and other broadband providers as they’ll need to adapt to newer regulations and give up a share of the market.

If Google has Title II rejected by the FCC to use the already established infrastructure, this would hinder Google Fiber’s roll out across the country as they’d need to literally build around it, making it even more costly business venture for them.

Where is Google Fiber Active?

At present, you’ll find Google Fiber rolled out and live in the area of :

  • Austin,
  • Kansas City
  • Provo

Google provides a website to check if your address is serviceable by Google Fiber.

If Google is granted Title II by the FCC, that’d make the infrastructure available to move the service quickly across to other cities and areas.

For more ways to speed up your office network to ensure business continuity, contact your local IT professionals.

Read More