Office 365 Users: Hack Vulnerability

Security, Software, Uncategorized, , , ,
05
Jan 2014

OnsitePCSolution_Office_365_Vulnerability

Noam Liran, the chief software architect at Adallom, recently detected a flaw in Microsoft Office 365 which can easily expose account credentials through Word Documents that are hosted on a webserver which is currently invisible to existing anti-virus software.

What Specifically Is The Problem?

When a user downloads a document from a SharePoint server, the user is required to log in their account first – after which the server verifies the login credentials and then issues an authentication token. Liran discovered that he can use his own server to copy the responses which are sent from the sharepoint.com domain server.  At that point he can generate and fake the token. An attacker doing this can inject his code to connect to an untrusted web server to capture the user’s private Office 365 authentication token.  This allows the attacked to go to the user’s organization’s SharePoint site to access anything they want without the user knowing. According to Liran this is a perfect cyber crime in which the organization does not know they have been hit.

Microsoft has been working on this vulnerability, but at the time of this writing the backdoor still existed.

How would this work in the real world?:

  • The user will get an e-mail asking them to review a document or visit a webpage. This document could be coupons, someone’s CV or contract.
  • The user will click on the link and be redirected to Sharepoint which will ask to open the document in Word. If the user accepts, Word will request the document from the malicious webpage.
  • The malicious webpage in turn will ask Word for an Office 365 token. The malicious webpage gives Word a legitimate looking document in return. The attacker will then have the Office 365 token and access to the organization’s data.

OnsitePCSolution_Word_Document

This is a serious potential threat to organizations and companies that use Office 365. Important company data can be stolen without anyone knowing. The attacker could also monitor the data which could be confidential. The attacker also has access to delete the data.

What Can I Do To Protect My Business?

Until Microsoft comes up with a solid solution to this vulnerability, users should not open any unknown or suspicious looking emails.  They should also confirm from known senders to verify the authenticity of the email.  It is also important to absolutely avoid clicking on any unknown URLs and links or open attached documents in a file.

For further assistance, let your office IT support know about this vulnerability and stay ahead of a corporate data breach.

 

 

Read More

Microsoft Ending Sales of Windows 7

Software,
16
Dec 2013

Onsite_PC_Solution_Windows_7_Ending_Retail_Sales_2
It has been reported recently that Microsoft will be ending its retail sales of Windows 7. The customers who want to install Windows 7 on their present computers after this deadline may be out of luck. From 30th October, 2014, you will not be able to buy pre-loaded Windows 7 PCs. This is to keep with their stated policy where they stop selling an Operating System directly after one year of its release. And around two years after release, they also stop supplying licenses to Original Equipment Manufacturers (OEMs).

This announcement means that Windows 7 copies will no longer be shipped to retailers and Original Equipment Manufacturers (OEMs) and they won’t be pre-installed in new computers. If you are a business that was looking to mass-install Windows 7 on office computers, then you may be out of luck. OEM partners like Dell and Toshiba won’t be pre-installing Windows 7 in new computers as well and if a business wants to buy in bulk, they will have to buy the present stock in the market.

Onsite_PC_Solution_Windows_7_Ending_Retail_Sales

For vast majority of people, this may not mean much as vendors will continue to sell Windows 7 licenses long after Microsoft stops supplying. Microsoft may not sell them directly anymore, but they are easily available online and offline. You can grab a copy of Windows 7 from Amazon virtual shelves or Newegg. And you can also buy them from offline big box stores. Often these operating system DVDs continue to be sold decades after they are released. Ordinary customers should face no problem if they intend to buy a Windows 7 license in the foreseeable future.

For large enterprises that have volume licensing arrangements with Microsoft, there is no hurdle as they will continue to enjoy downgrade rights as a part of these agreements. So in many ways, Windows 7 will continue to be a force to be reckoned with for a long time to come. Often, Microsoft also extends retail sales deadlines of operating systems to allow everyone to grab a copy.

One of the best ways to stay ahead of the Windows lifecycle is to install Windows 8.1 right now or to update your computers to Windows 7 if you haven’t done so already. Most PCs today come bundled with Windows 8, which should keep you worry free of upgrade cycles in the near future. You can also circumvent this problem as the Windows 8 Pro editions include downgrade rights that allow people to pre-install Windows 7 if they want. Using this method, you can get a direct Windows 7 license from Microsoft for a long time to come.

Read More

How To Manage Startup Programs

General, Software, ,
05
Nov 2013

CCleaner_logo_2013

In the never ending battle to keep your computer running quickly and smoothly, one of the less obvious culprits are the programs that start each time you start your computer.  Most if not all programs load in the background so you don’t actually see them starting up.  They are however taking up resources and slowing your computer down not just when they are running, but especially when they are starting up.

Here’s how you can use the free program CCleaner to manage your startup programs, spare your computer’s memory and keep it running fast.

Download_CCleaner

1. Download and install CCleaner free

CCleaner-Run-Start-Menu-Installer

2. Open CCleaner

CCleaner_Disable_Startup_Program

3. Click on Tools and Right click on any startup programs that are not 100% needed and disable them from starting up

If you are not sure which programs are necessary and which are not, consult with your office or home IT support.

Read More

Anti-Virus Updates Ending for Windows XP

Security, Software, ,
04
Nov 2013

OnsitePCSolution_MSE_Protecting_Computer

In our previous article on Microsoft ending support and updates for Windows XP, we described what made Windows XP so commonly used and the dangers of continuing to run it after April of 2014.  Microsoft has put another nail in the coffin for users who want to continue running Windows XP: no more virus definition updates for Microsoft Security Essentials on Windows XP after April 2014.

This will be quite a problem as Microsoft Security Essentials (download here) is the most commonly used free anti-virus and anti-malware on Windows computers.

In this article from ZDNet, a Microsoft spokesperson states:

“Microsoft will not guarantee updates of our antimalware signature and engine after the XP end of support date of April 8, 2014…”

Windows8or7b

The message further pushes users to upgrade to more modern Windows operating systems such as Windows 7 (which we recommend) and Windows 8.  If you want to risk running Windows XP after the April 2014 end of life date, you can use free anti-virus solutions such as AVG or Avira.  As long as you are running regular backups or Windows XP isn’t running on a business computer, then the risk is minimized.

If you are not sure if you are running Windows XP or whether you need to upgrade, contact your office or home IT support.

Read More

The Most Malicious Virus of 2013: CryptoLocker

Security, Software, ,
25
Oct 2013

CryptoLocker Ransomware demands $300 to decrypt your files

CryptoLocker is becoming the most malicious ransomware (a virus that holds your data ransom) of 2013 since your data is forever lost without a solid backup copy or shadow copy. Here is a summary of what it does and how you can protect yourself.

What does it do to my files?

CryptoLocker will scan your computer and shared network drive for common document files and encrypt them making the files completely innaccessible until you pay a ransom of approximately $300 within 4 days. There is no way to decrypt your files even if your anti-virus cleans the infected computer.

[spoiler title=”Here is a full list of files affected:” open=”0″ style=”1″]
*.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c[/spoiler]

How would I get infected?

CryptoLocker spreads through attachments in e-mails. The email will look like a customer support issue with a zip file attachment. The virus is inside the zip file hidden as a PDF document.

There have also been reports of people being infected by visiting a website that has Java, a common web programming language.

cryptolocker_wallpaper

How can I protect myself?

There are some security policy changes that can be made to computers to prevent the virus from running, however you must be comfortable with Windows system administration to make the changes. CryptoPrevent will also make these changes for you.  Although rare, you must be careful since it could disable other programs.

The most straightforward way to protect yourself now and in the future is to install MalwareBytes Pro and Avast which both detect and prevent infections. Microsoft Security Essentials is simply not advanced enough to detect this virus.

Having an office or home policy of never opening emails or attachments unless they are from a trusted sender is the first line of defence.

What are my options if I am infected?

The best way to recover from an infection is to run the free version of MalwareBytes to delete the virus, then recover your encrypted files from a backup.

Alternatively, you can use ShadowExplorer or Shadow Volume Copies to recover an older un-encrypted version of the file only if System Restore is enabled in Windows.

If you have no backup, your only option is to pay the ransom and wait for your files to be decrypted by the virus.

cryptolocker_decrypting

Read More
1 9 10 11 12