Uncategorized Archives - Page 5 of 7

What to do when your Wifi won’t work

Network, Uncategorizednetwork, wirelessOphtek, LLC

Apr 2015

Is your Wifi not working? No problem, simply follow our quick checklist to get your Wifi back online so you can get on with business as usual.

It can be annoying to lose your Wifi connection at home or in the office. Besides, where would one be without Wifi these days?

Not having a Wifi connection can effect a multitude of business operations such as losing access to both the internet and your internal network, email, shared peripherals (such as printers and scanners), and any other wireless resources connected to your router.

For many, it’s no longer feasible to have ethernet cables swimming all over the place.
To help end this panic, we’ve compiled a three -step troubleshooting list to get your wireless working again.

Restart your device or computer. The idea is to restart whichever device has lost its Wifi connection. It is best to do this first, as it may be an isolated issue with only the your computer, laptop, printer or smartphone. It’s also good idea to confirm this by checking to see if other devices and computers are connected and working over the wifi.

Restart your wireless router. If all devices connected to your Wifi router appear to be offline, then the problem is likely to be the router. You may want to observe whether your router is flashing amber or red lights, which is a sign that it has lost connectivity. Green lights are usually an indicator of a Wifi router being online, operating as usual. A simple reboot of your Wifi router by unplugging it from the power for 1 minute and plugging it back in can help it come back online. If the router continues to play up after a few minutes following a reboot, contact your ISP to check if there are problems with the internet connection. If not, the Wifi router may need to be replaced.

Make sure you’ve selected the correct wireless access point. Check to see which access point you’ve connected to by checking your device’s wireless settings. If you’re unsure about the wireless access point name, you can double-check it by reading the label displayed on the Wifi router or, alternatively, you can or ask your network administrator what it is. Understandingly, it’s so easy to pick the wrong wireless access point as most households and businesses have Wfi routers emitting wifi everywhere.

For more ways to troubleshoot networking problems, contact your local IT professionals.

Lenovo Caught Shipping Laptops with Invasive Adware

Security, Uncategorizedlenovo, security, superfishOphtek, LLC

Apr 2015

Lenovo has been caught red-handed shipping laptops with invasive adware. Read more here to find out the implications of why you should be concerned.

If your office has purchased any number of Lenovo laptops during the latter part of 2014, then these systems are likely affected by pre-installed adware.

There’s now little wonder as to why your office’s antivirus or antimalware software might have been bugging you about a malicious adware named “Superfish”. If your systems administrator hasn’t been able to pinpoint the particular source, the culprit could really be the OS itself or Lenovo.

In 2014, several Lenovo notebook users reported injected advertisements while doing regular internet searches. The adware was identified as “Superfish” with capabilities of injecting third-party advertisements to not only on search engines like Google but by any website visited as well. Experts and technical enthusiasts have determined the adware was already pre-installed with the notebook by the time a unit is purchased.

Is It a Big Issue?

Although Lenovo would claim otherwise, experts point out that this invasive software can affect both users’ privacy and security.

For internet users who are annoyed by those numerous and deceiving web advertisements, this would already be a problem. Even the more savvy users can be deceived due to the nature of the advertisements displayed, which are designed in a way to look like they are part of the search results or the webpage itself.

A serious security threat which can spy and steal your data

Other than the ability to bombard you with online advertisements,”Superfish” also gives the perpetrators an opportunity to spy on the user’s activities when online and even monitor personal data:

The adware installs itself as a root security certificate in the laptops.
A security certificate is a small system file/key that determines which websites, servers, and software are trustworthy and which are not.
A root certificate can be likened to having a “master key”, where its authority will be adopted within the internet settings of a computer.
This makes a computer vulnerable by tricking it into thinking a website is secure, even if it’s not.

It’s a window of opportunity for cyber criminals to spy on their targets or even deceive them to give out personal data like usernames and passwords. There’s also a risk for laptops to be susceptible to malware and virus attacks since they can slip through their antivirus/antimalware software by using the certificates to make them look like legitimate files.

Lenovo’s Response

Lenovo recently confirmed selling their units pre-installed with adware and shipping them worldwide. According to Lenovo, only units produced between September and December of 2014 were affected. Additionally, Lenovo defended the addition of “Superfish” in its laptops citing that the goal was to improve user experience when shopping online and that it does not monitor user activity.

As of January 2015, Lenovo has stopped shipping the adware on its computer products and has promised not do so in the future. It has also disabled “Superfish” and server interactions for the affected units and users. This “feature” should now cease to exist.

Check if you are affected by Superfish

Filippo Valsorda has setup a quick online test to see if your computer and internet connection are affected. The test can be run here.

For more ways to stay protected, contact your local IT professionals.

Microsoft Security Essentials Has Little Effect

Security, Uncategorizedmalware, microsoft, securityOphtek, LLC

Mar 2015

Microsoft Security Essentials is not as effective as you may think. Here’s a summary of the last two AV testing evaluations carried out by AV-Test.org.

There mare any anti-virus programs available to install, some are free, like Microsoft Security Essentials (MSE) and others, like Trend Micro, Kaspersky and the like are paid with free versions available providing less features such as real time scanning.

Are paid ones any better than free AVs? A better option is to run Malwarebytes. We’ll conclude a little later.

AV-Test Results

AV-Test.org is an is an independent test center based in Germany where they carry out tests to evaluate which anti viruses can withstand a variety of malware. This particular test involved approximately 12,327 different malware, along with 153 emulated zero-day attacks, on Windows 7 machines.

Out of the 28 tested AV programs tested, Microsoft fared poorly by failing to protect its own operating system. In fact it came in last compared to all their 27 competitors. These tests were carried out in December 2014 and they measured usability, performance and protection, which resulted in classifications.

This is not the first time Microsoft came last here. They’ve also come last in the previous run of tests in 2013. They had gained top marks for MSE usability and were above averaged in performance but scored a big fat zero in the most critical part, to protect against malware!

Microsoft’s Perspective

In defense of Microsoft’s AV-test results, Joe Blackbird, representing Microsoft, wrote in a blog about it. He spoke out against the malware attacks tested by AV-Test, and stated that they’re unlikely to occur in the wild to pose a major risk to users. To support his statement, he mentioned that 94% of the samples carried out in the test were not picked up by MSE and didn’t even end up infecting their systems, hence not posing a serious risk.

Overall, Microsoft has made it clear that the AV-test results in the past does things differently as opposed to prioritizing their protection based on actual real malware threats.

Are paid anti-virus programs any better than the free ones?

Based on AV-test results, it seems like it’s highly likely. However, not all paid solutions offer the best protection. For instance, McAfee Internet Security is a paid solution and it was not far off from being the worst in protecting from the list of Malware threats. They were next to last on the list, with being only slightly better than MSE.

The highest rated AV from the test results to offer the best protection against malware attacks is Kaspersky, which happens to be a paid solution.

You do not need to necessarily go out and spend money on an AV. However, if you do run MSE, a better option is to run Malwarebytes, which is effective and free.

For more ways to secure your data and systems, contact your local IT professionals.

What is Remote Code Execution?

Network, Security, Uncategorizedmalware, security, virusOphtek, LLC

Jan 2015

Why do hackers use remote code execution as a malicious attack on businesses? Here we’ll explain what remote code execution is and why most malware uses it.

Remote execution attacks are very real and should not be taken lightly. This is mainly due to the damage which can result in malware disabling parts of a system and disrupting business operations.

What is remote code execution?

Remote code execution can be best described as an action which involves an attacker executing code remotely using system vulnerabilities.

Such code can run from a remote server, which means that the attack can originate from anywhere around the world giving the attacker access to the PC. Once a hacker gains access to a system, they’ll be able to make changes within the target computer.

The attacker leverages the user’s admin privileges to allow them to execute code and make further changes to the computer. It’s often the case that such user privileges become elevated. Attackers usually look to gain further control on the system they already have a grip on and look to exert control onto other computers on the same network.

Examples of remote execution attack

Whether a business realizes it or not, malware threats are consistently looking for vulnerabilities and a chance to infiltrate past security. In essence, every attacker is an opportunist and they’re unlikely to hold back once they’ve spotted a loophole within a system.

Scenario 1:

An employee browses the Internet with the Internet Explorer browser and visits a website, which they were prompted to visit via an unsuspecting email message. Little do they know that the website exploits a bug on their browser, allowing for remote execution of code to occur. The code is set up by a criminal who has programmed it to run on the employee’s computer, and in turn, installs a Trojan virus. A Trojan allows a back door into the computer, which can be accessed at any time by the attacker. At this point, the criminal has complete access to the employee’s data files and will do as they please with it.

Scenario 2:

A business runs an unsupported version of Windows on a computer, which happens to be Windows XP. An employee visits a website, however this website has been compromised, and a bug detects the user working on a computer that has Windows XP. Since this particular operating system is no longer patched by Microsoft, vulnerabilities are eminent. The bug picks up on this and begins remote code execution, set up by a criminal, to run ransom-ware on your computer. The ransom involves the criminal holding the company’s files hostage until payment is made.

How can you protect against remote code execution attacks?

The most practical way to approach this is to patch up the vulnerabilities found on all computers over the network, especially those used by administrators. To look at it another way, any available holes are waiting to be exploited which can potentially permit an attacker entry onto the computer system, where they can run any malicious code they want.
Therefore, keep your system updated with the latest patches by looking out regularly for Microsoft’s Patch Tuesday fixes. Microsoft offers monthly security updates to patch critical vulnerabilities pertaining to the remote code execution issue. It’s best to apply these as soon as possible.
Be sure to upgrade from unsupported operating systems, such as Windows XP, to make sure that your systems aren’t an easy target to attackers.

For more ways to secure your systems, contact your local IT professionals.

Timeline of Sony Cyber Attack

Uncategorizedmalware, network, securityOphtek, LLC

Jan 2015

The Sony data breach in late 2014 has caused embarrassment towards their own top executives and employees. Here is a timeline of the Sony hacking events.

Here’s the timeline of the 2014 Sony Pictures Cyber-attacks:

November 24

Early morning at Sony Pictures Entertainment Headquarters, based in Culver City, an image of a skull with long skeletal fingers simultaneously appeared on all employee’s computer screens. The image contained a threatening message saying, “This is just a beginning. We’ve obtained all your internal data.” This was noted to be the first sign of the digital break-in.

November 25

Computers at Sony headquarters in Culver City and overseas remain shut down. The spokesperson of Sony Pictures Entertainment said that they were investigating an IT matter. However, several news organizations report that Sony has suffered a digital security breach.

November 26

Sony employees continue working even without computers and other digital technologies, such as voicemails and emails.

November 27

Five Sony films were leaked online and made available on on-line file-sharing hubs. Four of the five films are yet to be released. Included in the films are Brad Pitt’s Fury, Annie, Still Alice, Mr. Turner, and To Write Love on her Arms.

November 28

Initial reports surface that Sony Pictures Entertainment suspects North Korea being the one responsible for the attack. Sony beleives that the attack is in retaliation for the film “The Interview”. The story is about a plot to assassinate the North Korean dictator.

November 29

Sony’s computers are still shut down.

November 30

The speculation and reports indicate that North Korea is behind the cyber-attack.

December 1

Multiple confidential Sony documents were leaked including the pre-bonus salaries of Sony’s executives. The information also includes salary details of more than 60,000 Sony employees. Executive figures are published in many sites, including Deadline. Sony works with the FBI to investigate the attack.

December 2

A company-wide alert was delivered to employees about the attack, which was issued by Sony’s chiefs Amy Pascal and Michael Lynton.

December 3

Critical information has been extracted from a big dump of stolen data which included a large list of account credentials, YouTube authentication credentials, UPS account details, all in plain text. To add to this, it also included a collection of scathing critiques of Adam Sandler movies along with files containing information on passports and visas of crew and cast members who have worked on Sony films. Some of this confidential information is published on online sites, including a 25-page list of workplace complaints of Sony employees.

Sony stated that the investigation is on-going.

December 4

A Flash warning from the FBI is made regarding the malware attack, named Destover Backdoor, and alerted all large American security departments.

Press reports also stated that some cyber-security experts found out some significant similarities between the codes used in the cyber-attack of South Korean companies and government agencies, which were also blamed on North Korea and the codes used in the Sony attack.

December 5

The Sony attackers who are claiming to be the “Guardians of Peace” sent Sony employees an e-mail threating them that they will hurt their families if they don’t sign a statement disclaiming the company.

December 7

Further data leaks occur involving the financial details from Sony Pictures. According to Bloomberg, the leak traces back to a hotel in Thailand where an executive from Sony was lodging there at the time.

North Korea praised the attack by calling it a “righteous deed” and denied any involvement in the attack.

December 8

More leaks, which were uploaded to pastebin, were added but were soon taken down. This information illustrated details of email archives belonging to two executives; the President of Sony pictures and his co-chairman, Steve Mosko. This leak was believed to have not been North Korea; it most likely came from a disgruntled employee group.

December 10

More legitimate leaks are disclosed, this time pertaining to details of tracking film piracy activities. Such activities include showing Sony’s internal anti-piracy procedures and details regarding the five ISP (Internet Service Provider) giants, used to monitor illegal downloads.

December 12

News reports from Buzzfeed, Bloomberg News, and Gawker stated that stolen documents from Sony were released, which included the medical records of Sony employees. The listed medical conditions include liver cirrhosis, cancers, and premature births.

December 13

Further genuine leaks are involve financial account information, showing revenues, expenditures, past and current projects, and deals, of which are all current still to Sony.

December 14

The latest batch of stolen Sony documents was released by the hackers. Included in these documents is the latest version of the script of “Spectre” which is the next James Bond Film. Sony hired famous litigator David Boies who sent a letter to different news organizations demanding that they erase all stolen information that the hackers had provided them.

December 15

Former employees of Sony filed a class-action lawsuit against the studio with the claim that Sony took inadequate security measures to protect their personal data.

December 16

The hackers sent an e-mail to reporters threatening to attack movie theaters that will show “The Interview”, which was set to premiere on Christmas Day. The communication sent by the cyber terrorist to the reporters even mentioned that they should remember the 11^th of September 2001. They also threatened to fill the world with fear to show to the people that Sony Pictures Entertainment has created an awful film (The Interview).

Another batch of data was released including a huge number of e-mails stolen from Sony’s co-chairman and CEO Michael Lynton. Former Sony employees filed a second class-action suit with the claim that Sony was negligent in not protecting their personal data.

In connection with the threat made by the hackers to theaters, Sony told theater owners to cancel the showing of the film “The Interview” if the threats of the hackers worry them. In response to this, Carmike was the first chain to declare that it will not show the film. Landmark Theaters also said that the New York premiere of the same film was been cancelled.

December 17

Sony Pictures Entertainment pull the planned release of the film “The Interview” on Christmas Day in connection with the threat of the cyber terrorist to attack theaters that show the film. Moreover, Sony also pulls every TV advertisement of the film.

December 18

The hackers praised Sony’s decision of pulling the premiere of the film and said that as long as the film was kept out of theaters the threat will end. However, there is still a high chance of attack if the film is to be released in VOD (video on demand).

December 20

North Korea invites the United States to take part in a joint investigation regarding the Sony attack as a proclamation of their innocence. However, they warned the United States of “serious consequences” if ever they retaliate.

December 23

Sony decided to move ahead with the release of the film on Christmas day and allow it to be screened across participating theaters. Simultaneously, the film would be planned to be released in VODs. Sony claimed victory for this decision since they have never given up a film before.

December 30

Sony made the film available for rent online.

Final thought …

This timeline for Sony Pictures Entertainment Cyber Attack serves to create a better picture of what all the fuss was about. With so many events, it can be confusing to keep up with the news; therefore, we hope some value is found from understanding what such a run of malicious attacks can do to a company, even as big as Sony Pictures. Stay safe and always keep your systems and networks up to date.