Onsite_PC_Solution_Windows_Update_logo

A recent Windows 7 update meant to make the transition from Windows 7 to Windows 8 easier has been causing systems to freeze up according to many user accounts online.  Microsoft released this update on April 22nd as KB2952664. There have been updates in the past which have caused the operating system to lock up, freeze or malfunction such as this Microsoft Security Essentials update for Windows XP which was pulled by Microsoft after user’s started having issues.

 

Although the patch has been labeled as an “important” update on some systems and “optional” on others, it isn’t necessary to keeping Windows 7 operating properly.  It is best for users to hide this update completely.

If you haven’t installed it yet, here’s how you can avoid this update and avoid issues with your Windows 7 System:

Go to Start and type “Windows Update” without the quotes in the search box.  Click on Windows Update at the top of the list:

Onsite_PC_Solution_Start_Programs

 

You will need to look in both the Important Update and the Optional Updates for this patch:

Onsite_PC_Solution_Windows_Update

 

Search for the patch with id KB2952664 in the updates list, right click on it and select Hide Update:

Onsite_PC_Solution_Find_KB2952664

 

If you have already installed the update, or don’t see the update listed in the Important Updates or Optional Updates section, you may need to uninstall it manually.

You can do this by going to Start -> Control Panel -> Programs and Features -> View Installed Updates.  Then find the patch with ID KB2952664, right click on it and select uninstall.  Then follow the steps above to hide it from future updates.

All monthly maintenance clients will have this done for their systems during their next update cycle.  For further support or questions about this issue, contact your local IT professionals.

 

Read More


Onsite_PC_Solution_Heartbleed

The OpenSSL bug known as Heartbleed has affected thousands of websites worldwide, even some common ones you use everyday.  Mashable has done a terrific job of compiling a list of sites that have been affected, patches and more importantly the sites you should change your password on immediately.

Keep in mind that there are already open source tools available to the public that take advantage of the Heartbleed bug, and more will likely become available.

Here is the list of major websites that have been patched, but you should change your password for immediately:

 

Facebook
Box

Tumblr
Google
Yahoo
Gmail
Yahoo Mail
Amazon Web Services (for website operators)
GoDaddy
Intuit (TurboTax)
Dropbox
LastPass
OKCupid
SoundCloud
Wunderlist
Etsy
Flickr
GitHub
IFTTT
Instagram
Minecraft
Netflix
Pinterest
USAA
Wikipedia(if you have an account)

These are major websites Mashable recommends users to change their passwords on.  There are likely other sites out there that are affected too.  Our previous article explains how you can check if your commonly used websites you have a login to are affected.

http://filippo.io/Heartbleed/ will let you know if the site has the Heartbleed Bug.

http://filippo.io/Heartbleed/ will let you know if the site has the Heartbleed Bug.

For further support on network or internet security, contact your local IT professionals.

Read More


A major OpenSSL bug has been found that could affect 70% of secure websites.

A major OpenSSL bug has been found that could affect 70% of secure websites.

A major bug has been found in the popular OpenSSL library used by thousands of online merchants, email providers and banks.  The bug allows anyone on the internet to read a user’s private information while it is being sent back and forth to the website.  A security advisory has been issued by OpenSSL.

Why is the bug called Heartbleed?

The code affected by this bug is in the heartbeat portion of the protocol which keeps the connection to the website active.  When the bug is exploited it causes memory to leak its content while it is being sent over the internet, which contains sensitive and private information.

How does this affect me?

If the website you are logging in to, such as your bank, email or an online store uses a version of OpenSSL that has this bug:

  • An attacker can open a connection to your bank over and silently download among other things the keys used to prove the bank is who they say they are.
  • They can then pretend to be your bank and you will not notice anything different, while all of your communication is being stolen.

It is estimated that up to 70% of internet websites are affected by this bug.  Companies can fix the bug by upgrading to the latest version of OpenSSL, creating new certificates and removing old certificates.

How can I protect myself?

First check if the website you are accessing has an “https” in front of the address, meaning it should be a secure connection. All banks, email webpages and online stores should have this:

Check for https in front of your website address.

If it is a secure connection, enter the website here to check if the bug exists.

http://filippo.io/Heartbleed/ will let you know if the site has the Heartbleed Bug.

http://filippo.io/Heartbleed/ will let you know if the site has the Heartbleed Bug.

If it does exist, avoid using the website until they have upgraded their OpenSSL.  For further assistance with the Heartbleed bug or other security issues, contact your local IT professionals.

Read More


TL-WR1043ND-01

TP-Link is among the vendors affected by the SOHO pharming campaign.

Recently, it was discovered that several hundred thousand routers fell victim to a hijacking scheme that could become a prevalent problem to many internet users worldwide.  The attack, dubbed as a ‘small office/home office (SOHO) pharming campaign,’ was targeting Vietnam, but according to a report by Team Cymru, the SOHO pharming campaign also made its way into regions like the US and Italy.

The criminals behind the pharming campaign took advantage of exploitable security holes in various consumer-grade routers, and from there they were able to redirect users to malicious websites to steal login credentials and/or dropped malware onto the users’ computer.  The scary part about this SOHO campaign is that more than one type of routers are affected.  According to Team Cymru, the compromised routers could be a brand name like D-Link or and off-brand like TP-Link.

soho-hijack

A diagram depicting the ‘man-in-the-middle’ hijacking scheme from Team Cymru.

Cyber security experts found that once the attackers had control of their targeted routers, they changed the devices’ Domain Name System (DNS) settings to force users to send out requests to the 5.45.75.11 and 5.45.75.36 IP addresses.  The new DNS settings then acts as a ‘middle-man’ and redirect users to malicious sites instead of legitimate ones.

While it is easy to point the fingers directly at the people manufacturing the routers, it’s not completely their fault.  There’s no such thing as a ‘hands-off’ policy when it comes to protecting yourself from intrusions by cyber criminals.  That said, there are a few things many router owners can do to lessen their chances of becoming victims to the router hijacking scheme.

  1. Disable router’s remote user-mode and graphical user interface. Disabling remote access will help keep users who aren’t directly connected to your network from accessing your routers’ admin properties.  Disabling the GUI will, reportedly, mitigate the likelihood that someone can find a hole in the routers’ software.  Instead of making changes to the routers’ setting via a graphical interface, try to change the settings via command lines.
  2. Corporate networks may want deploy tracking systems (i.e. an HTML code on the externally facing servers) to detect possibly malicious IP addresses.
  3. All SOHO router settings (especially DNS) should be controlled at the host level.
  4. Admins must proactively monitor router settings periodically to ensure that the router’s DNS is pointing at those that belong to their internet service providers (ISP).

These are just a few of the basic security measures you must consider if you or your organization is using a SOHO router.  Should you have any questions or concerns regarding the recent SOHO pharming campaign or what you should do tighten up your network security, contact our IT professionals.

Read More