September 2014 News and Updates

Cyber Tech Cafe

Like us on Facebook

What’s New

  • Get off your can and do what you can.  I’m excited about our program to refurbish previously loved Windows XP workstations with Ubuntu Linux and getting them in the hands of folks that otherwise would not have a computer.  In case you missed it, here are the details of the program, but the short story is that if you or someone that you know doesn’t have a computer but would like one, we are giving away working computers pre-loaded with Ubuntu Linux.  These are computers that had Windows XP installed but were not upgraded (for whatever reason) to Windows 7 but will run Ubuntu Linux just fine.  These are first-come, first-served.
  • The Home Depot Breach?  By now, you’ve likely heard that The Home Depot has suffered a massive data breach and that, if you’ve purchased anything on your credit card since around April, your information was likely stolen.  All reports that I have read are that the malware used in the Home Depot breach was BlackPOS, the same software used in the Target.  As much as I would like to believe otherwise, we will likely see more of this in the near future rather than less.   
  • Are you backing up?  I mentioned this last month but, especially with the continued growth of ransomware like Cryptolocker, Synolocker, etc., it’s worth mentioning again.  If you’re not storing anything important (pictures that you want to keep, documents, business data, etc.), backups aren’t something that you need to worry about.  If you are though (keeping digital pictures, documents, business data, etc.), you *need* to be backing it up and a backup IS NOT a $4 thumb drive that you got on sale at Staples.  Those are transient storage, not a backup.  If you’re going to use local storage for a backup, get an actual disk (or a pair of disks and alternate).  We recommend (and use) CrashPlan Pro for our backups. It’s easy to use, they offer a 30 day free trial, they have an app for your smartphone (Did my backup run?  Let me check, yup, there’s that file that I created earlier today) and they support roll-your-own encryption so you’ve got less to worry about regarding privacy.  All of that plus their tech support rocks.  Simple.  Cheap.  Easy.  Done.

Updates

MicrosoftMicrosoft – According to the Advanced Notification of September 2014, there are a total of 4 bulletins with 1 listed as critical and the remaining 3 listed as important.  The critical bulletins address vulnerabilities that can allow remote code execution (someone can install software onto your computer without your permission or knowledge).  The important bulletins range from remote code execution to privilege escalation (allowing a user or process / program to run with administrative privileges without the administrative password) and security feature bypass (bypassing specific security features).  Most of the updates require a reboot and, at least with the critical vulnerabilities, should be installed as soon as testing permits.  The updates address issues in Windows, Internet Explorer, Lync server and the .NET Framework.

Microsoft releases regular updates the second Tuesday of each month, often referred to as ‘Patch Tuesday’.  These updates are catagorized as Low, Moderate, Important or Critical.  Details on the categories are available here.  The updates can include any supported Microsoft product from Windows to Office to Internet Explorer and server products like Exchange and SQL Server.  If you have one or more of these products installed, especially if the update is listed as Important or Critial, it’s important that the updates are installed.

Additional details are available Microsoft Here.

 

AdobeAdobe – Adobe has released a cross-platform, critical update to it’s Adobe Flash Player and is planning to release a critical update to Adobe Reader the week of 15 September.  All MyIT clients already have the released updates installed.

Like Microsoft, Adobe now releases updates to their products on the second Tuesday of each month.  Adobe will also release ‘out of band’ updates if necessary to address critical vulnerabilities in their products.  Adobe products include Adobe Reader (for viewing PDF files), Adobe Flash Player (often used to watch videos, for interactive content like games, etc.), Adobe Shockwave and the Adobe Creative Suite (Photoshop, Illustrator, Acrobat, Lightroom, etc.).

Additional details are available from Adobe Here.

 

JavaJava – The latest ‘mainstream’ version of Java is Java 7 update 67.  At this point, it looks like attackers are happy to exploit Internet Explorer, Adobe Flash Player and Adobe Reader and are leaving Java alone.    

Java is a tool that’s widely used by banks, online service providers and even security companies for SSL VPN connections.  Java’s ‘official’ release cycle is approximately quarterly but Java updates have been ‘fast and furious’ in recent months.  It’s worth noting again that, if you don’t absolutely need Java on your computer, it’s not a bad idea to remove it altogether.

Additional details are available from Oracle here.