17Oct 2014 by nathan

Beware of fake support calls!! We’ve had 3 calls on this in the last week.

Uncategorized
Beware of fake support calls! The scam artists are at it again.  If you get a phone call reporting to be 'Microsoft Support', beware. Ring, Ring (You) Hello (Bad Guy) Yes, this is <name> from Microsoft Support.  I am sorry to inform you that your computer has a virus. (You) Oh my!! (Bad Guy) Yes, it could have been bad, but it looks like we caught it just in time.  If you have a moment, I would be happy to remove it for you. (You) Yes, please do.  Is there a cost for this? (Bad Guy) Absolutely not, we just want you to be safe.  Would you like to proceed? (You) Oh, thank you!!  Yes, please proceed. (Bad Guy) Ok, it looks like you're running Microsoft Windows, is that correct? (You)…
Read More
14Oct 2014 by nathan

HP Laptop Adapter Recall

Uncategorized
Back in August HP announced a voluntary recall for a number of their power adapters that came with laptops sold between September 2010 and June 2012. HP indicates that not all laptops sold within those dates are affected but advises those who purchased a laptop during that time period to check with their website to see if your adapter is a part of the recall. HP warns that those adapters affected, "may pose a risk of a fire and burn hazard to customers" and assures customers, "We are taking this action as part of our commitment to provide the highest quality of service to our notebook customers." According to HP, if your power cord has the markings "LS-15" molded into the plastic of the adapter then it is advised you follow the link…
Read More
10Oct 2014 by nathan

October 2014 News and Updates

Uncategorized
What's New New vulnerability pottentially affecting all USB devices.  At BlackHat 2014, Karsten Nohl and Jakob Lell gave a presentation on what they called BadUSB, a vulnerability at the core of USB devices that allows an attacker to literally reprogram pretty much any USB device so that it can be used for evil.  The code for the exploit was not released at Black Hat but was later released at Derbycon in Kentucky and is now being spotted 'in the wild'.  At this time there is no defense against BadUSB and, to make matters worse, there is no way to detect it.  It's not realistic to tell people "don't use USB devices at all" but there are a few things that you can do to mitigate the risk until a method for detecting…
Read More
06Oct 2014 by nathan

Mac users take note. The “Shellshock” bug affects you.

Uncategorized
Important information for Mac users regarding the Shellshock bug The Shellshock bug was announced on 24 September as a vulnerability in the Bash shell, present on many Unix and Unix like operating systems.  Somewhat burried in the story was that this also affected Mac OSX based computers becuase, on the backend, they are basically Unix (ok, so it's BSD, but the important thing to remember is that it's got Bash).  We originally shared this article via our Facebook page on 25 September and it mentioned the fact that Macs were vulnerable, but we've gotten a number of questions on the subject and I wanted to get the word out there.  The short story is that, if you have a Mac that's running any version of OSX, this vulnerabilty can affect you.…
Read More
09Sep 2014 by nathan

September 2014 News and Updates

Uncategorized
What's New Get off your can and do what you can.  I'm excited about our program to refurbish previously loved Windows XP workstations with Ubuntu Linux and getting them in the hands of folks that otherwise would not have a computer.  In case you missed it, here are the details of the program, but the short story is that if you or someone that you know doesn't have a computer but would like one, we are giving away working computers pre-loaded with Ubuntu Linux.  These are computers that had Windows XP installed but were not upgraded (for whatever reason) to Windows 7 but will run Ubuntu Linux just fine.  These are first-come, first-served. The Home Depot Breach?  By now, you've likely heard that The Home Depot has suffered a massive data breach…
Read More
12Aug 2014 by nathan

Significant Security Updates from Adobe

Uncategorized
Ok, so this is ripped direct from the article on SANS, but Adobe has released several updates with the August updates.  The download in the earlier email also work but, looking at the issues addressed, this is worth a separate post.   Adobe has released security updates for Adobe Flash Player, Adobe AIR, Adobe Reader, and Acrobat. The updates are rated as critical and an impressive number of CVE entries. CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545, CVE-2014-0546. Summary: update now. http://helpx.adobe.com/security/products/flash-player/apsb14-18.html http://helpx.adobe.com/security/products/reader/apsb14-19.html  Cheers,Adrien de BeaupréIntru-shun.ca Inc.My SANS Teaching Schedule   All users are encouraged to install these updates.  These updates will be automatically applied at the next reboot for Cyber Tech Cafe MyIT clients.
Read More
08Aug 2014 by nathan

August 2014 News and Updates

Uncategorized
What's New Internet Explorer is the new Java?  According to the news, Internet Explorer seems to have dethroned Adobe and even Java as the most popular way the bad guys use to gain access to your computer.  According to the article, the number of vulnerabilities in Internet Explorer have increased more than 100% over 2013 levels.  What does this mean to you?  Don't use Internet Explorer.  Use Google Chrome, Mozilla Firefox or even Apple Safari but avoid Internet Explorer. Encryption is the wave of the future.  The Internet first 'met' Cryptolocker in September of 2013 and, since then, it's made a pretty significant splash and there have been a number of similar viruses (think Synolocker) that have started claiming their share of victims.  Basically, you get a virus (through an…
Read More
08Aug 2014 by nathan

Scam Alert – Fake American Express notification

Uncategorized
Beware of scammers trying to use phishing tactics like security notifications to lure you into clicking a malicious link The whole "there's something horrible about to happen if you don't click this now" scam is nothing new, but the scammers are getting really good at making their bait look legit.  I received an email earlier today, reportedly from American Express, and thought that it would be a good example of what to look for.  Some interesting things to note: The email looks legitimate.  It has the American Express logo, mailing addres, etc., but doesn't include a telephone number. The link, even though the text presented to the victim says http://americanexpress.com, the actual link (e.g., where you're going) is http://amelican-excress.com/americanexpres .  The domain name amelican-excress.com is registered to a Chinese company with a…
Read More
24Jul 2014 by nathan

Disturbing but not surprising news about Internet Explorer.

Uncategorized
Bad things keep happening to Internet Explorer.  Why that's a big deal and what you can do to avoid it. What is Internet Explorer?  Internet Explorer or, 'the big blue e' is an Internet web browser.  An easy way to think of it would be to liken the Internet to an object in a square room with four windows.  One 'window' would be Internet Explorer, one 'window' would be Google Chrome, one 'windows' would be Mozilla Firefox and one 'window' would be Apple Safari.  There are other web browsers, but those seem to be the 'big ones' at the moment.  The important thing to note here is that, when you view the object inside the room through the window that is Internet Explorer, you're viewing the exact same object that…
Read More
23Jul 2014 by nathan

Beware of fake tech support call scams (again)

Uncategorized
So, you're sitting at home, perhaps on your computer and perhaps not, but the telephone rings.  On the other end is a very friendly person who identifies themself as an employee of Microsoft who, while monitoring your computer noticed that you were infected with a virus, malware, spyware or whatever the latest buzz word for malicious software is and they're calling you to take care of it.  It sounds official and, more importantly, it sounds urgent, there's no time to confirm who they are or call your 'regular' IT guy, you've gotta fix this NOW.  Thankfully, the nice person on the other end of the phone offers to remote into your computer and fix it for you.  Unfortunately, the person on the other end of the phone is a scam artist and,…
Read More