EasylifeIT™ IT Security

Security Advisories and Advice

“Today, 680,000 people joined the Internet. Today, 125,000 new viruses will have been discovered. Today, 9500 websites will have been infected and are already infecting their visitors; 80% of those sites owned by SME’s. Just having an antivirus these days simply isn't enough; education, diligence and vigilance are absolutely key.”

Lindsey Hall, MD of EasylifeIT for FSB Lincolnshire AGB

Microsoft kicks XP while its down, 2003 end of life this week and why you should have anitirus on your iMacs

Written by Lindsey Hall. Posted in EasylifeIT™ IT Security

Microsoft kicks Windows XP when it’s down

Although Windows XP has been “out of support” since April 2014, Microsoft have continued supporting its own anti-malware product with updates until this week. If you have any Windows XP PC’s running Microsoft Security Essentials then we recommend that you consider your options at this point; the 2 obvious options being either to change your antivirus protection to a third party product that still supports XP, or more sensibly; consider updating the PC to Windows 7 or better

Click here for more information

This week Windows Server 2003 also fell off the update cliff

With every server vendor seemingly emailing about Windows 2003 server going end of life and trying to sell new servers, I would be surprised if you were unaware of the fact. What in practice does this mean though? Does it mean Windows 2003 will stop working? No …. It doesn’t mean that. What it means is Microsoft will no longer issue security updates for their venerable product. It has been described as the “biggest security threat of 2015”, but it that hyperbole? Perhaps, but it certainly has security and for some; compliancy consequences.

A good article laying out the risks and compliance issues is available here

Antivirus for Macs

During our TechTalks on Cybersecurity, it is always apparent that the “Macs don’t get viruses” myth is still alive and well. Apple in fact dropped this claim in 2012 in light of 650,000 users acquiring a Trojan that was unchallenged. It is true that Apple device are far less afflicted by threats but as they become more popular this is changing. Several vendors offer free antivirus for Macs used at home (non-commercial use), the best in our experience being the one from Sophos. If you have Macs in the workplace, we would recommend you speak with your IT support provider regarding your options. No protection though is a folly and is a chink in your IT security armour.

Click here for more information on the Sophos free antivirus for non-commercial use

What is a rootkit? The sneakiest and most concerning of viruses

Written by Lindsey Hall. Posted in EasylifeIT™ IT Security

A particularly stealthy type software which is typically malicious; a rootkit is called so because it gives access to the “root” of the computer and therefore can be particularly dangerous as it gains admin access and therefore full control over your computer. It can modify software and therefore circumvent software designed to prevent infections and detection such as antivirus software. This also means that infection is particularly concerning as its use is more of an attack than an irritation and risk of danger to data and information is high.

Detection and removal is particularly difficult as a rootkit may well be able to subvert software designed to find and remove it.

Although a rootkit infection may occur through many sources, it is usually via vulnerabilities in software or social engineering. It is classic Trojan horse infection type.

Several providers offer rootkit detection products which can be downloaded for free. In no particular order they are

Even with these powerful tools however, a rootkit can be a tough challenge and sometimes a system reinstallation may be a more cost effective option.

EasylifeIT Security

Security Advisory: Dodgy links in search engines for software updates

Written by Lindsey Hall. Posted in EasylifeIT™ IT Security

Many have been caught recently with virus infections after trying to update commonly used software from links using Google searches. There is a pernicious practice called "poisoned SEO"; where virus writers are getting their dodgy links to infected websites above the official ones in search engines. This is something to make your team aware of. This can bypass the defences of many antivirus systems and poses a potential risk to your systems.

Keeping software up to date is important
 
Keeping your software up to date is a good idea for security, but to ensure you get genuine, non-infected sources; here are the official sites for most common requested software updates and ones we have seen malicious links for.
 
Java : http://www.java.com 
Itunes : http://www.apple.com/itunes/  
Adobe Flash : https://get.adobe.com/flashplayer/ 
Adobe Reader : https://get.adobe.com/uk/reader/
Skype : http://www.skype.com/en/business/

For more information on poisoned SEO and the risks, see the article from Windows Security magazine below

http://www.windowsecurity.com/articles-tutorials/Web_Application_Security/SEO-Poisoning-What-it-is-what-you-can-do-about-it.html 

 

Lindsey Hall
EasylifeIT Support

Security Advisory: Telephone Voicemail Hacking Leading to Enormous Bills

Written by Lindsey Hall. Posted in EasylifeIT™ IT Security

We have all heard of voicemail hacking, but it appears it isn't just the red top gossip rags after your secrets, but also criminal gangs targeting your company telephone system ... and bills.

While outside our IT support remit, this morning we assisted a customer whose telephone system had been hacked over the weekend, and as a consequence have run up a bill of several thousand pounds in international phone call charges. Not knowing where to start, the customer called us and what we discovered was quite shocking as to just how easily this was effected by hacking of the voicemail system. So much so that I thought a security advisory was wise; suggesting that you raise this matter with your telephone supplier as a preventative measure.

A little background

Not so long ago, a telephone answering machine was as secure as the room it was in. It was, essentially, a tape recorder bolted onto a phone. If you called someone and they were out, the tiny cassette inside would record your message so that the intended recipient could play it back later. The only way to "hack" the message would be to steal the cassette itself. But mobile telephony has changed all that. Users now need access to their messages wherever they are and sometimes from more than one phone. This provided a way in for the phone hackers.
 
For most circumstances there are three common ways a hacker can take control of your phone system and run up huge long distance charges without you knowing:
 

  • Remote voice mail access is BY FAR the easiest way for a hacker to gain enough access to a phone system to do bad things. Employees want to be able to access information (including voice mail) while out of the office, so your "phone guy" may have setup a way to access your voice mail while you're not in the office - a convenient but hackable feature.
    Hacking a voice mail system is quite easy. Once a voice mail system has the capabilities to be accessed by dialling in from an outside line - this also makes it available to be hacked by anyone in the world who can call your phone number. Phone Engineers who do installations are unfortunately notorious for leaving system programming and user (voice mail) passwords set to their default password assigned by the manufacturer. Most voice mail systems only allow 4-digit passwords, which means there are 9,999 possible password combinations
  • Remote Programming has become extremely profitable for phone engineers and leaves you less secure.
    Once someone has access to the remote programming, they have complete and full control of all phones, phone lines, call forwarding, voice mail, etc.
  • IP-Phones / Remote Phones have saved businesses tons of money by eliminating long-distance communications costs between offices or remote workers. With newer phone systems, it will use the data network to establish communications with the remote office/worker. If improperly setup/secured, hackers will use the same techniques from items #1 and #2 - default passwords. Once a hacker has successfully registered a remote phone, they act like an extension on your phone system - pick up the phone and start dialling anywhere, any time.

 

What should you do?

 
Speak to your telephone system provider and pose the question; is our telephone system secure? While this is the first incident that we have seen, it is by all accounts becoming increasingly common. The steps we have found suggested are often straightforward and include:
 

  • Restrict the use of phone systems to specific dial codes or block all international calls if not required
  • Ask if your phone systems has a built-in firewall to help prevent your phone system from being hacked
  • Prevent call transferring of international calls through your voicemail system.

 

 

Lindsey Hall

Managing Director - EasylifeIT

Portions (C) Sean Brown of Sleepy Shark. Click here for full article

What did Homer know about IT security? ... quite a lot surprisingly.

Written by Lindsey Hall. Posted in EasylifeIT™ IT Security

3200 years ago, a city stood on the shores of the Hellespont. Already ancient, it was rich beyond compare and with its mighty walls and formidable warriors it dominated all it surveyed on land and sea.

 Until, one fine spring day, a thousand sails brought an army the like of which the world had never seen before; who besieged the city for 10 long years. Battles, death and carnage ensued, but the walls still held. Eventually; dispirited, exhausted and denied the riches of the city and their conquest, the army retreated back across the Aegean Sea, leaving as the only sign they had been there, a giant effigy of a horse standing on the shore, built from the timbers of their own boats. This was their offering to the Gods to ensure a safe journey home.

 Warily emerging from their city, the inhabitants treated the horse initially with suspicion; but they shared the same Gods and were persuaded by the duplicitous to drag the effigy back into the heart of the city, around which they celebrated, drank and made merry. As darkness fell; tired and happy; they retired and all gradually became quiet.

 Except there was a sudden noise, a creek of wood; then from the horse emerged a small group of enemy warriors; but there was nobody to see them, nobody to challenge them. Taking the guards by surprise from behind, they then threw open the gates of the city to the army that had not in fact retreated but had been hiding out of sight. Flooding into the city and venting the frustration of 10 long years, the destruction was terrible and utterly complete.

 The city was of course Troy, and the effigy by which the city had been tricked and taken has passed into legend as the Trojan horse. So, you might be asking; what has this got to do with IT security?

 The Trojan horse, in today’s parlance; a mechanism by which defences are bypassed and then neutralised by little more than the trust and nativity of the user; causing chaos in its wake. Whoever named this class of viruses certainly knew their classics. To paraphrase Virgil; “beware of geeks bearing gifts”.

Related Articles

EasylifeIT™ Business Technology Support in the UK

Operating in throughout East Anglia, the Midlands and Yorkshire, EasylifeIT™ provides expert business IT support when you most need it. A trusted partner of many exciting and innovative small and medium businesses, we employ rigorous and robust customer service principles to deliver a unique and exceptional IT support experience.