Archive | Kansas City IT Support
Lenovo Pre-Installs Adware That Breaks Security
In a move that defines the term “monumental stupidity”, Lenovo has been delivering laptops with pre-installed adware that totally exposes their customers data since last fall.
Built into Lenovo’s version of Windows is a piece of adware called “Superfish”. This software intercepts advertising being delivered from pages you visit and replaces it with their own advertising. Pretty scummy, but, that’s just the aggravating part of it. The real problem is that a single self-signed root HTTPS certificate is used. Think about this for a minute.
When you use that new Lenovo with Superfish installed a single password, to a single root HTTPS authority exposes everything that would normally be encrypted. Passwords, Credit Card Numbers, etc. And, that password has now been published online.
What to do? Well, the only real way to clear the problem is to completely wipe the hard disk of your Lenovo. Then reinstall Windows (NOT THE LENOVO VERSION). And then, change every password to everything.
Need help with that? Just give OPENRSM a call or email…
(SOURCES, ArsTechnica, Gizmodo, Slashdot,Errata Security)
Microsoft Shows Us Why Automatic Updates Arn’t A Good Idea
Oh, don’t get us wrong.. We love being able to update systems at the click of a mouse! But, having systems updates just “happen” is rarely a good idea. And Microsoft has shown us all why in a big way.
This past “Patch Tuesday” update from Microsoft is causing Windows7, Windows8, and Server2013 systems to BSOD (blue screen of death). It’s widespread enough that Microsoft has withdrawn the update! For Microsoft, this is a huge deal. But, not quite as huge as all the people whose computers were “bricked” by an Automatic Update!
This is why you should NEVER have updates happen automatically. And why businesses should have a company like OPENRSM do the updates for them. Why? Because their tested before being accepted. Will that Java update break that required program your suppliers make you use? Does that security update declare that your anti-virus program is a virus? Will a general “patch fix” from Microsoft render your machine useless? Well, if your simply accepting automatic updates for Windows, OSX, Java, Adobe, etc., you could have a very bad day. Best to let people who test these things with the software you already use update your systems for you. Only, after they are tested!
Change Your Passwords and UserNames Now
It appears that the “Russian Mob” has pulled off something big… Stealing 1.2 Billion (yes, with a B) usernames and passwords from a wide range of sites.
Anytime something like this happens, OPENRSM suggests you change everything. Including usernames, passwords, on all accounts and computers.
The New York Times has the story….
Just How Much Personal Info Are You Giving Away?
It’s pretty well known that many websites make an effort to track you online. Even when your not on their site! But, just how much tracking is going on?
We decided to do a “quick and dirty” look at a few popular websites to see just how many different trackers are deployed. And, it’s not pretty. In fact, it’s pretty ugly.
- Drudgereport.com is by far the worst offender with at least 37 different cookies, trackers, advertising preference systems, etc. looking at you.
- The Kansas City Star’s website, KansasCity.com has 13 peeking at what your doing.
- KCTV5.com weighs in with 16.
- The popular humerous headline site Fark.com is a heavyweight with 19 different trackers.
- And last, but not least, on our list is the popular fact checking site Snopes.com. Which is using 28 different tools to see what your doing online.
Now, what happens when you block most (if not all) of these different little logical spy devices? When tested on a 1.5Mbs DSL connection (fast enough to get results, slow enough to calculate differentials) we got some significant results. Here’s what we did:
- Blocked all advertising trackers.
- Left open all trackers that serve a useful purpose (live support, security checking, etc.).
- Loaded a predetermined set of websites and a Firefox Macro Script that would load each page in succession. After one page fully loads, it loaded the next.
We cleared the system Cache between each test run (and we did 10 runs of the tests).
Well, go figure! You can surf much faster with all that “spying into what your doing stuff” turned off! Significantly faster (tests ranged from 10-14% faster). And, we wern’t leaking all kinds of personal data, surfing history, etc. out to other people we just think have no business tracking us.
Want to protect your personal and business information? Give us a call or email. We can not only block out the “bad actors” that are tracking you and your employees every online move, it’ll get you a little bit more out of your existing Internet connection speed too.
How To Stop Annoying Interactive “Creepy” Ads
Have you noticed that when you search for something on Ebay, Amazon, Google, that the advertising on pages seem to know what you’ve been looking for? For Example, look up “LED 3051 Strips” on Google and suddenly ads for lighting fixtures, Ebay auctions, LED suppliers and the like now appear on every page you look at. It’s call “contextural advertising”. Web sites are setting “cookies” in your browser that their advertising networks look at when you surf a page and then display advertising for the things you’ve looked for most recently.
Sometimes it’s okay. You can find things that your looking for via an ad. Sometimes it’s just creepy. Don’t believe me? Then google for “Hot Crossed Buns” and see what happens to the ads that are presented to you. Yeah, creepy. But, you can put a stop to sites that you don’t want tracking you (like Facebook) by using the Opt Out from Online Behavioral Advertising site. A self-regulation effort that is honored by Ebay, Facebook, etc. It’s not perfect. But, it really helps. Here’s how it works (from the page itself, which is located at http://www.aboutads.info/choices
- Find out which participating companies have currently enabled customized ads for your browser;
- See all the participating companies on this site and learn more about their advertising and privacy practices;
- Check whether you’ve already opted out from participating companies;
- Opt out of browser-enabled interest-based advertising by some or all participating companies, using opt-out cookies to store your preferences in your browser; or
- Use the “Choose All Companies” feature to opt out from all currently participating companies in one step. GO
Need even more powerful blocking? Call, email, or simply CLICK HERE and OPENRSM can take care of it for your business.
OPENRSM Advises Changing AppleID Passwords Immediately
It seems to be Apple’s turn in the data wars between “fast buck” artists and real companies.
Apple iPhones/Pads are locking up all over Australia and the UK and being held for ransom by a scammer that has managed to gain control of the devices. Apple has yet to comment but incidents in the US can’t be far behind. The “Find My iPhone” service seems to be the only link between the users whose iPhones and iPads are being “held hostage” by the scammers.
From an article in The Telegraph: “Currently there is only speculation about how the attacks have been carried out. Apple has not yet responded officially,”… “With the possibility that this attack is linked to your ‘Apple ID’, affected users are advised to change your Apple ID password as soon as possible.”
And, so you should.
OPENRSM Advises All To Change Ebay and PayPal Passwords Immediatly
Last nite, an official PayPal blogpost contained nothing but a title… “eBay, Inc. to Ask All eBay users to Change Passwords.”. Which was quickly taken down only after being tweeted and posted to Facebook many times. Later, Ebay reported on it’s own official blog that their corporate network security had been breached… In late February and early March.
What to do? Log on to your EBay account and change your password! And do the same with your PayPal accounts (as PayPal is owned by EBay and data is shared between the two (i.e. sharing the same corporate network).
You can view the offical Ebay blogpost at: https://blog.ebay.com/ebay-inc-ask-ebay-users-change-passwords/
If You Are Using Sophos Anti-Virus You Need To Call
It has come to our attention that there are serious flaws that have been identified in Sophos Anti-Virus by security researchers at Google.
OPENRSM has never used, nor provided, Sophos Anti-Virus. And it seems that our own internal evaluation to not provide or support Sophos has been sustained (for additional reasons) by Google.
You can read the 30 page report by Google HERE:
You can read more about the findings that Sophos is insecure HERE.
And you can always call 816-200-2220, or email info@openrsm.com and OPENRSM will help you with your IT questions.
Why Your PCs are Infected
Ever wonder why there seems to always be a PC that’s slow, infected, issuing pop-ups, redirecting your Google searches, etc?
It’s because they’re infected! “But we have anti-virus installed on all our machines” is the usual self-denial cycle that sets in. Usually followed with “why can’t you keep this from happening? Your the expert here?”. Which is a valid question. And now, what we’ve been telling our customers for years has been documented.
An article in Forbes (click HERE) tells the tale. The people who publish software are often unaware of their own security weaknesses for months on end. Ten months is the average. This means that your anti-virus/malware software won’t even know about the threat from a “Zero Day” exploit when you click that dubious link that causes your system to become infected.
Or, as the article in Forbes put it… “…the value of the benevolent hackers who find and report bugs in software before they’re exploited. Without someone to dig them up and demand they be fixed, those hackable flaws are far more common, and remain secret far longer, than anyone may have realized.”
Which is exactly why you have PCs in your business that get “infected” with malware, adware, etc. And it’s exactly why every business needs to have a company like OPENRSM taking care of your critical business network and systems. Having people that understand the cold hard realities of protecting networks and pc’s and more importantly, being able to get rid of malware and viruses without your anti-virus protection even knowing that something is wrong.
Celebrating Liberty
Many of our Friends and Customers know that OPENRSM is a proud supporter of Scouting and Scouts. And on this Independence Day we’d like to pause and think not only of our own Freedom’s and Liberty. But also how it is also celebrated by the “Good Turn” done daily by Scouts. A case in point…. The many replica Statue of Liberty installations across America.
The Boy Scouts of America celebrated their fortieth anniversary in 1950 with the theme of “Strengthen the Arm of Liberty”. Between 1949 and 1952, approximately two hundred 100-inch replicas of the statue, made of stamped copper, were purchased by Boy Scout troops and donated in 39 states in the U.S. and several of its possessions and territories. The project was the brainchild of Kansas City businessman J.P. Whitaker, who was then Scout Commissioner of the Kansas City Area Council (now known as the Heart of America Council).
Over the years many cities and towns have benefitted from the gift from their local Scout Troops. Some of which have been expanded into a mini-pavillion celebrating America’s Freedom, and the sacrifices made to preserve our freedom. One of note is located in Cape Girardeau, MO. The local VFW and American Legion have generously added to the monument with a listing of those from the area that have sacrificed all for their country.
With the same local Scouts, Scout Troops, and others pitching in to both maintain and improve a local symbol of the Liberties and Freedom’s we enjoy. The Scouts continuing to “Do a Good Turn Daily” for all of us.
Happy 4th of July!