Microsoft’s WinShock Bug Exposed!

Standard

Microsoft-Logo_4

In what may come as a surprise to some, IBM just announced that it has worked with Microsoft to patch a security exploit found in its OS called WinShock — and the scariest news is that this has been a vulnerability through all Windows operating systems since Windows 95!* This bug has been a part of all of our beloved Microsoft OSes for 19 years!

IBM initially discovered the bug back in May. However, Microsoft chose not to go public until a patch was in place. Microsoft has just released 14 patches as part of its ‘Patch Tuesday’ updates (Tuesday is when Microsoft releases patches for its OSes) to address the WinShock bug. Another two patches are also on the way. To get the latest updates, type ‘Windows update’ in your search bar (if you have anything Vista or later) and install the important patches.

If you would like to read Microsoft’s Security Bulletin on the WinShock bug, you can do so here: https://technet.microsoft.com/library/security/ms14-nov

The bug is introduced through Microsoft’s schannel, which is Microsoft’s way of securing the transfer of data. However, WinShock not only affects the OS, it also affects Microsoft Office products and Microsoft servers. If you are hosting a website that sends encrypted traffic, you are going to want to update as soon as possible. Even though there is no proof that this bug has affected anyone, it was still rated 9.3 out of 10 on the CVSS, so all server administrators should consider this just as important and severe as the latest bugs that have been identified (i.e. Heartbleed, Shellshock, etc.)

For more information on how to protect your environment against the WinShock bug, call Everon at 1-888-244-1748.

*The WinShock bug does not affect Windows phones or tablets, as they do not use schannel.

Mac OS X Yosemite is available!

Standard

 

YosemiteApple’s latest operating system, Mac OS X (10.10) Yosemite, is now available for free in the App Store. For anyone running Mac OS X 10.6.8 (Snow Leopard) or later, you can now download the free OS.

There are some restrictions, as Yosemite will only work on the following models:

  • iMac (Mid-2007 or later)
  • MacBook (13-inch Aluminum, Late 2008), (13-inch, Early 2009 or later)
  • MacBook Pro (13-inch, Mid-2009 or later), (15-inch, Mid/Late 2007 or later), (17-inch, Late 2007 or later)
  • MacBook Air (Late 2008 or later)
  • Mac Mini (Early 2009 or later)
  • Mac Pro (Early 2008 or later)
  • Xserve (Early 2009)

You also need 2 GBs of RAM to run the OS and 8 GBs of hard drive space available. If you fit these requirements, then go get the new OS! It was just unveiled this week, after the latest keynote speech had finished (they mentioned it would be available immediately after the speech ended, however it took a few hours to get the download fully online).

There are many small improvements to the OS – the most notable one that a lot of Apple enthusiasts are excited about is the ability to make phone calls with your iPhone using your Mac. Apple worked quite a bit on trying to make the integration between the two devices seamless and more integrated. They also finally included AirDrop, between the iOS and the OS X systems, allowing you to easily share files now between your phone or tablet and your Mac.

The Notification Center has also received a hefty update, making it infinitely more useful. For anyone who enjoys staying connected to the outside world, you now have the ability to share your notifications on the various social media sites out there.

You can further review all of the really interesting upgrades, and download your copy of the new Mac OSx, Yosemite here.

 

Microsoft Announces Windows 10!

Standard
W10

The new Windows 10 Start Menu, with customizable panel

Windows 10 is on its way for a release before the end of 2015! Microsoft announced earlier this week that they are releasing their latest operating system on all platforms before the end of 2015, which includes Xbox, smartphones, tablets, PCs and laptops.

This is very exciting news, however, the first question anyone who’s following Microsoft might ask is: “What happened to Windows 9?”

Microsoft has been talking about its imminent Windows 9 OS, pretty much ever since the backlash over a missing Start Menu in Windows 8. So why are they abandoning 9? They chose to move forward from 9 to create a unified theme between all platforms. Here is the direct response from Joe Belfiore, Corporate Vice President of Microsoft:

“This product, when you see [it in its], fullness, I think you’ll agree with us that it’s a more appropriate name. That fullness applies to Windows Phone, too, which will see Windows 10 as its next major upgrade. Windows 10 is built for “screens from 4 to 80 inches.”

Terry Myerson, MS Executive Vice President also states:

“Windows 9 name wouldn’t be right, given the new One Microsoft internal strategy. Hence the move to Windows 10.”

This move to Windows 10 is going to be a huge test for Microsoft, as it is increasingly becoming whispered that Windows 8 is considered a failure, along the lines of the Windows Vista OS.

From early previews of this new OS, however, great things have been said. (For anyone who would like to try the early preview of the Windows 10 OS, you can sign up and download the OS for free here: http://go.microsoft.com/fwlink/?LinkId=510225 (64-bit preview).)

From the early preview, Microsoft has stated it is interested in taking the best parts of Windows 7 and Windows 8 to combine into creating the best operating system yet. Going to a unified operating system for all of Microsoft’s platforms will present a nice solution to integration of the various platforms into a small business environment, making the transition from smartphone, to laptop, to tablet a much easier process for even the most basic user.

Here at our Everon office we have downloaded and installed the tech preview for Windows 10. Just from the past few hours of reviewing it we can report that Microsoft has included a ton of features that are going to help technicians troubleshoot the OS quicker and more efficiently. Stay tuned for future blogs on the various features and find out what you can expect from Microsoft, with regard to this OS. If you have any questions about it, feel free to call our technicians at 1-888-244-1748. We are pretty excited about the changes they have made and would be happy to share our excitement with anyone willing to listen. :)

The Latest Password Strengthening Tips (in the wake of Gmail’s massive hack)

Standard

download Do you have a Gmail account? You might want to consider changing your password. It was just reported that 5 million Gmail accounts and their passwords have been posted to a Russian bitcoin forum by a user named tvskit. The post was taken down rather quickly by the moderators. However, the original post contained a text file that could be downloaded, so it has most likely spread and will pop up again elsewhere. When reaching out to Google for comment, their response was that most of the accounts stolen were old or suspended accounts. But the user, tvskit, claims that he (or she) was able to log into most of the accounts.

Regardless of whether your account is on this list or not, it brings up a good topic in regards to security of your email. Security of email and private information is increasingly becoming vulnerable due to the sophistication of hacking attempts. A few recent examples of hacks that have unfortunately been successful include the iCloud hacks of celebrity photos,  the Sony PSN hack, and the FBI website hacks by Anonymous. The PSN and FBI hacks were due to flaws found in their services.

But the iCloud hacks happened due to simple passwords.

In fact, most hacks happen because users use simple passwords in order to remember them. These simple passwords (examples include password, 123456, qwerty, 11111) can cause a lot of issues, especially because they are constantly targeted by thieves. GRC is a great site to determine how secure your password is. This site allows you to input a password, and you can see, through their mathematical equation, how quickly that password can be hacked.

I strongly recommend you review this site and come up with a password that provides as much strength as you can handle. Even adding a few symbols and numbers to a simple password can really amp up your security. For example, let’s take the password “password.” In an online fast attack scenario, that word can be hacked in 2.17 seconds! But if you add an exclamation point to the end of that password (i.e.: password!), this increases the fast attack scenario hack to 1.02 days. 

In my example at the GRC site, I made the password: !@#P@ssw0rd*(). I added a capital letter, some numbers, and a good amount of symbols. I now took the 2.17 sec.-hacked password to 15.67 million centuries. It’s easy to remember, as well. Think about it: the first three symbols follow a pattern. Then I spell password, with a capital P at the beginning in leet speak, and then my three end symbols all follow a pattern at the end of the spectrum.

The case I am trying to make really is to protect yourself. There are so many malicious hackers out there, as we have seen with the latest Gmail hack, that ensuring that your password is as secure as possible should be of the highest priority.

Heartbleed Virus Update

Standard

 

From Steve Curran, Director of Infrastructure,  at Everon’s parent company, PlumChoice:

This week we’ve all heard, read and seen quite a bit of news regarding the new Heartbleed virus.  This is a serious situation for impacted companies as well as consumers using many online services such as banking, retail and social media.

This virus primarily affects Linux based systems and the potential impact to our internal systems is limited.   We’ve investigated our systems which might be affected and have found none to be vulnerable to the virus.  Good news indeed.

Regarding all of us as consumers, many of us should take action to prevent potential exposure of passwords on a variety of websites.  CNET has compiled an excellent listing of the top 100 sites across the web, indicating where we as consumers may want to take action.  This article – which is being updated as statuses change – can be located at http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/ and recommends we change our passwords on sites such as Google, Facebook, Yahoo!, Dropbox and a number of others.

After reviewing this article and your own unique situation, if you have doubt as to the Heartbleed vulnerability of any website you access, the conservative approach would be to simply change your password and monitor for suspicious prior activity.

A further note of caution though…  As you’ll see from the article, this patching activity continues in real time – changing your password will only help if that website has been patched, which may not yet be complete.

We continue to monitor the situation closely and I’ll communicate further as the situation dictates.

 – Steve Curran | Director of Infrastructure, Information Security Officer | PlumChoice®, Inc.