Wednesday
Jun032015

Google I/O: Now on Tap

DateWednesday, June 3, 2015 at 7:15AM

Another new feature coming up in the soon to be release Android "M" operating system is "Now on Tap".  This will be a feature adding more context aware responses from your mobile device. So in their demo of the product, the question "what is his name?" was asked while a song was playing on the device and "Now on Tap" was able to put it together that the question was in reference to the currently playing media. It then displayed the information about the artist and provided a list of links referencing the artist. This shows that the new updated feature was able to provide a quick answer to question that wasn't specific so it had to be more intuitive about what you were probably asking for.

A second demo showed them looking at an email discussing going to a movie with the movie title listed in the message. By tapping and holding down the Home Button, the system knew that it was being asked a question, searched the message and then found the movie title in the message and brought information about the movie. What went on behind the scenes and what they are really demonstrating is Google's progress in "Natural Language Processing". Google's search is getting better able to determine what it is looking at, or better, what you are looking at, and interpreting all of the things that you might be asking from the presented information. It makes these functions more interactive, and again, more intuitive.

In another example showing "Now on Tap" responding with an actiion, They showed a message from their spouse asking about going out to dinner and a second message stating that they did not get the dry-cleaning. Pressing and holding down the Home Button again, "Now on Tap" presented two cards as a response. The first showed the name of the restaurant and buttons for navigating, calling, Yelp and Open Table so that you could make reservations, see how good the restaurant is, call them for a reservation or get directions on how to get there. The second card provided the ability to add a reminder to "Get the dry-cleaning".

In the fourth example, the context of the screen information was a discussion about Hugh Laurie. By just highlighting his name, "Now on Tap" was able to, without any other interaction, quickly lookup his name and provide more information about Hugh Laurie.

So what what Google was presenting is how responsive the system will be in providing information on the fly from the context of what you are viewing. If this works the way they were showing it, at the speed and responsiveness that they showed, this will truly be a very impressive new feature of the Android operating system.

AuthorBob Appleby | CommentPost a Comment |
in , , ,
Tuesday
Jun022015

Lenovo has a smartwatch, too!

DateTuesday, June 2, 2015 at 6:00AM

Lenovo showed off a new smartwatch with a private screen that Lenovo says will give you a 20x increased perspective on the image being viewed. Because you have to hold the watch up to your eye to see it, it is naturally something that will normally only be done by the wearer. Termed "Magic View" Lenovo states that it solves the inherent problem found in smartwatches with their tiny screens.

Android Central say that the demo device was running an Android-based OS that was different to both Wear and Google's main mobile operating system. The second display is using optical reflection to achieve its display size and can be used for viewing larger images such as maps.

While your first thought might be of how silly it will look holding your wrist to your eye to get this increased view size, my biggest concern as I have stated in earlier articles are the idiots that will try to do this while they are driving. This road that we are going down with our mobile devices and our lack of control of when we use them is scaring me to death. I don't know what the answer is, but we need to come up with something.


AuthorBob Appleby | Comments Off |
in , ,
Monday
Jun012015

Google I/O: Some of the new features that coming in the Android "M" operating system

DateMonday, June 1, 2015 at 7:49AM

In the keynote address, one of the things that was discussed was the new Android "M" opertating system and the six key feature updates that Google thinks we should be focused on. Their main direction with this upgrade was to "polish" the interface. 

First: App Permissions - they have simplified the range of items that are being addressed (location, camera, microphone, contacts, phone, SMS, calendar and sensor). They are also changing when you have to decide whether to grant the App permission to use a feature. It will now be addressed at the time of first access and not during the intial installation. They are also going to give us the ability to go into settings and access the App and add or subtract permissions as you see fit. You also will be able to look at a feature and see what Apps have access to it and add or subtract for there as well. Google expects the new App persmissions will help get the App up and running faster.

Second: This is more of a programming feature but Google is giving access to a new feature called Chrome Custom Tabs so that programmers will be able to take advantage of the Chrome browser capabilities without having to build in their own web browser in their app. This will decrease programming time and increase the security that is inherent in the Chrome browser.

Third: They are giving the App developer/program to provide a more complete linking experience. You won't need to continue to pick which App you want to use everytime you click on a link. They claim that this will give the enduser a more seamless experience.

Fourth: Android Pay - So it sounds like they are going to replace Google Pay with something called Android Pay. Their claim it that it is focused on three things: Simplicity, Security and Choice. So what does this mean? The process is as follows: unlock your phone and place it near the NFC terminal. That is all. A virtual card is created so your real card is not used with the terminal. Google is working closely with banks and retailers to achieve a more comprehensive solution. 

Fifth: Fingerprint - They are planning on increasing the use of fingerprint recognition with Android Pay as well as other Apps.

Sixth: Power Mangement - with the new "M" they are building in a smarter standby function to minimize power useage with up to 2x the battery useage. They are also promoting the new USB 3.0 format that will to decrease charge times by a fact of 5x. The "M" operating system will also give you the abiltiy to choose what the charging cable is doing for you, like, Charge or File Transfers etc... Ok.

Also highlighted were some editing feature changes as well as smarter data sharing. The smarter data sharing is based on your device being able to learn what Apps you use to share most often and to make them avaialble when you request sharing. Not a significant change but a nice one.

AuthorBob Appleby | Comments Off |
in , ,
Monday
Jun012015

Lenovo to offer a media sharing device for $49

DateMonday, June 1, 2015 at 6:37AM

As direct competitiion to Chromecast, Roku Streaming Sticks and Amazon Firestick, this device offers a slightly wider choice of options for streaming from multimedia from your devices. It will have a bigger footprint than its competition, but still will plug into you TV's HDMI port to display the stream. It syncs up to your wireless network through either 2.5 or 5GHz networks. The device works with the same Google Cast standard that the Chromecast uses, it will also support Windoew 8.1 and iOS devices through Miracast and DLNA giving it more versatility.

It will display 1080O video to your TV and receive streams from up to 20 meters (65 feet). Just another interesting alternative out there to think about for connecting up your tablets, phones or pc's to your TV wirelessly. Expect deleveries to beging in August.

AuthorBob Appleby | CommentPost a Comment |
in ,
Sunday
May312015

Amazon is now providing same day delivery in 14 Metropolitan Areas

DateSunday, May 31, 2015 at 8:25AM

Another great service for members of Amazon Prime (membership cost $99/year) now provides same day delivery in fourteen metropolitan areas across the US.  See this link to see if your area is included. Prime members in the the selected areas can now receive free same day service on qualifying orders over $35.00.

Just four key points:

 

  • Order must be $35 or more in total
  • You must be in a covered area
  • The items that you in you order must all be qualified (look for the Prime FREE Same Day logo)
  • You must order by noon (delivery by 9PM seven days a week)

 

Orders under $35 have a charge of $5.99 if you want them the same day. If you order after noon the item will come the next day for free.

Look out local brick and morter stores!

 

AuthorBob Appleby | Comments Off |
in ,
Saturday
May302015

Lenovo has been pushing into the phone market and here is another entrant that we might be able to expect in the future...

DateSaturday, May 30, 2015 at 7:12AM

While smartphones with built-in projectors haven't gone anywhere yet, maybe Lenovo's twist on providing a destop interface display with their phone will begin to attract some users. Not only designed with the ability to project the phone's screen with the pico projector, with a twist of the projector cap and setting up the phone's kickstand, you can now project an image onto the desktop for interacting via a keyboard or other image being displayed. There isn't any release date on this at this tiime but it will be interesting to see one when it comes out. In the meantime, take a look at the video below.

 

AuthorBob Appleby | CommentPost a Comment |
in ,
Friday
May292015

Should Smart Watches like the Apple Watch be considered a handheld device?

DateFriday, May 29, 2015 at 10:11AM

imageYesterday I posted an article about Smart Watches being distracting to drivers and today I found an article at Appleinsider.com that reports that an Apple Watch owner was just fined in Quebec for operating his new Apple Watch while in the driver’s seat (report from CTV Montreal). The driver stated that he was using the watch’s built in music app to control his iPhone that was connected to his car’s stereo.

The ticket cited Section 439.1 of the Quebec Highway Safety Code, which reads, "No person may, while driving a road vehicle, use a hand-held device that includes a telephone function." Use of Bluetooth accessories, like headsets and hands-free equipment, is allowed. A literal interpretation could find Macesin not technically in violation of the statute, as the "handheld device" in this equation — Macesin's iPhone — was stowed in a bag and therefore unreachable.

My belief is that it is as much of a handheld device as a phone, being in this case an screen extension of the phone control. Just glancing at the watch to see what time it is, is one thing, but actually going through the menus and choosing options is another. What do you think?

AuthorBob Appleby | CommentPost a Comment |
in , , , ,
Thursday
May282015

Amazon Prime

DateThursday, May 28, 2015 at 9:56AM

imageHave you considered joining Amazon Prime? For the annual fee of $99.00 you certain have a lot of things that you gain. I will list them below and maybe this will help you decide whether it is a good option for you.

Free Two-Day Shipping. Whenever you see the prime symbolimage on an item that you are purchasing this item is eligible for free two day shipping to the delivery location that you assigned to the  in order. So, if you are ordering quite a bit from Amazon and you may find this one feature worth the entire annual fee.

Prime Instant Video. This feature provides unlimited instant streaming of over 40,000 movies and TV episodes.So if you're busy trying to catch up on some old TV shows that you have missed this is a great way to do so.

Prime Music. If you like Pandora and some of the other online music providers then you will love this feature that is again free. You can setup unlimited, ad free access to over a million songs and hundreds of playlists. So choose you favorite artist and dance away.

Prime Photos. anew feature that provides unlimited storage of your photographs.  This includes Raw files from Canon, Nikon and Sony. The limit is on the total storage of your video files (5 gb) before you will have to start paying for the increase storage requirements. This is again a simple and reasonable option for storing your digital photos safely in the cloud.

Prime Early Access. Amazon runs online specials and just because you are a Prime Member you get a 30-minute jump on the rest of the world that hasn’t ponied up the admission price. This also give you access to new events showing up on myHabit.com.

Kindle Books. Choose one featured early release book for FREE every month. You can also borrow one Kindle Book per month from over 500,000 titles for free on any Kindle device with no due dates. Two great options if you are a reader and use your Kindle for digital books.

You take a look at always options I am sure that you will find one or two at least that you would use. It doesn't take long to see the savings that pile up if you are in active user of these Amazon Prime benefits. There are so many other little things that add up as well that I find myself not being able to leave behind the Prime Membership system. I think you'll find this true for yourself as well.

AuthorBob Appleby | CommentPost a Comment |
in
Wednesday
May272015

Here’s a thought, will smartwatches be more distracting to drivers than smartphones?

DateWednesday, May 27, 2015 at 10:13AM

imageTweaktown.com author Michael Hatamoto posted a blog entry discussing this very thing. When you consider how bad it is with drivers grabbing their phone now and how many accidents that seem to derive from texting it is scary to think about people that have added another device that is so easy to glance at that they may do so way to often. While this toy is still on the expensive side the number of orders for the Apple Watch are outstanding. We keep adding more and more devices to provide and interface to our digital world and we are spending less and less time with direct communication and personal contemplation about our lives, goals and desires.

So, you may want to rethink about getting the new fangled gadget and just get home and enjoy your family and friends.

AuthorBob Appleby | CommentPost a Comment |
Monday
May252015

Adobe Photoshop Touch slated for replacement

DateMonday, May 25, 2015 at 9:56AM

This is Adobe’s advanced photo editor for iPad and Android tablets. Touch will still continue to work as long as it’s downloaded and installed, but no more updates will be produced and it is no longer for sale.

New prototype apps that Adobe is showing appear to be able to provide editing functions approaching workstation speeds.Adobe has provided a video that also shows off options like selective object removal, color swapping, and image warping.

CNet reported that unlike the $10 Touch, upcoming software should be free, but demand a Creative Cloud subscription to sync files with Photoshop CC on the desktop, or the rest of the CC suite.

It is nice to see that programs is this area are progressing. I will be interested to see how well they work on older iPad equipment and Android devices.

AuthorBob Appleby | CommentPost a Comment |
in , ,
Friday
May222015

"Los Pollos Hermanos" ransomware - what will they think of next?

DateFriday, May 22, 2015 at 4:27PM

By Paul Ducklin, nakedsecurity.sophos.com

Cryptoransomware isn't a new topic any more, but it's intriguing to look at what the crooks are up to these days.

As you probably know, ransomware – malware that locks you out of some or all of your digital stuff and demands money to let you back in – has two main flavours.

There's lockscreen ransomware, where you can't use your computer at all, except to stare at the lock screen or pay up the extortion fee to unlock.

You can usually get out of that sort of malware scrape on your own by rebooting (e.g. using Sophos Bootable Anti-Virus, which is Linux based) so that the lockscreen program never runs:

Can't view the video here? Watch on YouTube. Can hear? Click on the Captions icon.

And there's cryptoransomware, where your computer runs just fine but all your files are scrambled.

To unscramble them you need to buy a decryption key from the crooks.

Sometimes you can get out of trouble on your own, especially if you have a recent backup.

Then you can thumb your nose at the crooks, no matter how cleverly they've handed the encryption and decryption part.

If you don't have a backup, and you aren't prepared to pay (we salute your obduracy!), then you have two choices.

Either have to take it on the chin and lose your files, or hope that the crooks have made a programming blunder that lets you sidestep or crack their cryptography.

What you see

Usually, lockscreen ransomware tries to frighten you into paying up by using a police logo, often vaguely tailored to your own jurisdiction with ripped-off logos and web banners, and by asserting you've committed some kind of cybercrime.

The crime typically relates to pornography or copyright infringement, and the malware claims that the payment is a penalty that will settle the matter without criminal charges, much like when you pay a parking fine or minor speeding ticket.

Cryptoransomware, on the other hand, no longer bothers with the police pretence: the crooks are quite happy to remind you who you're dealing with.

You're not paying up because you think you might otherwise get into trouble for those pirated ROMs in your 1980s videogame emulator stash.

You're paying up to get back your unsubmitted thesis/irreplacable kitten videos/records urgently needed by tax office/priceless 1980s videogame ROM stash.

TeslaCrypt, for example, kept things really simple, stating unequivocally that:

And now, there's PolloCrypt, for want of a better name (Sophos products block this one as Troj/LPoLock-A), where real-life cybercrooks are drawing on imagery from TV criminals:

As you can see, this sample was targeted at Australian users – AUD is the currency code for the Aussie Dollar – and has a two-tier payment plan.

The theory of two-tier payments seems to be that some users will back themselves to get out of trouble without paying, and then have to come back in a few days and admit defeat...

...so why not get your data back at a "discount" right away?

→ This malware doesn't adapt itself at run time by working out where in the world you are, like most lockscreen ransomware. The warning screen is embedded in the malware itself as a base64-encoded BMP file, so that the malware will work even if it triggers while you are offline.

For those not up to speed on twenty-first century cult TV shows, Los Pollos Hermanos (The Chicken Brues) is a ficticious fast-food chain in the Southern border states of the USA that appeared in Breaking Bad.

Despite the unlikely-sounding basis of a high school chemistry teacher turned methamphetamine crook, Breaking Bad ended up with a Guinness World Record as the highest-rated TV series ever.

Seems like cybercrooks love their cult TV, too.

They've also learned to trade on the "reputation" created by CryptoLocker, the first widespread ransomware that really raked in money.

Early victims reluctantly reported that by paying up they did get their data back, and the CryptoLocker gang had built an online infratructure that could keep up with demand, so paying almost always worked.

Even some police departments ended up shopping for Bitcoins to recover data they'd neglected to back up. (We're not sure what evidentiary value any of it would have had afterwards, but if the recovered data meant the difference between making payroll or not, we can understand those payments, for all that we disagree with them.)

The PolloCrypters are playing the same card:

How can you believe that we will decrypt your files? We definitely understand and appreciate the fact that you may not trust us, if you do not believe our claims you can send 1 file to us and we will decrypt it for free just to prove our legitimacy.

How do I know that you wont just encrypt my files again? Obviously, we have a reputation to protect, if we were unfaithful and just re-infected your computer AFTER you pay, then this would give us a bad name and no-one would pay us, it is in our best interest to stick to our word.

They even go on provide a help screen explaining how to buy Bitcoins, but they warn you to keep quiet about the reason, lest some do-gooder tries to talk you out of paying up:

NOTE: When speaking to the Bitcoin exchangers its wise not to mention that you are paying for a ransom, they may refuse you.

It's not all sweetness and light, of course

WARNING: Only proceed to validation once you have paid. False attempts will cause destruction of your decryption key.

That's reiterated in no uncertain terms when you go ahead to claim your decryption key:

The silver lining

In the Troj/LPoLock-A sample we examined in SophosLabs, the crooks didn't get the cryptography right.

That means there is a fighting chance that you can recover your files by bypassing the private key component of the cryptographic equation, and not paying up.

However, because this malware is written in a high-level scripting language (Microsoft PowerShell), anyone who gets their hands on a copy of the code can fairly easily modify it to adapt its behaviour.

So don't rely on cryptographic blunders to get out of trouble – take steps in advance to defend against ransomware and much more:

  • Keep your anti-virus active and up to date. That means you're more likely to block malware attacks proactively.
  • Patch your operating system and applications promptly. Many attacks rely on exploiting bugs that are already fixed, so make yourself high-hanging fruit.
  • Be suspicious of unexpected email attachments, no matter how relevant they may seem. That means you are less likely to double-click a malicious program by mistake.
  • Make regular backups, and keep at least one offline. That protects you from data loss of all sorts, whether caused by ransomware, flood, fire, loss, theft and so on.

By the way, there is one thing you can learn from the crooks: encrypt your backups!

That way, if someone steals the USB hard disk with your tax returns on it, your data is just so much shredded cabbage as far as they're concerned.

AuthorBob Appleby | CommentPost a Comment |
in , , ,
Thursday
May212015

Gizmodo Posting describes Simple Security Flaw that opens up quite a few routers at risk…

DateThursday, May 21, 2015 at 12:25PM

imageView Gizmodo Post

SEC Consult Vulnerability Lab has discovered the flaw in a driver referred to as NetUSB. The driver, as its name suggests, is installed on routers to allow computers to access USB devices over a network.

The driver contains an error known as a buffer overflow, which can occur when a device sends its name to the router and it’s longer than 64 bytes. The researchers claim that the simple overflow can be used to crash the router, using denial of service of attacks, and even execute code remotely.

Among the Company’s products that are affected include Netgear, D-Link, TP-LINK, Trendnet, and Zyxel.

Solution: TP-LINK has started releasing fixed firmware. The status of affected products can be found in the affected product list above. For additional information also see CERT/CC vulnerability notice: http://www.kb.cert.org/vuls/id/177092

Workaround: Sometimes NetUSB can be disabled via the web interface, but at least on NETGEAR devices this does not mitigate the vulnerability. NETGEAR told us, that there is no workaround available, the TCP port can't be firewalled nor is there a way to disable the service on their devices.

Here is the link for SEC-Consult’s Report

AuthorBob Appleby | CommentPost a Comment |
in , , ,
Tuesday
May192015

The FBI reported that a researcher hacked commercial plane causing it to “climb”

DateTuesday, May 19, 2015 at 11:29AM

The FBI reported that an aviation computer security researcher told the FBI that he had taken control of at least one commercial airliner. The FBI filed a warrant in New York State Federal Court. According to the affidavit the researcher Chris Roberts told the FBI that he:

connected to other systems on the airplane network after he exploited/gained access to, or "hacked" the [in-flight entertainment] system. He stated that he then overwrote code on the airplane’s Thrust Management Computer while aboard a flight. He stated that he successfully commanded the system he had accessed to issue the climb command. He stated that he thereby caused one of the airplane engines to climb resulting in a lateral or sideways movement of the plane during one of these flights. He also stated that he used Vortex software after compromising/exploiting or "hacking" the airplane’s networks. He used the software to monitor traffic from the cockpit system.

Roberts was detained and questioned by the FBI in April after he landed on a United Airlines flight from Denver to Syracuse. Roberts tweeted a joke about taking control of the plane while on the flight. The stupidity of some individuals never fail to amaze me. Roberts has not been arrested or charged with a crime as of this posting but he has been banned from flying with United Airlines.

AuthorBob Appleby | CommentPost a Comment |
in
Monday
May182015

SONOS 2 Room Starter Package $50 savings

DateMonday, May 18, 2015 at 2:47PM

imageThis is a buy direct deal but if you have been on the edge thinking about jumping into Sonos for your home this might be the time to do it. These speakers individually cost $199/each but if you buy them in the two pack starter kit you only pay $349 plus tax. Here’s your link.

AuthorBob Appleby | CommentPost a Comment |
in
Monday
May182015

Naked Security 60 Second Video Review

DateMonday, May 18, 2015 at 2:40PM

AuthorBob Appleby | CommentPost a Comment |
in ,
Saturday
May162015

Microsoft announces six different versions of Windows 10

DateSaturday, May 16, 2015 at 10:00AM

imageThere will be six versions released, with Windows 10 Home, Windows 10 Mobile, Windows 10 Mobile Enterprise, Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. As you can see, most people will opt for Home or Professional. Here is a quick run down from Mary Jo Foley:

Windows 10 Home: The consumer-focused desktop edition. This will include the core Windows 10 features, such as the Edge browser, Continuum tablet-mode for touch-capable devices; Cortana integration; free Photos, Maps, Mail, Calendar; Music and Video apps; and Windows Hello face-recognition/iris/fingerprint log-in for devices that support those technologies. On devices with screen sizes of 10.1 inches or less, users also will get Universal Office apps for free, once they are available.

Windows 10 Mobile: This is the SKU for Windows Phones and small Intel- and ARM-based tablets. ("Small" means between three and 7.99 inches in size.) This SKU will include the core Windows 10 features; free Universal Office apps once they are available; and support for Continuum for Phone, allowing customers to use phones as PCs connected to larger screens (but only on new devices supporting certain screen resolutions).

Windows 10 Mobile Enterprise: This is a version of Windows 10 Mobile for volume licensing customers only. According to the blog post, this SKU incorporates the latest security and feature updates to Windows 10 once they are available. There's no word if users will be able to delay these updates in order to test/stagger their delivery, which is offered under Windows Update for Business.

Windows 10 Pro: A desktop version of Windows 10 for mobile workers, tech enthusiasts and other power users. This version is one of at least two -- the other being Windows 10 Enterprise -- that will allow users to opt for Windows Update for Business. Windows Update for Business will allow admins to opt to not receive all feature and security updates from Microsoft immediately after they are available.

Windows 10 Enterprise: This is the Enterprise version of Windows 10 that is available to volume-licensing customers. This version is not part of Microsoft's first-year-free upgrade offer, but those with volume-licensing Software Assurance customers will be able to move to this version as part of their licensing terms. The Enterprise version customers get access to the Long Term Servicing Branch of Windows 10 -- which allows them to opt to receive security fixes only and no new features as Microsoft rolls them out.

Windows 10 Education: This is the version for staff, administrators, students and teachers, and will be available through academic Volume Licensing. Microsoft officials say there will be paths for schools and students to upgrade from Windows 10 Home and Pro, but don't yet provide details on that front.

AuthorBob Appleby | CommentPost a Comment |
in , ,
Friday
May152015

Can the Rombertik malware really "destroy computers"? No, no, three times NO!

DateFriday, May 15, 2015 at 12:24PM

Thanks to James Wyke of SophosLabs for doing the hard parts of this article.

We didn't really want to get drawn into this one.

But it's hard to avoid commenting on malware that has variously been described as a "terrifying 'suicide bomber'" and as having a payload that "destroys computers."

That's the sort of computer security hyperbole that does nothing but harm.

The best outcome is that you end up being offensive, as you are when you insist on trotting out the phrase "digital Pearl Harbor" and expecting to be taken seriously.

The worst outcome is that you create an entirely false sense of security by describing a manageable, albeit serious, threat as though it were truly extreme.

By creating the impression that a manageable threat is "as bad as it gets," you undermine your readers' interest in bothering about less serious threats at all.

Introducing Rombertik

The malware in question has been nicknamed "Rombertik" (Sophos products will block it as Troj/Delp-AD).

SophosLabs first came across it in January 2015, one of some 300,000 new malware samples that we encounter each day.

→ The vast majority of the samples we get each day aren't truly new. They're unique only in the strictly technical sense that they consist of a sequence of bytes that we haven't encountered before, in the same way that Good morning and GOOD MORNING are not literally the same. Most of the new samples that show up each day are merely minor variants that we already detect, or known malware that has been encrypted or packaged differently. Nevertheless, that still leaves plenty of samples worth looking at.

Rombertik's primary purpose seems to be to hook itself into your browser so it can keep track of what you type in.

Make no mistake, credential stealing malware of this sort is serious, because it can lead to compromised bank accounts, hacked servers, stolen data, decrypted secrets and more.

But it won't destroy your computer, or kill you along with itself.

The cause of the hype

Where the hype-making headlines come from is an anti-hacking trick that's buried in the malware.

Many Trojans and viruses over the years have had some sort of tamper-detection or tamper-prevention built in, just like the security tools that try to detect them in the first place.

Some malware, like Dyreza, about which we wrote recently, tries to work out if it is being run inside a malware research environment, and behaves entirely innocently if so.

This is the low-key way of avoiding notice: give nothing away at all, so that the file gets overlooked and put to the bottom of the queue for attention.

Other malware, like Rombertik, takes a different approach.

If it detects that you have altered the malware in certain ways – for example, if you are another crook trying to repurpose it without paying for the privilege – it will overwrite vital information on your computer.

In all likelihood, you'll lose your data and end up reinstalling your operating system and applications to get up and running again.

You can call it spite, call it revenge, call it retaliation, call it destructive to your data (that much is perfectly true)...

...just don't say that it destroys the computer, and don't even think of comparing it to suicide bombing.

How it works

For what it's worth, Rombertik's data-wiping techniques go something like this:

Try to wipe out the MBR.

The MBR is the very first data sector on the hard disk, known as the Master Boot Record, and it maintains an index of how your disk is partitioned.

Wiping the MBR really is a spiteful way to proceed, because it leaves you so near, yet so far.

Technically speaking, all your data remains behind, so with the right expertise or recovery tools you may very well get it back, but almost certainly not without plenty of frustration along the way.

It's like putting a vital document through a shredder and then handing back the strips and saying, "There you are. All present and correct! You only have to work out which pieces go where."

Fortunately, writing to the MBR requires Administrator privilege on Windows, so a program run by a regular user can't do it.

If trashing the MBR fails, Rombertik falls back on this:

Starting in the home folder, overwrite almost all files.

In what is almost certainly a bit of gruesome humour from the crooks, Rombertik works just like ransomware, encrypting your files in place on the disk.

The malware chooses a random 256-byte encryption key for each file, but none of the keys is saved anywhere, so you end up with what is effectively random, shredded cabbage instead of your data.

Only files with the extensions .EXE, .DLL, .VXD and .DRV will survive.

What to do?

Ironically, getting hit right away by Rombertik's data-wiping payload is probably a safer outcome than being infected for days or weeks without noticing.

Remember that the non-destructive part of the malware sets out, amongst other things, to snoop on your browsing and steal your data, perhaps even your identity.

Either way, as with any malware, your best bet is not to get infected in the first place:

  • Keep your operating system and applications patched.
  • Use an active anti-virus and keep it up-to-date.
  • Avoid unexpected attachments.
  • Try stricter filtering at your email gateway.

And these precautions will shield you against all sorts of catastrophes, not just destructive malware:

  • Only logon with Administrator privileges when you genuinely need to.
  • Take regular backups, and keep one backup set off-site.
  • Remove unnecessary or unwanted software so there is less to go wrong.
AuthorBob Appleby | CommentPost a Comment |
in , ,
Friday
May152015

Lync is now Skype for Business–see what’s new

DateFriday, May 15, 2015 at 11:51AM

If you already use Skype to stay in touch with friends and family in your life away from work, you'll appreciate the power and simplicity of Skype for Business where it's easy to find and connect with co-workers. And you can use the devices you already have to reach businesses through an enterprise-grade, secure, IT-managed platform. If you're coming to Skype for Business from Lync, you'll recognize all of the features you already use but in a fresh new interface with simplified controls and some great new additions:

  • New look and feel

  • Call from Skype for Business using your desk phone for audio

  • Integration with the Skype directory

  • Call Monitor

  • Rate My Call

  • Quick access to call controls

  • Emoticons

New look and feel

If you’re a regular user of the commercial version of Skype, then Skype for Business will seem very familiar: the Contacts list, presence indicators, buttons and icons, and even the app sounds should make you feel right at home.Learn more.

Skype for Business Contacts list

Of course, all the essential Lync features are still there—like the Quick Actions buttons, which let you IM or call a contact (and more) with just one click or tap.

Contact quick actions: IM, audio, video, contact card, and more

In the Skype Meeting window, the simplified arrangement of controls and menus makes it easy to find the command you need. In the conversation window, chat text is formatted so you can easily see who’s talking, and tabbed conversations allow you to keep track of several discussions at once.

IM window with two conversations, and meeting window with Present menu

If you've ever had someone send you a file during an IM conversation, then file transfer preview is another feature of the new Skype for Business look and feel you'll appreciate. When someone sends you a file, select Download in the IM window to update the file's icon, or right-click or tap and hold to forward, preview, or delete it.

Preview a file sent to you during an IM conversation

Call from Skype for Business using your desk phone for audio

IMPORTANT   This feature is available only if your organization has Skype for Business Server 2015.

If you have a PBX (Private Branch Exchange) desk phone and your IT department has configured it to work with Skype for Business you can search for people in your organization and place calls to them from within the Skype for Business user interface, while audio for the call flows through your standard desk (PBX) phone. You can also place calls from the Skype for Business client using any phone near you (like your mobile, home, or hotel phone). The person you’re calling sees your phone number as though you were calling from your company's main phone number. When you make a Skype for Business call with audio routed through your desk phone, you get great audio, plus:

  • IM—so you can do a quick copy/paste of a URL you want to share, for example

  • Desktop and app sharing—so you can easily show and tell, work through problems, or explain stuff with visuals

  • Attachments—send files to the other person without leaving Skype for Business

Diagram of the call via work process

Server admins enable and configure this feature for the enterprise. End users have limited configuration capabilities, which include turning the feature on or off for their individual account (once it's enabled at the enterprise level) and setting the phone number that Skype for Business should call. If the number has been set and locked by the administrator, then outgoing call options will be unavailable.

Screen shot of the Call Handling dialog with the Outgoing Calls section highlighted

For more information, see Make a Skype for Business call but use your PBX desk phone for audio

Integration with the Skype directory

IMPORTANT   This feature requires:

  • Skype for Business Server 2015 or Skype for Business for Office 365 Skype for Business Logo

  • The latest version of Skype Skype logo

Skype for Business users can connect over the Internet with hundreds of millions of Skype users right from the Skype for Business user interface. The first step is to search for your contact.

  1. In the search box on the Contacts view of the Skype for Business main window, type a name, IM address, or desk phone number (if they are in your organization). As you type, search results will start appearing below the search box and the tabs will change from Groups, Status, Relationships, and New:

    When the Search box is empty, the available tabs are Groups, Status, Relationships, and New.

    to My Contacts and Skype Directory:

    When you start typing in the Search box, the tabs below change to My Contacts and Skype Directory.

  2. If the person you are searching for is in your organization, keep the My Contacts tab selected (that's the default). When My Contacts is selected, Skype for Business searches in your organization's address book.

    If the person you are searching for is not in your organization but you know they have a Skype account, click the Skype Directory tab to search for them among the millions of Skype users out there. Knowing their Skype ID and location helps narrow the search quickly. You can also search using their email address or Microsoft account (e.g., JohnDoe@outlook.com).

    NOTE   Your administrator enables or disables the Skype Directory search feature in accordance with your organization's search policy. If you don't see a Skype Directory tab like the one shown in the screen shot above, then you won't be able to search for Skype users.

When you search for contacts in the Skype directory, you can add them to your contact list, have an instant messaging conversation, see their presence information, and have an audio or video call with them. Note that the Skype directory only contains contact information for Skype users, not Skype for Business users. A Skype user who wants to add a Skype for Business user to their contact list must use the Skype for Business user's full email address, such as Joe@contoso.com.

Call Monitor

Call Monitor is a popular Skype feature that's now available in Skype for Business. With Call Monitor, you can move back and forth between a full Skype for Business window, for those times when you're actively participating in the call, and a compact version that lets you continue to monitor call progress—and mute or end the call—while focusing on other tasks.

The compact Call Monitor window appears during an audio or video call whenever the main conversation window is minimized. To show the full conversation window again, simply double-click or double-tap the Call Monitor.

Screen shots of both full Skype for Business windows and minimized window

Rate My Call

The Rate My Call feature lets Skype for Business Server 2015 administrators collect call data, access standard reports, and export raw data for further analysis. This feature is available for on-premises deployments only. Users are prompted to take a survey after completing a call.

Screen shot of the call quality rating dialog

Quick access to call controls

Access to the dial pad and call controls is much improved. For public switched telephone network (PSTN) calls, the dial-pad and call controls remain visible throughout the call. For non-PSTN calls, the dial-pad and call controls are accessible with one click.

Comparison of call controls in PTSN and non-PTSN calls

Emoticons

Skype for Business now includes the same set of emoticons found in the consumer version of Skype. You can turn off emoticons in Skype for Business by going to Options > IM. No server setting is available.

Screen shot showing available emoticons and the control for turning them on and off

AuthorBob Appleby | CommentPost a Comment |
in ,
Thursday
May142015

Apple confirms that tattooed wrists will confuse Watch

DateThursday, May 14, 2015 at 6:08PM

Apple has stated:

imagePermanent or temporary changes to your skin, such as some tattoos, can ... impact heart rate sensor performance. The ink, pattern, and saturation of some tattoos can block light from the sensor, making it difficult to get reliable readings.

This technology, while difficult to pronounce, is based on a very simple fact: Blood is red because it reflects red light and absorbs green light. Apple Watch uses green LED lights paired with light‑sensitive photodiodes to detect the amount of blood flowing through your wrist at any given moment. When your heart beats, the blood flow in your wrist — and the green light absorption — is greater. Between beats, it's less. By flashing its LED lights hundreds of times per second, Apple Watch can calculate the number of times the heart beats each minute — your heart rate.

Dark inks, such as red, blue and black, are reportedly more likely to obscure heart rate readings, given how colors play into the device's sensor system.

There has also been some conjecture that the watch may not work as well with people who have darker skin. Hmmm, a bigoted watch.

AuthorBob Appleby | CommentPost a Comment |
in
Wednesday
May132015

Why migrate to 802.11ac?

DateWednesday, May 13, 2015 at 5:08PM

sidebar imageMobile devices and apps are pushing Wi-Fi to the limit and there’s no end in sight. Workers are determined to use enterprise apps on personally-owned devices to get more done and it’s placing a huge burden on corporate Wi-Fi networks. That’s why enterprise IT is migrating to 802.11ac, the gigabit Wi-Fi standard.

In this 802.11ac primer learn more about:

  • Why is 802.11ac crucial for today’s all-wireless workplace
  • What are the key technical advantages of this wireless standard
  • Why you should move to 802.11ac

Get the 802.11ac Migration Guide

Let me help you to become the Mobility Hero for your organization today.

If you have any questions or would like to discuss the Aruba product line give Jude Daigle or Bob Appleby a call at 724-838-7526

imageLearn more about the why, the how, and the significant improvements attained by migrating to 802.11ac.

PAconnect
http://www.paconnect.com

AuthorBob Appleby | CommentPost a Comment |
in , ,
Page 1 ... 28 29 30 31 32 ... 77 Next 20 Entries »