The SOS Blog

SECURITY UPDATE: Adobe Updates for Flash Player – Multiple Vulnerabilities

FlashPlayLogo

Original release date: February 13, 2013 –

 “Adobe has released a security update for Adobe Flash Player to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition or take control of the affected systems.” (CERT)


As a review, Denial of Service or (DoS) is a brute force attack that can stop a machine or network service making it unavailable to the user.   It does this by overloading the machine or service with too many requests at once.

Advice:

Go to the Adobe Flash Download Center and make sure your system is updated.  Chrome users should see the following message:

Your Google Chrome browser already includes Adobe® Flash® Player built-in. Google Chrome will automatically update when new versions of Flash Player are available.

If you wish to manually trigger Chrome to update, go to the 3 bar icon on your Chrome browser in the upper right hand corner.  Click and pull down the menu. Click on “About Google Chrome”.  It should immediately begin checking for updates.   If you wish to check to make sure the update is installed, type the following in the location bar of your Chrome browser:   chrome://plugins/    and check to see that the version numbers of the Flash player match to the update.

Relevant URL(s):
<https://www.adobe.com/support/security/bulletins/apsb13-05.html>

February 16, 2013 Melanie , , No comments
MelanieSECURITY UPDATE: Adobe Updates for Flash Player – Multiple Vulnerabilities
read more

Android Users: Malware Issue and Security Update Notice for Wireless Carriers

Android Users: Malware Issue and Security Update Notice for Wireless Carriers

Android-hackedAndroid Users: Malware Issue

There’s a  new type of malware that can infect your computer when you connect your smartphone or tablet to your computer and then install a backdoor on your computer.

The suspected malware are Clean and DroidCleaner found in Google Play android market. These two are actually the same application.  They are just released under two different names.

These applications are apparently disguised as a tool to clean memory for the Android operating system, but after installing and running it, it displays a list of all running  processes and then restarts the device. Later, in the background, the app downloads three files:

  • autorun.inf,
  • folder.ico,
  • and svchosts.exe onto your phone.

Advice:

Currently, Google’s malware detection only targets about 15% of attacks.  Android 4.2  allows a user to access malware protection under ‘Quick settings’.  To access, ‘Quick settings’ can be accessed by swiping down from the top of the screen with two fingers, rather than the one-finger swipe used to access notifications. You can also use the settings button that located at the top of the notification drop-down menu.  You can access a malware scanner for the platform that screens “sideloaded” apps — meaning software not downloaded from Google Play — for any mischievous code.  As noted above, though, both of these apps mentioned above are found on the Google Play market.  So Buyer Beware!

android-logoAndroid Security Update Notice for Wireless Carriers

Android users may have noticed that they are not getting their regular security update notifications as they should leaving them and those they connect with open to exploit and risk.   The following explains why:

Activist Chris Soghoian, who has  targeted zero-day brokers in the past with his work, has focused his attention on wireless carriers and their reluctance to provide regular device updates for Android mobile devices.

Read more

Advice:

Make sure you check this link frequently, about once every 2 days.   Bottom line:  Google Android does not have the protection against malware that it should.  Keeping  up to date with security warnings is your best defense.

February 16, 2013 Melanie , , No comments
MelanieAndroid Users: Malware Issue and Security Update Notice for Wireless Carriers
read more

How To Add A Photo or Image on Twitter

Some of you are wondering (now that Twitter doesn’t want your to use a lot of third party clients to upload your photos) how you upload a photo to Twitter. Well here’s how…

  1. Begin a new Tweet on twitter.com.NewTweet
  2. Click on the camera icon.
    CameraAppears
  3. Locate the image you want to upload on your computer when prompted.
  4. After you select an image, you’ll see the image thumbnail and the camera icon highlighted in blue at the bottom of the Tweet box.
    PicAppears
  5. Type your message and click Tweet.
  6. If you uploaded the wrong image or changed your mind, just click the x in the thumbnail or next to the filename to delete the current image.
  7. That’s it! You did it!
January 30, 2013 Melanie , No comments
MelanieHow To Add A Photo or Image on Twitter
read more

Take Control of YOUR Information

Image Source: Sneakers, film,

Image Source: Sneakers, film, 1992

There’s a war out there, old friend. A world war. And it’s not about who’s got the most bullets. It’s about who controls the information. What we see and hear, how we work, what we think… it’s all about the information!

– Cosmo, film-Sneakers, 1992

Yes, it is all about the information these days.  From the Garden of Eden with its ‘Tree of the Knowledge of Good and Evil’ to our ‘Information Age’,  we crave ‘the information’.  And now we’ve learned how to mine more of it, do it faster, and manipulate it to our advantage.

This is especially true of Social Media information.   Companies have the right (and do) collect and sell your information — if we give it to them.   Social Media like Google + and Facebook make their revenue off it and you and I look at ads through their interfaces aimed specifically at our likes that we’ve freely told them about when we ‘Like’ business pages or comment to our friends about where we went to eat or what we bought.  We log on and we post….

And we post and we post.  And Facebook and Google get all that information… FOR FREE, well, for free from us.  We don’t directly receive any payment for what we post.  What we post doesn’t lead back to our website (if we  have one ).  It stays right there on Facebook or Google or any of the other popular social media.  Facebook even allows you to download everything you’ve posted and they state in their TOS  (Terms of Service) that you and I  “…own all of the content and information you post on Facebook, and you can control how it is shared through your privacy and application settings. ”  Except that you can’t control the fact that Facebook reserves the right to use that information as a marketing asset to be sold to those willing to pay for it.  That’s the deal we’re all pretty much aware of…we just tend to forget it when we’re on Facebook and enjoying the fun of sharing with our friends.  So what is my point?

My point is this: It’s your information and you should at least take control of it to the extent that you can choose the privacy settings you want as a personal policy.  But there’s something you can do that gives you even more control — change the directional flow of your information.  Instead of posting directly to Facebook or Google + all the time, why not start posting your thoughts through your own blog from your website and then post that to Facebook or Google+?  Only then do you start controlling where the traffic flow goes:  from your website >> to social media >> and back to your website again instead of letting it sit on social media doing other businesses a lot of benefit.

Why not ask us here at Switched-On-Sites how we can help you take control of YOUR information and redirect your social media traffic to benefit you and your site!

January 16, 2013 Melanie , No comments
MelanieTake Control of YOUR Information
read more

Different? Better? Completely Gone? We do know what’s going to happen to Google Sync

Source: The Googlighting Stranger, Google Images

If you have ever watched Microsoft’s now infamous Internet commercial “Googlighting Stranger“, you know there’s a couple of famous lines in it that describe Google’s business model of killing features and tools after getting people to commit to them.  “How else are we going to know what features to keep and what to kill?” asks Mr. Epperson, Google’s fictitious representative in the video.  “Different? Better? Completely Gone? Who knows what the future holds for Google Apps?”

Well, we do know what’s going to happen to Google Sync, the feature that allowed iPhone users of Google Apps to access all the familiar tools.   It will stick around for existing users and users of the Business, Government  and Education  versions of Google Apps but no longer for those who use the Standard (make that ‘free’ version)

According to Google from their blog, they are doing a little ‘winter cleaning’:

“Google Sync was designed to allow access to Google Mail, Calendar and Contacts via the Microsoft Exchange ActiveSync® protocol. With the recent launch of CardDAV, Google now offers similar access via IMAP, CalDAV and CardDAV, making it possible to build a seamless sync experience using open protocols. Starting January 30, 2013, consumers won’t be able to set up new devices using Google Sync; however, existing Google Sync connections will continue to function. Google Sync will continue to be fully supported for Google Apps for Business, Government and Education,”

Jim Dandy, aint it?   Of course, Android users won’t be affected.  But hurry soon, and get sync’d you free Google Apps users.  Because after Jan 30, 2013  you won’t be able to enable Google Sync on any new device.

December 15, 2012 Melanie , No comments
MelanieDifferent? Better? Completely Gone? We do know what’s going to happen to Google Sync
read more

Ransomware Locks Computers, Demands Payment

There’s been a nasty virus that’s come into to town and the FBI wants you to be aware of it.

The Reveton virus, used by hackers in conjunction with Citadel malware—a software delivery platform that can disseminate various kinds of computer viruses—first came to the attention of the FBI in 2011.

What’s so bad about this new virus?

Reveton is described as drive-by malware because unlike many viruses—which activate when users open a file or attachment—this one can install itself when users simply click on a compromised website. Once infected, the victim’s computer immediately locks, and the monitor displays a screen stating there has been a violation of federal law.

I came across news of it today through one of my organizations, ChurchIT Roundatable (which seems to verify that is is indeed spreading according to FBI’s partner site IC3’s Donna Gregory) ,  from a member posting that one of his clients now had a compromised laptop as a result.  Nice, right.  So I decided to do some investigation of my own.

If you search Google for “FBI virus“, you’ll get the FBI site right up there at the top.  In fact, the quotes above come from them.  Later on the page, there are a various tech forum posts and a YouTube describing how you can remove this virus. MacAfee is one of the leaders – which makes me wonder just how good a security system they produce.  But it seems this one can get through MSSE, too.  And if you are interested in the nuts and bolts of how this works,  here’s as good as explanation as to how that can happen with malware.  The botton line: If you don’t keep up with all your security updates, there’s going to be an exploitable hole somewhere in some layer no matter how good a system you have.  Nothing is 100%!  So to recap: this thing is bad because 1) it can get through even if you have a security system running and 2) Its spreading – you can pick it up off

But Hey! What About Google Chrome’s Phishing and Malware Protection feature?

There are some things you can do to protect yourself.  First off, make sure the security features are turned on in your browser.

If you are running IE8 or IE 9, follow these steps:

  1. Make sure you have your SmartScreenFilter turned on.
  2. IE8 users will find this, under the Safety menu, IE9 users will fine it under Tools menu.

If you are surfing with Google Chrome follow these steps:

  1. Open Google Chrome
  2. Click on the Wrench icon located on top right corner of the browser.
  3. Select Settings from the drop-down list.
  4. Click on Under the Hood from the left panel.
  5. Mark the Enable phishing and malware protection under Privacy settings.

If you are running FireFox follow these steps:

  1. Open FireFox
  2. Click on Tools >> Options>> Security
  3. Make sure the following are checked:
    • Warn me when sites try to install add-ons
    • Block reported attack sites
    • Block reported web forgeries

So what can you do if you are infected?

The IC3 or The Internet  Crime Complaint Center recommends the following:

  • Do not pay any money or provide any personal information.
  • Contact a computer professional to remove Reveton and Citadel from your computer.
  • Be aware that even if you are able to unfreeze your computer on your own, the malware may still operate in the background. Certain types of malware have been known to capture personal information such as user names, passwords, and credit card numbers through embedded keystroke logging programs.
  • File a complaint and look for updates about the Reveton virus on the IC3 website.
  • If you want to attempt removal yourself, see the links above but be aware there may be a cost involved or that you may not know for sure that you are completely clean.

Source: FBI – New Internet Scam

September 18, 2012 Melanie , No comments
MelanieRansomware Locks Computers, Demands Payment
read more

What Can A Blog Do For Your Web Site?

I sometimes hear from clients that they don’t want to mess with a blog.   Some think it’s more effort than its worth.  So I’d like to discuss today why it is worth your effort to take some time and write a weekly blog… or hire someone, like me (hint), to manage your content for you.

Traffic: A Reason To Come Back For More

You’re familiar with HubSpot, right?  Well, if not, let me introduce you to the marketing software people on the web.  Well, they’re not the only marketing people on the web but they’ve been around long enough in this fast paced online world to gather some impressive stats on blogging.  According to their research, companies that have blogs generate 55 percent more traffic and 70 percent more leads.  And if companies can do it, then your org or personal site is bound to benefit, too.

Penguin, Rankings and Original Content

Announced in April of 2012, Penguin (although not officially named until 2 days later), became the successor to the Panda algorithm powering Google’s search engine.  Panda’s job was to sanction sites with poor user experience.  Penguin’s job is to enforce original content on sites.  Simply put, not having original content will affect your site SEO rankings. How does this work?  If you have little content above the fold or are exclusively using content that originates from other sites , you might get nicked.  If you are using SEO tactics that involve webspamming or what Google calls “spamdexing” (inclusive of link bombing ) to up your rankings, you’ll get nicked.  Translation:  Google downranks web sites that do both of these things.  Google’s intent is to improve the quality of the web you and I search and depend on everyday.  And that’s a good thing to support.

An easy way to make sure you are contributing original content for the web (and to get noticed for it) is to have your own blog.  It’s a win-win situation for everyone.  Set up an appointment with me today to discuss how you can include a blog and increase your web site traffic!

 

September 2, 2012 Melanie , No comments
MelanieWhat Can A Blog Do For Your Web Site?
read more

What Clients Say | Brian McDonald, Senior Lecturer – IUPUI

I am a senior lecturer in literature for IUPUI in Indianapolis.  Melanie Reed has been the web designer for one of the four online courses I teach and is currently putting the finishing touches on another web site for me.  Her work for Literary Masterpieces on-Line was so innovative, beautifully designed, and easy-to-follow, that it has contributed greatly to the success and popularity of that course.

She is currently putting the finishing touches on a new web site for my Introduction to Fiction course.  I asked her for a course delivery system that combined  a maximum of technological wealth with a minimum of technological “fuss” and labor.  It is a testimony to her abilities that I felt confident that I could leave it in her hands, with very little guidance beyond this request for something comprehensive yet simple.  The resulting site amply justified my confidence as it is the very model of usability providing easy-to-use processes for enhancing lecture delivery, communication with students, and grading, to name just a few of its features.  The number of options provided, along with the simplicity of using them (and the ease for students accessing materials in the site) is breathtaking.

Not all web designers are good with the public.  Melanie is not one of those.   She’s outgoing, friendly, and easy to talk to. She is also unbelievably hard working; she is extraordinarily dedicated to helping a customer fulfill his/her wants and needs and willing to go the extra mile in any project she undertakes.  I can recommend her unreservedly.

Anyone who wants to contact me about Melanie’s work feel free to call me at (317) 274-9671, or email me at [email protected] 

 

Brian McDonald,

Senior Lecturer in Literature,

IUPUI Department of English

August 20, 2011 Melanie No comments
MelanieWhat Clients Say | Brian McDonald, Senior Lecturer – IUPUI
read more