"Tech News" Blog by Crown Computers
%AM, %08 %749 %2014 %09:%May

Dropbox Vulnerability Discovered (and fixed) Featured

From Ars Technica:

Dropbox has disabled access to previously created shared links to certain kinds of documents after the discovery that some users' sensitive files—including tax returns and bank records—were exposed through Google AdWords campaigns.

How it was discovered:

The flaw was discovered by file-sharing company IntraLinks, which was purchasing ads that would appear on Google when people search for the names of its competitors. IntraLinks said that "During a routine analysis of Google AdWords and Google Analytics data mentioning competitors’ names (Dropbox and Box), we inadvertently discovered the fully clickable URLs necessary to access these documents that led us to live folder contents, some with sensitive data. Through these links, we gained access to confidential files including tax returns, bank records, mortgage applications, blueprints and business plans—all highly sensitive information, some perhaps sufficient for identity theft and other crimes."

 

How to protect yourself:

For Dropbox Business users, make sure you only share documents with members of your business team. For Box users, make sure you only share documents with collaborators you trust.

While online storage is a great feature, this event highlights the fact that security flaws can and will happen.  Using the strictest permissions possible is always best practice.

It's been a good run, but if you haven't heard, Microsoft is ending support for Windows XP on April 8th, 2014.

What does this mean?  

Unsupported versions of Windows no longer receive updates of any kind, including critical secruity updates!  If a bug or exploit is discoverd your computer could be compromised and your personal information could be exposed to cyber criminals.

What should you do?

Upgrade to Windows 7 or newer.  Unfortunately, this "upgrade" requires a fresh installation of the OS (operating system), so important software and files will need to be backed up first.  It's also possible that older software will not work with Windows 7 and will require an updated version to be purchased.  It's possible to research the programs you use first before committing to any costly or unneccessary upgrades.

Need Assistance?

Crown Computers offers free consulting for our clients.  If you're interested in finding out more about how to protect your network, please call 858-483-8770.

Sources:

http://windows.microsoft.com/en-us/windows/end-support-help

http://windows.microsoft.com/en-us/windows/help/what-does-end-of-support-mean

http://arstechnica.com/information-technology/2014/03/windows-xp-users-will-be-warned-of-support-ending-with-a-popup/

Have you ever seen a pop-up suggesting that you update your version of Java?  Have you been ignoring those warnings?  Doing so could put your data at risk!

First discovered in September of 2013, a certain type of malware (referred to as "ransomware") called Cryptolocker has been infecting systems and encrypting user files.  The only way to recover those encrypted files is to restore them from backup, or to pay a $300 fee to the attackers.  If you're lucky, after paying the fee the attackers will decrypt the files and "release"  your machine back to you.  This is a NASTY infection that results in downtime, revenue loss, and potential loss of sensitive data.

From wikipedia:

CryptoLocker typically propagates as an attachment to a seemingly innocuous e-mail message, which appears to have been sent by legitimate company; or, it is uploaded to a computer already recruited to a botnet by a previous trojan infection.[2] A ZIP file attached to an email message contains an executable file with the filename and the icon disguised as a PDF file, taking advantage of Windows' default behaviour of hiding the extension from file names to disguise the real .EXE extension. Some instances may actually contain the Zeus trojan instead, which in turn installs CryptoLocker.[3][4] When first run, the payload installs itself in the Documents and Settings folder with a random name, and adds a key to the registry that causes it to run on startup. It then attempts to contact one of several designated command and control servers; once connected, the server then generates a 2048-bit RSA key pair, and sends the public key back to the infected computer.[3][1] The server may be a local proxy and go through others, frequently relocated in different countries to make tracing difficult.[5][6]

The exploit relies upon a bug in the Java VM (virtual machine) prior to Java 7 update 40.  The risk of infection can be mitigated by installing the latest updates to the Java package.

It's critical to apply java updates when they become available to ensure safe and happy computing!

Resources:

Ars Technica

SecurityWeek

%PM, %18 %993 %2013 %14:%Nov

A Second Look CEO Interview

Check out the second part of the CEO interview with Sean Goss

https://www.youtube.com/watch?v=ycJq5lEs-j0

If you are a long time Gmail user like me, you have already seen the new tabs it offers to separate your junk mail that you get and the real mail you receive.

Show are ways you can change what is displayed or to remove entirely. Also you can mark a load of emails as READ with one option

 

%PM, %08 %037 %2013 %15:%Nov

How to lock your iPad while children use

If you are like me and use an iPad to entertain your little ones, then this may news for you! Far to many times my little one has accessed my facebook or clicked on ads!

 Watch our CROWN video on how to use the GUIDED ACCESS on your iPad.

 http://www.youtube.com/watch?v=Mn-fhp2_g3o

Page 1 of 10