IE is far from the cutting-edge for security, these days…
If you still use Microsoft’s Internet Explorer, then you should be aware there’s a bug in the browser which leaks the URL (or anything else) you type into the address bar.The problem affects the latest version of Internet Explorer and was discovered by security researcher Manuel Caballero.
ADVERTISINGAs Ars Technica reports, the flaw allows the website the user is currently visiting to view any text they type into the browser’s address bar, with that text becoming readable as soon as they leave (i.e. as they hit the enter key).
This means that a maliciously-controlled website can exploit the bug to grab the URL of the next website that you’re visiting, or if you’ve typed text into the address bar, it will also snaffle that – because Internet Explorer will automatically convert that to a search (on Bing by default).
And the victim won’t be aware that this has happened, because they’ll simply be whisked off to whatever website or search they entered.
Time to move on?Given the news yesterday that Windows 8.1 has been hit by a nasty bug which prevents users from logging onto their PC with a Microsoft account – and with no apparent ETA on a fix – maybe it’s time folks started seriously thinking about moving away from ageing Microsoft software.
Of course, if you are on Windows 10, it has the Edge browser as well as Internet Explorer, and the former is obviously where the software giant’s focus lies – particularly when it comes to security aspects.
As Caballero himself observes: “[Microsoft is] really moving forward regarding Edge, design bugs, and they even extended its bug bounty, which seems to be permanent now … but I still believe it is not acceptable to leave IE wide open.”
“In my opinion, Microsoft is trying to get rid of IE without saying it. It would be easier, [and] more honest to simply tell users that their older browser is not being serviced like Edge.”
Naturally some users are forced to go with Internet Explorer due to legacy issues with services or sites, but if you have a choice, it seems like an increasingly good idea to step up to a contemporary piece of software – whether that’s Edge, Chrome or Firefox, or indeed another alternative.
With iOS 11 and macOS 10.13 High Sierra, Apple no longer allows the use of two-step verification, its original and hastily built, somewhat creaky systemfor confirming a login. If you’re still using two-step, the moment you upgrade to iOS 11 or High Sierra, Apple will convert you to the newer two-factorauthentication (2FA) method it introduced in September 2015. You don’t have to do anything but pay attention to how it works.
The best way for most people to protect an account from letting anyone who can obtain its password from being able to log in is to use 2FA. A factor is something that identifies you. A password is one kind of factor (something you know) and a token that’s sent to a phone or via SMS is another (something you have).
Apple’s original two-step system relied on its Apple ID site for set up and management, and could only send codes to iOS devices and via SMS. Its update in September 2015 left two-step in place for those who continued to want to use it, but the 2FA revision was far better. Enrollment happens via iOS and macOS. Apple’s system isn’t as robust as some security experts would like, but it’s definitely better than a password-only option.
If you’re still using two-step verification (and if not, you didn’t need to read this far), when Apple converts your account to 2FA with iOS 11 or High Sierra, here’s what you need to know:
iOS 11 is released yesterday here's a way you can get your hands on it.
HOW TO GET IOS 11
The recommended way is to tap Settings > General > Software Update and carry out the refresh from there.
Alternatively, you can connect the iPhone or iPad to a PC running iTunes and do the upgrade from there.
WHAT DEVICES CAN RUN IOS 11?iOS 11 is supported on the following devices:
REMEMBER: THINGS CAN GO WRONG!Before you go hog-wild, throw caution to the wind and start upgrading, be aware that there are risks. Things can go wrong, stuff may be broken, and you may lose data. Plenty of iOS launches have been marred by bugs and problems, so with that in mind, it's a good idea to have an up-to-date backup, because making a fuss isn't going to bring back your lost photos or documents.
You can either create a local backup using iTunes, or backup to iCloud by going to Settings > iCloud > Backup, and then turning on iCloud Backup.
Keep in mind that unless you're willing to jump through hoops and do things that Apple frowns upon, going to iOS 11 is a one-way trip, so you might want to let other people to go ahead of you just in case there are gotchas
SPRING CLEAN YOUR IPHONE OR IPADChances are that your iPhone or iPad has accumulated a lot of detritus over the months and years, so what better time to get rid of it than now.
While iOS 11 doesn't need as much free space to install as some of the earlier releases of iOS, getting rid of apps that you no longer use -- or perhaps have never used -- makes good sense.
KNOW YOUR PASSWORDSFollowing the upgrade, you'll need to enter your iCloud password in order to be able to reconnect to all your data and photos. If you don't have this close to hand -- remember, having it on the device you're upgrading isn't all that convenient -- then this might be a good time to do that.
Also, if your iTunes backup is encrypted, then remember you'll need that password if something goes wrong!
PREPARE YOURSELF FOR THE "APPOCALYPSE"The end is nigh for all 32-bit iOS apps, so if you're still relying on older apps, it's time to find alternatives.
For some time now, Apple has been warning iPhone and iPad users that legacy 32-bit apps may slow down their devices, but with the recent release of iOS 10.3, Apple has escalated things by making it clear that the end is nigh.
You can check installed apps for compatibility using the built-in checker tool (you need to be running iOS 10.3 or later for this to work).
You can find that by clicking: Settings > General > About > Applications.
From there, you'll get a list of all the 32-bit apps on your iPhone or iPad that won't run on iOS 11. If you're lucky, you won't have any apps listed, or the apps that are listed will be old stuff that you forgot you had installed and no longer use.
However, if an app that you are relying on is listed, then you need to get ready for its demise.
IS IT BETTER TO UPGRADE OR WIPE THE DEVICE AND START FROM SCRATCH?It's a lot less hassle to just upgrade a device because you get to keep all your apps and settings.
However, devices that I have wiped and reloaded a new iOS onto, and then installed and re-setup all my apps and such, feel faster and seem to suffer from fewer problems (such as Bluetooth and Wi-Fi issues). However, wiping and reloading the apps and data is pretty big hassle, and it's probably more work than most want to undertake.
SHOULD I WAIT A WHILE BEFORE DOING THE UPGRADE?There will likely be an update or two to iOS 11 coming down the pipes over the coming weeks, so you might want to wait for the dust to settle and for any last-minute bugs to be squashed before making the leap, especially if you rely on your device.
Also, if you use your device in a BYOD setting, make sure you get the OK from the IT department before upgrading, in case you're unable to access the network or data you need.
Users of Avast-owned security application CCleaner for Windows have been advised to update their software immediately, after researchers discovered criminal hackers had installed a backdoor in the tool. The tainted application allows for download of further malware, be it ransomware or keyloggers, with fears millions are affected. According to Avast's own figures, 2.27 million ran the affected software, though the company said users should not panic.
The affected app, CCleaner, is a maintenance and file clean-up software run by a subsidiary of anti-virus giant Avast. It has 2 billion downloads and claims to be getting 5 million extra a week, making the threat particularly severe, researchers at Cisco Talos warned. Comparing it to the NotPetya ransomware outbreak, which spread after a Ukrainian accounting app was infected, the researchers discovered the threat on September 13 after CCleaner 5.33 caused Talos systems to flag malicious activity.
Further investigation found the CCleaner download server was hosting the backdoored app as far back as September 11. Talos warned in a blog Monday that the affected version was released on August 15, but on September 12 an untainted version 5.34 was released. For weeks then, the malware was spreading inside supposedly-legitimate security software.
Cisco TalosThe CCleaner app, designed to help users carry out good cyber hygiene, was itself infected.
The malware would send encrypted information about the infected computer - the name of the computer, installed software and running processes - back to the hackers' server. The hackers also used what's known as a domain generation algorithm (DGA); whenever the crooks' server went down, the DGA could create new domains to receive and send stolen data. Use of DGAs shows some sophistication on the part of the attackers.
Downplaying the threat?
CCleaner's owner, Avast-owned Piriform, has sought to ease concerns. Paul Yung, vice president of product at Piriform, wrote in a post Monday: "Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process.
"The threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker.
"Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm."
Not all are convinced by the claims of Piriform, acquired by Avast in July. "I have a feeling they are downplaying it indeed," said Martijn Grooten, editor of security publication Virus Bulletin. Of the Piriform claim it had no evidence of much wrongdoing by the hacker, Grooten added: "As I read the Cisco blog, there was a backdoor that could have been used for other purposes.
"This is pretty severe. Of course, it may be that they really only stole ... 'non-sensitive data' ... but it could be useful in follow-up targeted attacks against specific users."
In its blog, Talos' researchers concluded: "This is a prime example of the extent that attackers are willing to go through in their attempt to distribute malware to organizations and individuals around the world. By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users' inherent trust in the files and web servers used to distribute updates."
Avast CTO: No need to panic
Avast chief technology officer Ondrej Vlcek said there was, however, little reason to panic. He told Forbes the company used its Avast security tool to scan machines on which the affected CCleaner app was installed (in 30 per cent of Avast installs, CCleaner was also resident on the PC). That led to the conclusion that the attackers hadn't launched the second phase of their attack to cause more harm to victims.
"2.27 million is certainly a large number, so we're not downplaying in any way. It's a serious incident. But based on all the knowledge, we don't think there's any reason for users to panic," Vlcek added. "To the best of our knowledge, the second-stage payload never activated... It was prep for something bigger, but it was stopped before the attacker got the chance." He said Cisco Talos wasn't the first to notify Avast of the issues, another unnamed third party was.
It's unclear just who was behind the attacks. Yung said the company wouldn't speculate on how the attack happened or possible perpetrators. For now, any concerned users should head to the Piriform website to download the latest software.
Over 143 Million Affected as Equifax is Hit by Massive Cyber AttackThe names, Social Security numbers, birth dates and drivers license numbers of more than 143 million people in the U.S. have been exposed
The names, Social Security numbers, birth dates and drivers license numbers of more than 143 million people in the U.S. have been exposed as a result of a cyber attack at credit reporting agency Equifax Inc.
Equifax said Thursday, Sept. 7, that criminals gained access to the information through its website in breaches between May and July. The company said it learned of the attack on July 29. The information accessed wasn't from Equifax's consumer and commercial credit databases, meaning that credit scores don't appear to have been exposed.
However, the credit card numbers of 209,000 U.S. consumers and dispute documents belonging to an additional 182,000 people were accessed, according to Equifax.
The company set up a website -- https://www.equifaxsecurity2017.com/ -- where people can check to see if their personal information may have been stolen.
Equifax shares fell 13.5% in premarket trading on Friday.
Thecomputerheale.com makes no claims about the efficacy of the information contained in the documents and related graphics published on this website for any purpose. All information, documents and graphics are provided "as is" without any kind of guarantee of effectiveness. Thecomputerhealer.com hereby disclaims all responsibility for the manner in which the information offered on this website is used by you.
In no event shall Thecomputerhealeronline.com be liable for any special, indirect or consequential damages or any damages whatsoever resulting from the loss of use, data or profits arising out of or in connection with the use or performance of information available from this website.
The documents and related graphics published on this website may include technical inaccuracies or typographical errors. Changes are periodically added to the information on this website. Thecomputerhealer.com reserves the right, at its discretion, to change or modify all or any part of this agreement and the content on website at any time, effective immediately upon publication of this notice.
Your continued use of this website constitutes your binding acceptance of these terms and conditions, including any changes or modifications made by Thecomputerhealer.com as permitted above. If, at any time, the terms and conditions of this agreement are no longer acceptable to you, you should immediately cease using this website.