Peritech's-Blog

URGENT ALERT: INCREASING CRYPTOLOCKER TRAFFIC

Todd Ashabraner - Wednesday, June 18, 2014

URGENT ALERT: INCREASING CRYPTOLOCKER TRAFFIC

by: Ashley Dowdy


The Cryptolocker malware, also known as Ransom malware, is an especially destructive virus that encrypts all of your data.  For those that don’t know anything about it, it is malicious software that is usually passed around through infected email attachments, such as voicemail messages or faxes.  Once you download and open the infected attachment, it goes through your computer and encrypts ALL of your files.  Once the malware finishes, you will get a message on your computer informing you that your files have been encrypted.  Cyber criminals then force you to pay to get the data back, with no assurance they will actually follow through if you do. 

The Cryptolocker malware has been out for some time now, but emails infected with it seem to have increased lately.  This is just one important reason why you back up your files frequently and make sure if you data does become encrypted, that you do not overwrite your backup.  Since the spammers are constantly changing their messages, make sure you do not open unsolicited emails and download files without confirming their sources.  Keeping your anti-virus programs and anti-malware programs updated are other ways to protect yourself.

Microsoft Says That Windows 8.1 Will Not Be Supported

Todd Ashabraner - Friday, May 16, 2014

Will your Windows 8.1 be supported?  Will you be able to get the most current security patches, bug fixes, and new features?  Windows Vista, Windows 7, and Windows 8 are all supported and will continue to be supported.  However if you are not running the most current version of Windows 8.1, then your Windows will no longer be supported as of June 10th for personal users and August 12th for business users .

That sounds scarier than it is.  Microsoft released an update in April for Windows 8.1.  This update is going to be their base line for future updates.  If your Windows Updates are set to run and apply automatically, then you are in good shape.  If you prefer to manually run Windows Updates, then you may not be in good shape. 

If you are sitting there and wondering to yourself, am I up to date?  Simply go to the Start screen and look for the search button (the magnifying glass) in the top right corner.  If it is there, then you are running the current version and are ok.  If the search button isn’t there, then you will need to go to Windows Updates and run the update.  The specific update that you need is labeled KB 2919355.  Once that update is run and install, then your Windows 8.1 will be current and will stay support come June 10.

Dangerous Internet Explorer Vulnerability

Todd Ashabraner - Wednesday, April 30, 2014

     A new security vulnerability in Internet Explorer has been discovered.  It affects Internet Explorer versions 6 through 11.  It could lead to the complete compromise of an affected system. 

     The vulnerability, called CVE-2014-1776, has the ability to give hackers the same rights on the computer as the current user when the computer is infected.  So if the current user at the time of infection is an administrator, then the hacker will be also have the rights as an administrator on the infected computer.  At that point, the hacker will be able to install more malicious software on the computer.  They would also be able to add user accounts, remove user accounts, add unwanted files, change the contents of files, and even delete files from the infected computer.  Any computer that is still running Windows XP is especially vulnerable to this attack.  Support for Windows XP was discontinued by Microsoft earlier this month, so any fixes for this vulnerability will not include Windows XP. 

     The Department of Homeland Security is recommending that everyone should “consider employing an alternative Web browser until an official update is available.”  The United States Computer Emergency Readiness Team (US-CERT), a part of the Department of Homeland Security, is recommending that all users enable Microsoft EMET (Enhanced Mitigation Experience Toolkit).  It is a utility that helps prevent vulnerabilities from being successfully exploited.  It supports every Microsoft operating system from Windows 7 and up.  You can download it here.



Heartbleed Bug Breaks Worldwide Internet Security

- Tuesday, April 15, 2014
A new bug puts trust on the Internet at risk on a significant scale. The bug, dubbed ‘Heartbleed’, is based on a fault in functionality in the widely used OpenSSL library. This library is extremely widely used from security vendors products to secure web browsing and even mobile banking applications. So what exactly does this bug do and why should you care?

When the bug is exploited, the attacker can retrieve memory (up to 64kb) from the remote system. This memory may contain usernames, passwords, keys, or other useful information that enables bigger attacks. There are all kinds of variations that might be possible based on the ability to read this memory. 64kb may not seem like a great deal of data, but of course the attacker can connect repeatedly and progressively collect more information. This is a serious problem. It is very difficult, if not impossible, to retrospectively identify if someone attacked your systems so it is better to play it safe. You should assume that your system has been compromised, and re-set your credentials as soon as possible. There are some services which allow you to check if a service is patched but in some cases, such as with mobile app implementations, it is not simple.

What should you do to protect your services?
1.  Check whether your website, apps, or any other product uses Open SSL and whether they are vulnerable to the attack.
2.  There is a neat site at http://filippo.io/Heartbleed/ where you can quickly run the check. Regenerate any private keys that your site uses once you have patched.
3.  Update Open SSL to the latest version, which fixes the defect. This is not an automatic process in many cases.
4.  Check the state of the your SSL configuration for your website and mail services.
5.  Call perITech Solutions to assist 502-882-5555 (local) or 855-202-8012 (toll free)


Think Your Idea Is Not Good Enough For Application Development?

- Friday, February 07, 2014

Your Idea Not Good Enough For Application Development? by Khris Morrison


Got a great idea on a new business or product? Have you ever thought it would be nice if there was software to help you in the endless cycle of paperwork?  Or, have you said to yourself, "My staff would get more done if they did not have to track everything in Excel!"  You might even find yourself wishing for an app that gives real time updates on sales figures.  You are not alone.  In today's world of software development, those ideas and dreams can come true.

It's amazing how many times I hear about clients that actually use Microsoft Excel to maintain inventory, customer phone numbers and addresses for mailings, or to perform simple everyday tasks such as creating an invoice.  These clients may spend hours or even days performing these tasks that, with the right application, would take minutes.  These same clients are often reluctant to meet with a software developer because they think it would be too expensive to make their ideas a reality.

Carlos Santana once said, "Everything starts with an idea, with imagination."  Imagination and vision are vital to the success of a business if we don't let our minds get in the way.  A lot of people have great ideas but lack effort in making them reality.  Most of us have heard the story of Steve Jobs, who started out in his garage only to become the visonary and CEO behind Apple, Inc. And what about Michael Dell building PC's in his dorm room only to go on and build a multi billion-dollar company we know today as "Dell Computers"?  These men are no different than you and I but are set apart by the effort they put behind positioning their idea with the right resources to make it happen.

Cost should not be the only deciding factor in your pursuit of a great idea.  It's important to find a great company with honest and hard-working software engineers willing to take the time to listen to your ideas, understand your needs, be mindful of a budget, and capable of putting the right people in place.  You, as the client, should feel like no question is a bad one to ask.  It's about creating a partnership where the client, project manager and/or software engineer work toward a common goal together.  I've had the pleasure of working with clients who took a simple idea and grew it into something effective and they were proud of. This is the desired outcome and will be the end result  when a company uses best practice solutions and maintains integrity for their clients.

To find a company that you can trust, you need to ask yourself some very important questions.  "Does this company have experience in the field that I'm in? or "what is their customer base" or "What kind of reputation do they  have?"  It it's a mobile solution, you should ask yourself if your idea needs to run on mobile devices such as Apple's iPad and iPhone, Microsoft's Surface tablets or any other tablet running Windows 8?  Many software development companies are keen on developing mobile responsive applications (also known as mobile web applications) that can run on most devices. However, if you are considering a native application, which is built to only run on a specific mobile device, the software development company should be capable of developing that as well. For a successful outcome, it's about understanding the end result and working with the best team possible.

Next time, I will share my thoughts and go into detail about creating a mobile application and provide the pros and cons on building a Mobile Web app versus a Native app.  Stay Tuned!