main

Friday Bits & BobsSecurity

Uber and Microsoft in trouble while WhatsApp hack gets risky

13th September 2015 — by That IT Guy0

header5-960x534.jpg

Uber is dealt another blow (one of quite a few this year so far). Microsoft is in court again even if this time it’s not them being sued but rather battling a US warrant to hand over emails for a drug case and a WhatsApp hack puts 200 million of its users at risk (oh dear!). All this on “This week on the interwebs”.

Uber and Microsoft in trouble while WhatsApp hack gets risky

Uber gets dealt another blow

It’s definitely not the first time we see issues with Uber, it has most definitely been questioned several times what the status of its drivers is and how its business model harms the long stablished concept of taxis. You see, the main issue a lot of associations have with Uber is the fact that, normally, its drivers are not registered as proper employes but rather independent contractors (if that). This means that its hard to keep track of in terms of taxes (not taxis, heh), legal paperwork and, for example, limit of driving hours (taxi drivers can only be on the road so many hours per day for one simple reason, exhaustion, which of course can cause accidents and have the passengers life at risk (not to mention everyone else in the road).

Another important fact is that Taxis have massive insurance deals which means not only the driver and car are insure but also the passenger (and I do mean massive, if anything where to happen to you while in taxi, you’re covered extremely well). The argument of course is prices, the law of land says the cheaper service tends to be the winner and of course your could argue that if prices lowered their prices and made for a better ride (this of course depends a lot on where you are, for example, I live in Spain, Taxis here are stupidly expensive but are also very clean both on the inside and outside (by law, apparently), in New York, however, they are expensive and dirty.

Uber

So let’s analyze what we get with Uber (this is based on my research as Uber is banned in Spain so I’ve never experienced it). We do not have to wait for a Taxi (or look for one) as we can just find one on our phone wherever and whenever we need it, it’s considerably cheaper (a lot cheaper), drivers are nice (they have to be as clients rank them) and so are the cars (again, they have to be comfortable and clean as clients rate them).

So, in theory, this is great, right? right…?

Well, yes, BUT, if we have an accident and something truly bad to happens to us, we’re not covered by any insurance like we are in registered Taxis, the drivers (granted I’m sure some do the right thing) aren’t really controlled in terms of taxes (again, taxes, not taxis), so there’s a considerably chunk of illegal earnings there and as someone who has to pay their taxes, it does kind of piss me off (while I’d love to say it’s a moral issue, it’s more of a “child pointing at another child not eating their veggies as asking his mum why does he have to eat them when the other one isn’t” case.

So what happened that made me talk about this this week?

Well, apparently, a government body in the US has ruled that Uber drivers are employees, not independent contractors. This distinction is crucial due to the fact that employees are entitled to certain benefits which in this specific case helps them considerably in the case that Uber drivers need to take legal action against the company. It’s all somewhat technical and it comes from a number of legal actions that have happened over the year and if you’re interested in the details you can read more about it here. You could go as far as saying I brought this app (sorry, I meant up) simply because it’s one of those things that have 2 sides to the story and both are rather interesting and basically just wanted to talk about it. And you’d be right.

Microsoft in court, again

Microsoft is most definitely not a stranger to courts, both as the sued and the suing sides. This time however it’s somewhat different. For a few years now, specially in the big brother syndrome afflicted US, governments have been demanding information from big tech companies (specially ISPs for information on “illegal” downloads).

In this particular case, Microsoft is in court to continue fighting against the US government’s demand that it hand over selected emails that are stored in an Irish data centre that supposedly contain information that could provide the proof needed in a drug trafficking related case. Back in 2014 a court ruled in favour of the government’s claim that since it had jurisdiction over the company (as it’s based in the US), it could force it to hand over data it had, even if this data was stored elsewhere. Microsoft, however, suggest that would put it in breach of privacy laws and therefore incriminating itself by complying.

Microsoft

Instead, Microsoft argues that the US must respect the sovereignty of other countries (which makes sense, obviously, contrary to what the US government believes, it does not own the world) and has indicated that Washington should use legal assistance treaties if it wants access to such information that in this case is held in Ireland data centres (again, makes sense, that’s what those treaties are there for). Ireland has already declared that it would consider such requests in a fast manner. Due to this the stand-off is being treated as a test case that would determine the extend of the US government’s powers over companies that offer clould-based services.

It would seem that Microsoft is not alone in this as Apple, AT&T, HP, Verizon and eBay have voiced their support for the appeal.

They think they have already lost quite a lot of business in Europe over monitoring and surveillance concerns, and they are afraid it will get worse if there is a perceived carte blanche for the US authorities to access emails stored abroad”

said Carsten Casper, from tech consultancy Gartner.

Microsoft, said that it wants to make sure people can trust the technology on their desk and pockets (though to be fair that is a strong sentence considering how pretty much anything we do on the Internet now-a-days is monitored unless we actively take measures to prevent it being so).

“If the US government is permitted to serve warrants on tech companies in the United States and obtain people’s emails in any country, it will open the floodgate for other countries to serve warrants on tech companies for the private communications of American citizens that are stored in the United States in a data centre owned by a foreign company”

the company’s lawyer Brad Smith recently told the Council on Foreign Relations think tank.

That said, involved federal prosecutors said that it “typically takes months” to obtain information via treaty requests, while warrants issued directly to companies can be handled quicker. Personally that sounds to me that then perhaps they should be working on reducing the type it takes for treaty requests to be processed rather than being lazy and trying to force companies to provide data which by law the cant (or shouldn’t, anyway, god knows they do here anyway) and while I know doing so could (and most likely, would) provide the needed proof to “put away the bad guys”, at what point do we draw the line on “means that justify the cause”?

WhatsApp HACK puts 200 million users at risk

A bug in the extremely popular messaging application WhatsApp puts up to 200 million users at risk, warned security firm Check Point. The flaw allows hackers to distribute all sorts of malware, including ransomware which encrypts the users data and demands payment in order to release their files. The problem, thankfully, only affects the web-based version of the service (phew, I use the Android version on a daily basis). WhatsApp was alerted to the problem at the end of last month and immediately issued a patch. Check Point urged users to update their WhatsApp application as soon as possible to make sure they are safe.

WhatsApp hack

According to Check Point, this whatsapp hack was caused by the way the service handles contacts sent in the vCard (virtual card) format. All a hacker had to do was send a virtual business card that looked legitimate to the target’s mobile number and once opened the vCard could distribute malicious code. One expert said it was relatively easy for hackers to get hold of mobile numbers that have been disclosed via other breaches (or in the case of Spain, just ask all the mobile phone operators, they seem to have no trouble finding your number and calling you to try and sell you their services).

“Bearing in mind that WhatsApp is a cross-platform mobile messaging app, the chances of you opening a vCard sent to you is quite high,”

commented Mark James, a specialist at security firm ESET.

Check Point alerted WhatsApp about the problem on 21 August and a week later it issued a fix but we’re just now reading about this (or at least I am, hmmm… doesn’t say much about my sources!). Whatever the case, if you do use the Web-based WhatsApp application and haven’t yet done so, do update your software and do not accept any “contact info – vcard” before you do.

And that’s all for “This week on the Interwebs”, see you on monday with a new tutorial!

Friday Bits & BobsSecurity

Cars get Hacked and so do their Lonely Owners

4th September 2015 — by That IT Guy0

header2-960x411.jpg

Cars get Hacked and so do their Lonely Owners. Every friday I’ll be bringing you a couple of interesting stories, articles or news I’ve seen over the week on the internet, be it through subscribed RSS, twitter, Facebook and social media in general or just random sources. So here we go with the conclusion to week 2 (applause).

Cars get Hacked and so do their Lonely Owners

Cars get Hacked

Back in July this year, two hackers revealed that they where able to take control of a Jeep via its internet enabled in-car-entertainment system. The Fiat-Chrysler group offered a voluntary recall so that owners could take their cars to their local dealerships and had their systems upgraded in order to fix this “issue”.

Jeep Cherokee Hacked

Now, I don’t know about you but for all I know my car, which ironically also happened to be a fiat, could have had a “voluntary recall” after I purchased it but I wouldn’t have known unless I saw something about it online which sure, it’s possible but by no means a sure thing unless I was specifically looking for that. Normally when cars have a serious design flaw like for example, brakes failing at a certain point (not something you want, obviously), the manufacturer orders the dealers to contact all of their customers to let them know they have to bring their cars in for the issue to be fixed. So, at that point, you can be sure that most owners would be notified and that makes sense, it’s a serious issue. What bugs me is that they seem to be treating this like it’s nothing serious. Voluntary recall? Really!? Not even telling the retailers to call customers and at least let them know that this issue exists?

Well, it seems they got the hint because now (2 months later) they’ve been sending out letters in the mail to all owners of this Jeep Cherokee model which in the US alone is over 1.4 million people letting them know about the fault. You’d think this would be a good thing, right?…right!?

No!

Why, you may ask? Well, because instead of the letter letting them know they have to take their cars to their local dealership it tells them about the issue and includes a pendrive for the client to connect it to the car for the update to happen. What’s wrong with this you may ask? Well, let’s analyze this for a second, the hackers, yes, that’s right, hackers, are obviously tech savvy so… don’t you think they could easily get their hands on one of this letters and usbs (the containing software is also available on the Chrysler website by the way), analyze the update so they can see how the entertainment software updates its firmware and use that to reverse engineer it, create fake letters that look the same as the originals (no big deal) and send new pendrives out. That’s compromised pendrives.

Jeep Cherokee Hacked

All this could’ve been avoided by the Fiat-Chrysler group simply asking their clients, in those letters, to bring their cars in so certified mechanics can update their systems but no, it’s cheaper to just send the pendrive out and let them take care of it. Another fine example of compromising client’s security for the sake of saving money and paperwork, well done, let’s let cars get hacked!

Love Hacks

It would seem it’s all about hacks this week. If you remember last week’s Friday’s Bits & Bobs (which, incidentally, was also my most popular post to date), I talked about the hack that went on at Ashley Madison and it would seem it’s created a bit of a trend as this week the world-famous (and nowhere near as controversial) Match.com, to be specific, the UK’s version of the website.

Match.com gets Hacked

Malwarebytes, a world renown security firm and software developer spotted the threat (I guess some of their employees feel lonely which must’ve made it weird “Hey Boss, I found malicious code on Match.com” – “Good stuff… wait… what where you doing there?” – “Errr…”). It would seem some adverts for the site where infected with ransomware which in lamest terms is a kind of malware that essentially either encrypts your files or straight up locks you out of your PC and demands you pay in order to release it. The malicious adverts appeared on pages within Match.com through an ad-network that pipes content to Match and other websites.

Malwarebytes

In response Match.com suspended the adverts on the Uk website while it looked in to and made the following statement:

“We take the security of our members very seriously indeed,” it said in a statement. “Our security experts were able to identify and isolate the affected adverts, this does not represent a breach of our site or our users’ data,”

This however is not the first time it happens as Match.com’s siter website “Plenty of Fish” was hit with a similar ad-based attack in August (you’d think they’d see this coming). Unfortunately, Malwarebytes does not know at this time how many people got infected as the booby-trapped adverts were server via a network that serves to many other websites.

Hacked Software

The computers infected where mainly due to outdated versions of Adobe Flash, Java, Adobe Reader and Microsoft Silveright, so remember people, keep your software updated as 95% of updates are for security reasons. (I’ve added links to each software’s website so you can go ahead and update your installations if you have them).

CleanupPerformanceSecurity

9 simple things you can do to make your pc faster

26th August 2015 — by That IT Guy0

This is actually a post that I wrote on another website, it’s very simplistic in nature but that doesn’t mean that, while standard, it isn’t decent advice.

Eventually, our brand new pc simply isn’t new anymore, as the years go by we notice a considerable slowdown and while we may trick ourselves into thinking that it’s just our imagination and that initial burst of speed was merely an illusion created by comparison to our previous computer, the fact is, overtime, our computers do get slower. This can be caused by viral infections, bloatware, unused programs clogging up our hard drive or even overheating causing our hardware to slow down (which it does in order to prevent damage to itself), that said there are steps to making your computer faster.

While there are many things you can do in order to return the full spark of life a new computer has back into your old one, some may require a technician with a certain degree of knowledge and are subject to each specific case which can be determined by an initial diagnosis. Having that in mind, there are still many relatively simple things you can do yourself which will improve the speed and responsiveness of your computer so here are 9 simple things you can do to make your pc faster.

1. Uninstall unused programs.

Uninstall unused programs.

If you bought your PC from a brand such as HP, Dell, Packard Bell, etc (essentially any prefabricated brand), it will have definitely have come bundled with a ton of programs that you will most likely never use, you may not even realize they are there. Some programs run background processes and start up the moment you turn on your pc, which of course adds more to the “to-do” list your pc has when it loads Windows and therefore, slowing it down.

To remove all these pointless programs, open the Control Panel’s Programs and Features page, and have a look through the list of installed software. Uninstall those that you do not need, no longer use or simply do not recognize, while being careful to leave programs your computer’s hardware needs (typically their publisher will be listed as the PC maker’s name or as Microsoft). If in doubt, a quick Google search will let you know what that program is, what it does and essentially let you decide if it’s something you need or simply if it’s meant to be there. Alternative you can use the very useful Revo Uninstaller.

If you’re still unsure about certain programs, there’s a useful tool called “The PC Decrapifier” which will tell you which of your programs is simply clutter (if any) and let you uninstall it. You can download it directly from our website by clicking here.

2. Remove temporary files.

Remove temporary files

Temporary files can build up over time on your computer through everyday use and can remain on your hard disk, taking up space and slowing your computer down. While the idea of temporary files is a good one, as you can imagine it is not meant to contain files that are over a year old if not older. These files are not files created about you (so don’t worry, you won’t be erasing those embarrassing baby photos your mum sent you 2 years ago), they are files your computer creates and keeps for all sorts of reasons. In order to delete them, open “My Computer”, and select your local drive (usually C:\). Select the “Windows” folder and then open the folder titled “Temp”. You can either delete all of them or simply delete everything that’s older than a month. Be aware however that these files contain things like saved passwords for your internet accounts such as e-mail, so keep in mind you’ll need to remember your passwords (which goes without saying you should anyway, never depend on your computer remembering access credentials). If you’re unsure on how to do this or simply uneasy doing so, you can always use CCleaner for a more automated approach.

3. Upgrade to a Solid State Drive.

Upgrade to a Solid State Drive

Commonly known as “SSD”, it’s a new kind of hard drive (actually it’s been around for a while, but only recently have they become more mainstream and affordable). In layman’s terms, they work in a similar fashion as pen drives do, they do not have moving parts, use flash memory and are 10 times faster than conventional hard drives (literally). Speed isn’t the only advantage however, they are compatible with virtually every computer manufactured in the last 8 years, are based in the 2.5″ size factor which means they are compatible with laptops and they do not have moving parts which means less power consumption (great for bills and for your laptop battery lasting longer) and if you do drop your laptop, will eliminate the most common symptom of such accident, i.e. broken hard drives since they are not affected by impacts.

Note: Unless using specialized software, you will need Windows to be reinstalled when upgrading to an SSD but it’s well worth the effort as It’s no exaggeration to say your computer will feel like a brand new, up to date model due to the speed difference.

4. More storage.

More storage

No matter how regularly you clean out all of your temp files or delete no longer wanted files, chance is you will eventually run low on space. Conventional hard drives have a problem with this as the moment they go over 70% capacity usage they will slow down. They don’t literally slow down mechanically but rather, because there’s so much in them, they take longer accessing the files you are looking for or using and therefore, slow down your pc.

Installing a new drive is fairly simple, and you can easily do it yourself, that said be careful as hard drives are extremely fragile and a single knock can make them faulty. Taking it back to the shop and claiming it came like that does not work either as they have sensors in them which can easily be accessed to see if they received recent damage or knocks.

The upside however is that sharing your file load over 2 or more hard drives means your pc will find what you need much quicker and therefore not slow down your experience due to it.

5. Prevent unnecessary startups.

Prevent unnecessary startups

If you remember, on the first step we mentioned programs that start-up in the background when your computer starts up. By now you’ve removed the unwanted programs but what happens with the programs you do want to keep? The concept of starting up in the background is in theory a solid one, the idea behind it being that when you start your pc up, these programs load everything they need so when you decide to start them up they take less time doing so. In practice however they end up slowing the start-up so much that you end up losing more time on programs you may not even use today. Removing them from the start-up list does not mean they will not work (common misconception), it simply means they will not start-up until you start-up the program in order to use it.

To do this, click “Start” and “Run”. In “Run”, type “msconfig” and then press enter. You should then see the “Startup” tab, with all those programs ticked being the ones which will load upon your computer starting up. There is a good chance the list will contain a number of programs you might not have realized were running on your computer during startup, or even at all.

You can either manually deselect those which you do not want to load, or click “Disable All” and then select those you want to run, such as particularly important programs like anti-virus software.

Another trick can be removing all the unnecessary fonts Windows loads. Windows 7 loads more than 200 fonts on startup which can slow down the speed at which it boots up. Go to the Start Menu’s search box, search for the Fonts folder and check off all the fonts you don’t need, and click the “Hide” button in the toolbar.

6. Defragment your hard drive.

Defragment your hard drive

Let’s say you have a folder with all the photos you’ve been keeping over the years. To you, they look in order, you have them organized in one method or another or even all in one place and simply order them by name. Unfortunately this is not how the hard drive keeps the files internally, it spreads them all over the drive, in sectors, which in most cases each file in itself isn’t even together. Over time as your hard drive gets more and more full it can really slow down your computer while it looks for all the bits and bytes it needs to open that photo of you as a teenager you constantly consider if you should delete or not. We can fix it by defragmenting your drive. In essence what this does is tell the hard drive to clean and organize its room and puts all parts of each file together and in order minus the pushing things under the bed cheat.

Go to “My Computer”, right-click on the hard drive and select “Properties”. Under the “Tools” tab there should be an option to “Defragment Now”.

Note: This only applies to conventional hard drives and should never be done with an SSD drive, if in doubt, you most likely have a conventional drive and it’s fine for you to defragment it. Have in mind however the whole process could take several hours so with today’s storage quantities it’s not a bad idea to leave your computer doing this overnight while you sleep as you shouldn’t use it while it is defragmenting anyway.

7. Run Disk Cleanup.

Run Disk Cleanup

Windows also includes a built-in disk de-cluttering tool called “Disk Cleanup”. It searches through the system for unnecessary large files such as temporary Internet files, program installers, and so on.

Open Disk Cleanup by clicking “Start > All Programs > Accessories > System Tools > Disk Cleanup”. If you’ve never done this before, be patient, it could take quite a while for it to find all the files that can be removed.

8. Check for viral infections, malware, etc.

Check for viral infections, malware, etc

We all know about viruses and the many faces they have, be it Trojans, worms, adware, spyware, general malware, or many others, it is the stuff of nightmares. Most of them can be evaded simply by being careful and using common sense. Do not click on banners that are not on websites you trust, do not download files from websites you do not know, do not open emails if you do not recognize the sender (seriously, do not!, just right-click – delete). Unfortunately this is not enough, in today’s Internet, we could get infected simply by visiting a website, without us knowing. It happens, it’s not your fault, it’s probably not a family member visiting websites with less than clothed women on them and it’s not that pen drive your friend loaned you with the latest Eastenders episodes on it (though this last one is debatable). Microsoft Security Essentials is a great all in one solution but the fact is, it is not enough, it may be decent for cleaning up the mess but it does not prevent getting infected to begin with. A great option that does do this is AVAST Antivirus, there’s a free edition that has all you need and while you will never be 100% protected, it is a decent second step (the first step being common sense and general cautiousness).

9. Flushing out the dust.

Flushing out the dust

Literally, while it may seem weird or maybe even funny, all that dust your computer has collected inside over the years will cause it to get hotter and noisier. When a computer gets too hot it will reduce its performance in order to try and cool itself down and prevent it from damaging itself. It is good practice to at least once a year (if not every couple of months), undo those 2 screws on each side of your PC case, slide both open and using a can of compressed air (or a compressor if you have) that you can buy in any computer or DIY store, cleaning up all the dust inside. This will allow your pc to breathe better, have better airflow and keep cool, therefore not limiting the way it was made to perform.

Note: Have in mind electronics are very susceptible to electrostatic based damage so ONLY use any form of compressed air, do NOT use a cloth, or any form of direct contact with the components.

That’s it! If you’ve gone through all the steps, it probably took you a couple of days and your computer should definitely be faster and more responsive. As I mentioned however there are still many more things that can be done to give a new breath of life to your PC but I’ll go in to further individual detail in later posts!