Realistically, there are flaws in pretty much every piece of software. Development is a constant back-and-forth of finding vulnerabilities that hackers could exploit and then patching these pieces of code to fix those issues. In fact, most large companies employ people specifically to try to hack into their software so that the company can find and fix vulnerabilities before hackers take advantage of them.
Just in the past few weeks, Apple released “urgent updates” for both iOS and their desktop OSes to block a hack that could turn your Apple device into a spying tool. This exploit has been described as the “most sophisticated spyware” ever seen, and could let the hacker read messages and take control of your iPhone or other device. This is pretty scary when you think of all the data that gives them access to such as credit card numbers and banking info.
The three main ways many security experts protect themselves are updating software regularly, turning on two-factor authentication, and using a password manager. Thankfully, it’s getting easier than ever to keep your software up-to-date, so here are a few tips to make sure you’re on top of things:
- Turn on automatic software downloads on any device (including IoT products) that has them (e.g. for an iPhone, go to Settings then iTunes & App Stores, and then turn on Automatic Downloads for App Updates);
- for desktop operating systems, make sure you have automatic updates configured (e.g. in Windows 8, go to Settings then Change PC Settings, then Update & Recovery to choose how updates get installed);
- if you’re running anti-virus software then make sure it is always updated (as the software can only protect against viruses it knows about);
- and it’s never a bad idea to go to your application menus and manually Check for Updates every week or two (especially for browsers, which are a common area for vulnerabilities).
Google-Announced Windows Vulnerability Exploited In-The-Wild, According to Microsoft
A recent zero-day vulnerability in Windows operating systems has been discovered and announced by Google researchers, affecting Windows Vista through Windows 10 Anniversary Update.
Although the company was given 7 days to patch the reported kernel privilege escalation vulnerability, Microsoft failed to release a patch in the allotted time. It did say, though, that it will become available by next Tuesday. Stating that it was irresponsible for Google to publish the zero-day before a patch was available, Microsoft has also said in-the-wild attacks are already exploiting it.
“The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome’s sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability,” reads the Google Security Blog.
The spear-phishing campaign used to leverage the zero-day vulnerability is believed to have been conducted by hacker group Strontium, also known as Pawn Storm, APT28, Fancy Bear, Sednit, Sofacy and Tsar Team. Although the team suggests it was a “low-volume” campaign, it’s unclear how many victims could have been targeted.
Why Data Backup is needed now more than ever for Small Business
A recent survey of 400 employees, sponsored by CloudBerry Lab, Inc., reveals that more than one-third of small enterprises may have no data backup at all.
While 36 percent of the 400 respondents said they kept complete backups of their key business information, exactly the same percentage of respondents have no backups whatsoever. About 27 percent also said they had lost business data “several” or “many” times.
“In spite of a few bright spots, we have to give enterprises an overall grade of C in the area of backup. In our view, the increasing threat landscape will cause that grade to drop, unless organizations begin reconsidering their strategies,” said Alexander Negrash, Director of Marketing for CloudBerry. “There are newer, more modern options available, making the best backup processes available to even the most resource-constrained companies.”
Extra Copies, Extra Confidence
Having an extra copy of anything important just makes good sense. Here are some suggestions on how taking action now to protect your important data will pay off in the future.
First, there are three different forms of backup:
A full backup includes a copy of everything on the computer.
Differential backups only make copies of the files that have changed since your last full backup.
Incremental backups only make copies of the files that have changed since your last backup (whether it was a full or an incremental backup).
A good backup creates duplicates of your information that can be put on any device, so long as it has sufficient space to handle the load of data. Since a backup system contains at least one copy of information worth saving, the data storage requirements can be different from case to case. Organizing the type and amount of storage space available and managing the backup process can be complex, depending on the size and scope of the project.
6 Ways to Protect Yourself from Hackers
Data breaches have become an almost predictable problem with banks, major retailers and other businesses around the world, including last month’s news that more than 500 million Yahoo accounts may have been compromised.
Properly protecting your personal information greatly reduces the risk of identity theft.
1. Stranger Danger
Be sure you know and trust whomever you might be giving your personal information to. Never respond to blind requests for information over the Internet. Do not open emails or attachments from unknown sources and do not download anything from anybody you do not know.
2. Use Different Passwords for Different Accounts
According to a Gartner study, more than 50% of online visitors use the same password for multiple accounts. As a result, if a criminal discovers the login and password for one account, such as Yahoo, they can then gain access to other accounts with the same login information. This is the easiest way for a hacker to gain access to online bank accounts, healthcare information and other online accounts that carry personal and identity information.
This form of hack is called “credential stuffing.” Not only is credential stuffing the easiest form of hack for a criminal to execute, it is also the easiest hack to protect yourself from—simply use different login information for each online account you manage. It is helpful to use a password management program. Many programs are available to manage your different logins, such as 1Password and others.
Inside Your Slow Hard Drive: Why I Can’t Drive 55
Like people, hard drives tend to slow down as they get older. Their parts get worn out. They can’t think quite as quickly. But what makes your hard drive slow down? Rarely is the spindle motor that spins your hard disk platters the culprit. Your hard disk platters still comfortably spin at their designated speed (usually 5,400 or 7,200 RPM). No, what makes your hard drive slower are usually its read/write heads.
Hard drive performance decreases with age, especially as the drive fills up and the data on it becomes more spread out across the disks. The more data you have, and the more spread-out it is, the harder your read/write heads have to work and the longer they have to search to find it. Not only does this lead to increased latency and seek times, but it also puts increased stress on your read/write heads. The headstack is already the most delicate of your hard drive’s internal components.
If you’ve ever wondered why defragmenting your hard drive is so important (and why it speeds your computer up), it’s because the data you write to your drive is rarely contiguous. That is, every block that makes up a file you create doesn’t necessarily exist end-to-end on the same track on your hard disk platter, or even on the same surfaces of the platter. Sometimes, the hard drive has to shuffle data around as part of its normal operation. This makes the read/write heads travel farther and take longer to read data. Defragmenting, as its name suggests, reorganizes your data to make things a little easier for your read/write heads.
But sooner or later, those read/write heads wear out. Eventually, like the client in this unresponsive hard drive recovery case, your drive will slow down and die as its headstack deteriorates.
USB Data Recovery Case Study: A Cautionary Tale
When you too hastily eject your USB flash drive and your PC won’t recognize it anymore, which part of the drive has failed?
Mechanically, your flash drive is still fine. The USB plug itself still works, the PCB hasn’t shorted out, and the controller chip and flash memory chip are still healthy. What has failed is the logical structure of the flash drive.
When you access a data storage device, be it an internal or external hard drive or SSD or a USB flash drive, your computer follows a chain of machine logic to reach the physical location of your data. If a part of that logical chain breaks down, your computer becomes a blind man in a dark room trying to find a black cat.
Safely Remove Hardware and Eject MediaRemoving a USB flash drive without properly ejecting it from your computer first can break one or more links in the logical chain. Your computer might be in the middle of a read or write operation, even if you don’t know it. If you’d tried to eject the device properly, your computer would say, “Hey, hold on! I’m not done with that!” and you’d know to wait and then try again. Interrupting the computer can cause data corruption that breaks the device’s logical chain. It’s a bit like yanking a sandwich out of someone’s hands in mid-bite.
When you unsafely eject a removable storage device, the most at-risk link in this logical chain is the partition table. This link in the chain points to the locations of the device’s partition superblocks, which go on to further describe the setup of the drive’s filesystem and its partitions. Most external devices, especially USB flash drives, only have a single partition. Improperly ejecting your flash drive doesn’t always corrupt the partition table. But when it does, it makes your device appear blank. Without that partition table, your computer doesn’t know how to read any of the data you’ve put on the drive.