HCP Computers and Business Solutions

A recently disclosed Zero day vulnerability (“Zero day” indicates a vulnerability that was already being exploited when it was discovered) has put those using Internet Explorer at risk.  This vulnerability affects those using IE versions 6 through 11, although only attacks against IE 9 through 11 have been documented. Microsoft has described such attacks as “limited and targeted.”

According to Microsoft, this Internet Explorer Vulnerability would allow a cyber-criminal to remotely take control of your computer. A security advisory from the computer giant said, “An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

HCP Computers supports the recommendation of the U.S. Department of Homeland Security’s Computer Emergency Readiness Team to switch to a different browser, such as Google Chrome  or Mozilla Firefox, at least until such time as Microsoft issues a fix. Downloads can be found at http://www.google.com/chrome/ and http://www.mozilla.org/en-US/firefox/new/ respectively.

Such a cyber attack would be initiated through Adobe’s Flash Player. As a result, Adobe has issued patches covering IE and also Google’s Chrome browser for Windows, Macintosh and Linux.  (http://helpx.adobe.com/security/products/flash-player/apsb14-13.html) However, for Internet Explorer, the Adobe patch only applies to IE10 and IE11 on computers running Windows 8, Windows Server 2012 and Windows RT, and Windows 8.1 Windows Server 2012 R2 and Windows RT 8.1 respectively.  That leaves vulnerable any users running IE10 on Windows 7 and higher, and IE9 running on Windows Vista and higher – although they could upgrade their browsers.  An additional problem affects the 20 percent of PC users still running Windows XP, for which Microsoft ended support on April 8. This means that no fix will be forthcoming for those using that operating system. The solution that Microsoft recommends is to migrate to a modern operating system, such as Windows 7 or Windows 8.1. 

Stay Safe

As you probably all know there is a major flaw out in the wild called Heartbleed.  It’s been all over the news.  So what is heartbleed one might ask?  It’s a flaw in the security framework called open ssl.  The name comes from a technical term related to the programming framework.  The flaw has been discovered to have been open since 2012 when the newest version of the Open SSL technology was released.  Normally this wouldn’t be such a big issue, but this underlying technology is used everywhere in today’s world to keep communications related to the web secure.  The flaw allows an attacker to get into a server and retrieve critical information that would allow them to easily get to your passwords and eventually personal data on the server.  It would also allow an attacker to monitor communications and grab anything newer on a server that hasn’t been patched for the flaw.  The biggest problem is normally an attacker leaves some type of trace on a server that something has happened no matter how insignificant, but with this flaw in how it works there is no trace left whatsoever.  You therefore have to assume things are compromised.  Now what is one to do about this flaw.  Unfortunately you are at the hands of the site, provider, company, or whoever holds your information to update their server to fix this flaw.  The biggest recommendation is to change all your passwords especially if you use common passwords between sites or even common ways of generating passwords for sites.  We recommend not doing this though until the site(s) are patched because if they aren’t patched yet you’ll just have to do this again after they are.  Also if any of your sites contain financial information it is strongly recommend to keep an eye on your accounts for fraudulent activity and/or at the very least run a credit report every so often.  While it isn’t the end of the world, as most companies at this point are working towards or have patched this flaw, it is something to take seriously.  In order to find out if a site or service has been patched enter the name of the site into this website. https://filippo.io/Heartbleed/ It checks the underlying technology to see if this flaw applies or if it does if it has been patched.

Stay Safe.