It’s hard to imagine that just a few short years ago, we were all using digital cameras with removable storage cards to take and store our photos. Vacation time used to be when we took the most photos. These days, many of us would be completely lost if we didn’t have a smart phone in our pocket to record every little thing that happened during a normal day. I even find myself taking pictures of parts I need to refer back to as well as documents and instructions. The day of the pocket notepad and pen is long gone.
The challenge today is in managing all of this digital data. The pre-installed apps that come with a mobile device are usually sorely lacking in features. Aside from editing and adding titles to your photos, we all need a way to easily upload and share our images with family, friends and more importantly with our other digital devices and computer systems. Here are two good add-on options for organizing your smartphone photos and to keep your Cape photos separate from your Nantasket Beach photos.
1: Flickr – automatically uploads smartphone photos to a “cloud-based” Flickr account, so you can access them from your computer or table, not just your phone. Flickr offers one terabyte of free cloud storage, enough for upwards of 500,000 digital images. You can later download the photos to your computer and adding tags and titles so that you can use a keyword search to find them later. Both the App and the storage are free, and the images are stored at full resolution, with no compression, You can even arrange your photos into “collections” or ”sets” on Flickr to keep them organized. Check it out at www.flickr.com
2: Picturelife – Picturelife doesn’t just automatically upload your smartphone photos to the cloud, it also uploads from your computer and social-media pages, consolidating all of your digital images in one place. Only the first 1,700 or so of your photos are stored for free, however. To store up to 34,000 photos will cost you $7.00 per month…up to 100,000 is only $15.00 per month. As with Flickr, uploaded images are saved at full resolution and can be sorted into albums. You can also add keywords :”tags” to them for better searching. www.Picturelife.com
Microsoft’s cybercrime-related seizure of 23 domains from No-IP.com, a Reno, Nev.-based company that provides a popular free dynamic DNS service, is causing outages for millions of legitimate users of the service — and at least one security vendor.
The No-IP.com outages are having an impact on some customers with SonicWall firewalls. SonicWall, which Dell acquired in 2012, supports No-IP.com and other dynamic DNS services in its products.
Hundreds of his SonicWall customers began experiencing outages on Monday. Some of these customers are apartment complexes that run security surveillance cameras behind SonicWall firewalls, using No-IP.com’s dynamic DNS service to relay the video feeds.
No-IP.com and other dynamic DNS services are commonly used by remote workers to connect VoIP phones and video cameras to the Internet. Their popularity stems in large part from the fact that purchasing static IP addresses are expensive.
Microsoft has justified its actions by claiming that No-IP.com’s domains have been regularly used in malware attacks against millions of Windows users. And in Microsoft’s view, No-IP.com hasn’t done enough to stop this activity.
Microsoft filed a restraining order against No-IP.com in the U.S. District Court for Nevada on June 19. The court transferred DNS authority over the domains to Microsoft a week later.
Microsoft, which has a well-established track record of using legal means to break up botnets, said No-IP.com bears the brunt of the blame for allowing criminals to use its service for nefarious purposes.
As malware authors continue to pollute the Internet, domain owners must act responsibly by monitoring for and defending against cybercrime on their infrastructure,” Richard Domingues Boscovich, assistant general counsel in Microsoft’s Digital Crimes Unit, said in a blog post Monday.
If free Dynamic DNS providers like No-IP exercise care and follow industry best practices, it will be more difficult for cybercriminals to operate anonymously and harder to victimize people online.
However, in seizing the domains, Microsoft has disrupted service for a large chunk of the dynamic DNS service’s users, No-IP.com said in a statement Monday. The company also claims that Microsoft never reached out to it first before going to the courts. “Millions of innocent users are experiencing outages to their services because of Microsoft’s attempt to remediate hostnames associated with a few bad actors,” No-IP.com said in the statement.
Security experts applaud Microsoft’s malware-fighting tactics. Big DNS take-downs are very effective. They can quickly nullify huge botnets in a single move. With DNS names black-holed, the botnet essentially becomes useless since it cannot communicate back to its command infrastructure.
Unfortunately, it’s unclear how much of a long-term benefit Microsoft’s latest antimalware actions will have. Malware creators are always developing new strategies around this, including the use of multiple DNS names, resolvers, or fail-safe measures to reconnect to their command-and-control systems.
Was Microsoft right in taking this action? Even though they had a court order, did they overstep their bounds? Let us know what you think.
Surface Pro 3 – the tablet that can replace your laptop or even a MacBook Pro? That’s the new tagline for the Surface Pro 3 and the theme of the new television commercials.
Microsoft released their new Surface Pro 3 last Friday. After less-than-stellar sales and rumored to have lost over $1.2 BILLION dollars on the Surface 1 and 2 they’re hoping that the 3rd time is a charm.
Its obvious Microsoft got off to a rocky start with its first two Surface Pros, but I still think there’s a lot to like in the laptop/tablet hybrids. With their aggressive update schedule, we’re finally seeing the third Surface Pro just a year and a half after the first one hit store shelves.
It’s thinner and lighter even though it has a larger 12”display.
New kickstand design with more angle flexibility
New keyboard/cover design with backlit keys and improved trackpad.
Comes bundled with a battery powered stylus/pen.
The top button on the stylus opens OneNote.
Writing or drawing on the screen is much like drawing on a piece of paper.
No built-in storage for the bundled stylus.
The keyboard is not included ($129.00 additional)
Battery life has not improved over the Pro 2. Microsoft claims up to 9 hours browsing websites.
To sweeten the pot even more – if you bought a Macbook Air only to find it doesn’t quite fill your “laptop” needs, Microsoft is offering up to a $650 trade-in allowance through July 31st.
When it comes to price, the Surface Pro 3 is basically on par with the MacBook Air. The Surface Pro 3 starts out cheaper at $799 — but that’s for a Core i3 model with only 64 GB of storage. The Core i5 Surface Pro 3 with a 128 GB SSD has both the same basic hardware and the same $999 price tag as the base 13-inch MacBook Air. The Core i7 will hit the streets at $1,949 with 512GB of storage. There’s also a $199.00 docking station and an Ethernet adapter available.
If you want to take a Surface Pro 3 for a test drive just visit your local Best Buy or Staples. They have the entry level units in stock and ready for sale. I’ll have a more thorough review once the higher end units are shipping and in use here at ACTSmart.
If you’re a Comcast cable customer, your home’s private Wi-Fi router is being turned into a public hotspot.
It’s been one year since Comcast started its monster project to blanket residential and commercial areas with continuous Wi-Fi coverage. Imagine waves of wireless Internet access emitting from every home, business and public waiting area.
Comcast has been swapping out customers’ old routers with new ones capable of doubling as public hotspots. So far, the company has turned 3 million home devices into public ones. By year’s end it plans to activate that feature on the other 5 million already installed.
Anyone with an Xfinity account can register their devices (laptop, tablet, phone) and the public network will always keep them registered — at a friend’s home, coffee shop or bus stop. No more asking for your cousin’s Wi-Fi network password.
What about privacy?
It seems like Comcast did this the right way. Outsiders never get access to your private, password-protected home network. Each box has two separate antennae, Comcast explained. That means criminals can’t jump from the public channel into your network and spy on you.
And don’t expect every passing stranger to get access. The Wi-Fi signal is no stronger than it is now, so anyone camped in your front yard will have a difficult time tapping into the public network. This system was meant for guests at home, not on the street.
As for strangers tapping your router for illegal activity: Comcast said you’ll be guilt-free if the FBI comes knocking. Anyone hooking up to the “Xfinity Wi-Fi” public network must sign in with their own traceable, Comcast customer credentials.
Still, no system is foolproof, and this could be unnecessary exposure to potential harm. Simply opening up another access point increases the likelihood that someone could tamper with your router.
What about connection speed?
Having several people connecting to a single router tends to clog up the Wi-Fi. Comcast says it found a way to make this work.
With two separate networks, each antenna has its own data speed cap. Comcast said the private channel provides whatever speed customers already pay to get (most have 25 Megabits per second). The public hotspot channel is given 15 Mbps and allows up to five people to connect at a time.
That means having your data-hungry friends over shouldn’t slow down your Netflix streaming if they are logged into the “public” side of your router.
Comcast also says you shouldn’t experience any conflict between the two networks. It’s something Comcast engineers thought about carefully. Obviously, the last thing they want to do is to create a bad user experience.
Before this project, there was no value in having a home Internet subscription when you’re not at home. Every time you left the house you walked away from your subscription. But with all these new hotspot locations, you can now connect to the Internet remotely using your home or business account. Everyone’s devices are a lot more mobile.
But what if you hate the idea of your private Comcast boxes being turned into public hotspots? You can turn it off by calling Comcast or logging into your account online. The company says fewer than 1% of customers have done that so far.
We’ve started seeing yet another version of CryptoLocker .
It begins as a very simple plain text email pretending to be an email delivered fax. I’d like to point out that in an effort to evade filters or at least make blocking these a bit harder, the cyber thief has been utilizing DropBox links to give to potential victims. Much like many campaigns in the past, other virus campaigns have attempted to utilize legitimate, especially free, services to hide their malware. GoogleDocs was a favorite of spammers to peddle their pharma campaigns, but Google was usually pretty quick to clean those up. In this instance it would appear that DropBox does not scan their stored files for malware and CryptoLocker is taking full advantage of this.
This variation also appears to work a little differently in a few ways. Once the victim machine is infected, a few new pages pop up to inform the victim that they have been infected. One is a webpage explaining what just happened. Another is a text file that explains what you must do in order to decrypt your files entitled “DECRYPT_INSTRUCTION”. An interesting note in the decryption instructions his time is that they include Tor links that are supposed to be “your personal home page”. If you follow them though, you will just end up at a page that looks like the original instruction page that pops up when you are first notified of your new infection. DO NOT click on these links!
The third page that pops up is reminiscent of the original CryptoLocker providing a little countdown timer. Originally the timer represented the time you had left before they would destroy your personal encryption key, this time it states that when it runs out you will be charged double for their not so friendly decryption services. This go around i’s $500 – $600 and then $1000 – $1200 after the timer expires which appears to begin the countdown at 120 hours. With previous attacks, the payments were accepted through Western Union or Moneygram, this time they’re back to Bitcoin, and Bitcoin only.
This is a very nasty bug. Not only does it encrypt local files, but it also seeks out and encrypts attached storage as well as network shares and encrypts everything on those as well. If you have a cloud based storage system like DropBox open and logged in on your system it attempts to encrypt those files as well. It is not recommended that anyone pay these criminals the ransom they demand. We have not heard that anyone has paid and gotten their files back – the criminals just continue to bleed the user dry until the user stops paying additional money then they just stop responding.
This particular variation requires the recipient of the email to click on the DropBox link to retrieve a Zip file. The Zip file must then be opened. Inside that reveals a file by the name of Fax-932971.scr, note the screensaver .scr extension. Once the file is removed from the Zip it then appears as a pdf icon.
The ONLY way to combat this challenge is to remain HYPER ALERT AND VIGILANT to any and all emails that contain attachments. DO NOT CLICK ON ANY email attachments, faxes, bank transfers, PDF files, ZIP files.
This Trojan employs a very complex encryption algorithm and its removal has evaded everyone so far. There is currently no antivirus or anti-malware program that can protect you from this nor can it remove and fix the problem afterwards. The ONLY RECOURSE available for anyone that gets infected is to isolate the compromised machines from their networks, format and re-install the affected systems and servers and then restore them from backups. In many cases, unless you have a comprehensive offsite backup solution, your critical data is encrypted and unable to be restored. We have found that even paying the ransom will not get your data back as the criminals do not respond even after you’ve sent the money.
Yesterday, Apple introduced a major update to its iCloud service. Up until now, iCloud’s storage offering was fairly limited when compared to competitors such as Dropbox, Google Drive and Microsoft’s OneDrive. Now you can use it to store files of your choosing, and sync with not only other Mac devices, but also your Windows computers as well.
Apple also introduced a related service called Mail Drop, which allows for large-size file attachments in email, leveraging the cloud drive.
More importantly, Apple is dramatically lowering its pricing for iCloud Drive. In addition to the 5GB you get for free, Apple will provide an additional 20GB for 99 cents per month, and 200GB for 3.99 per month. This finally puts Apple iCloud more in line with Google, which charges $1.99 per month for 100GB.
We can expect more important announcements this week as Apple’s annual Worldwide Developers Conference kicks off in San Francisco. Among the rumored announcements may be new offerings from health care to indoor location tracking. Watch for what may be a new application called Healthbook, designed to track and monitor fitness and health information.
It may be a few months before we get a new iPhone, but WWDC should bring announcements on ways to extend the iPhone’s functionality. One interesting turn could be using your iPhone as a remote control for a connected home.
There’s more anticipation than usual in 2014 because Chief Executive Tim Cook has promised that Apple will enter new product categories this year. Apple’s Internet services chief Eddy Cue heightened expectations last week, saying the company’s product pipeline is the best he’s seen in 25 years.
Apple has been riding a wave of momentum in recent weeks from a combination of strong quarterly earnings, a 7-for-1 stock split that took effect yesterday, and plans to repurchase additional billions in shares. Apple shares are trading at its highest levels in more than a year.
In recent years, the WWDC keynote has been a showcase for updates to Apple’s two software platforms – iOS for the iPhone and iPad and OS X for Macs. The conference’s focus tends to be on software rather than new hardware products.
Computer hacker forums lit up last week as Federal Bureau of Investigation agents and police in 17 countries began knocking on doors, seizing computers and making arrests.
On the popular websites where cyber criminals buy and sell software kits and help each other solve problems, hackers issued warnings about police visits to their homes.
The hackers quickly guessed that a major crackdown was underway on users of the malicious software known as Blackshades.
The FBI and prosecutors in the Manhattan U.S. attorney’s office announced the results of that probe on Monday: More than 90 arrests worldwide.
Blackshades has been circulating for years now. It’s a remote access Trojan that gives the attacker a great deal of control over the victim’s machine. It behaves like a ‘worm’ in that it contains self-propagation programming to facilitate its spreading to other machines.
The low price makes it an attractive option for low level cybercriminals or any cybercriminal that simply wants one extra weapon in their arsenal.
The malware sells for as little as $40 and it can be used to hijack computers remotely and turn on computer webcams, access hard drives and capture keystrokes to steal passwords — without victims ever knowing it.
Criminals have used Blackshades to commit everything from extortion to bank fraud, the FBI said.
Last week, watching it all play out were about two dozen FBI cybercrime investigators holed up in the New York FBI’s special operations center, high above lower Manhattan.
Rows of computer screens flickered with updates from police in Germany, Denmark, Canada, the Netherlands and elsewhere. Investigators followed along in real time as hundreds of search warrants were executed and suspects were interviewed.
The sweep, capping a two-year operation, is one of the largest global cybercrime crackdowns ever. It was coordinated so suspects didn’t have time to destroy evidence. Among those arrested, in Moldova, was a Swedish hacker who was a co-creator of Blackshades.
“The charges unsealed today should put cyber criminals around the world on notice stated the chief of the FBI’s cybercrime investigations in New York. “If you think you can hide behind your computer screen — think again. ”
What Can You Do?
If you don’t use your webcam you should simply disable it to avoid this type of problem. My Dad immediately put a piece of masking tape over the built in webcam on his computer… Not very hi-tech but certainly an effective security precaution
Keeping your anti-virus and anti-malware protection working and fully up to date can help protect you from this kind of problem but it’s not fool proof.
Many webcam manufacturers don’t require or even mention that the user should change the default password so even inexperienced hackers already have ½ the battle won when they infect a system.
Parents should also monitor their kids laptops, smart phones, home monitoring cameras and even baby monitors – anything with an internet connected webcam or camera installed. All of these devices are susceptible to hackers and malware.
Here’s an article from Symantec detailing a number of things we should all do for better webcam security.
Microsoft released an emergency fix for the latest Internet Explorer Zero-Day exploit. This is an out-of-band patch due to the severity of this security hole.
In a surprising move, security bulletin MS14-021 (KB 2965111) also covers Windows XP. This is the last security update that users of the outdated OS will receive. FireEye has uncovered a new version of the exploit that targets Internet Explorer 8 users on Windows XP as well.
Microsoft encourages all Internet Explorer users to apply the fix via Windows Update, because there are actually several versions of it for IE 11 available: for those who have applied the latest cumulative patch for Internet Explorer and for those who have not.
Our recommendations: Users that have automatic updating enabled will not need to take any action because this security update will be downloaded and installed automatically. For information about specific configuration options in automatic updating, see the Microsoft Knowledge Base Article 294871.
For administrators and enterprise installations, or end users who want to install this security update manually (including users who have not enabled automatic updating), Microsoft recommends that you apply the update immediately using update management software, or by checking for updates using their Microsoft Update service
Windows 7 users, beware: Internet Explorer 11 will crash if you manually apply a wrong version of the emergency update. Please read the Microsoft security bulletin linked above for details.
Please also read the Securing Internet Explorer tutorial for recommended security and privacy practices.
Microsoft Security Bulletin
Microsoft Releases Fix
Microsoft Knowledge Base information
Microsoft issues emergency security advisory for Internet Explorer exploit
On Monday, April 28th, 2014, Microsoft released Security Advisory 2963983 regarding an issue that impacts Internet Explorer. At this time, we are only aware of limited, targeted attacks. This security issue allows remote code execution if users visit a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.
Microsoft’s initial investigation has revealed that Enhanced Protected Mode, on by default for the modern browsing experience in Internet Explorer 10 and Internet Explorer 11 will help protect against this potential risk. Microsoft also encourages users to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additionally, everyone should exercise caution when visiting websites and avoid clicking suspicious links, or opening email messages from unfamiliar senders. Additional information can be found at www.microsoft.com/protect.
Here is the information you need to know.
1. All versions of IE 6 through 11 for Windows are affected.
2. No patch is available as of today (4/28/14)
What Can I Do?
1. Do not use Microsoft’s IE (Internet Explorer) on any machine you may currently have.
2. Use an alternative browser such as Firefox.
3. When the patch is issued, it will NOT apply to XP users!
4. If you are an XP User, you should use an alternative browser-forever!
5. Think seriously about upgrading or replacing those Windows XP machines.
With the end of support for Windows XP earlier this month, we believe this is just the first of many attacks that will be targeting Windows XP.
Microsoft typically releases security patches on the first Tuesday of each month, what’s known as Patch Tuesday. The next one is Tuesday, May 6th – whether or not Microsoft will release a patch for this
vulnerability before than is still unknown. In any case – there will not be a patch released for Windows XP users.
Symantec is offering XP users a tool to protect yourself from this vulnerability which it has made available on its blog:
Please note that recommendations and quick fixes, such as the one provided above by Symantec, may not be possible for future vulnerabilities. We recommend that unsupported operating systems, such as Windows XP, be replaced with supported versions as soon as possible.
Here are three articles with additional information.
As we hear more complaints about government surveillance, companies like Google openly collect our data. If you aren’t careful, every time you log on, all your activity could be up for grabs.
Google confirmed this past week what many people had assumed all along: even if you’re not a Gmail user, your email to someone who does use their services will be scanned by the all-seeing search giant and the advertising company’s increasingly smart machines. The company has officially updated their terms of service to read:
– Our automated systems analyze your content (including e-mails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.
In the consolidated multi-district litigation brought by users in the U.S. District Court for the Northern District of California, San Jose division, the users alleged that Google had violated state and federal wiretapping laws by scanning the content of messages sent through Gmail, to serve ads to users among other things.
The court case in California over Google’s interception of email, District Judge Lucy H. Koh said that Google’s terms of service and privacy polices did not explicitly notify the plaintiffs “that Google would intercept users’ emails for the purposes of creating user profiles or providing targeted advertising.” Google’s decision to change its terms of service may have been prompted by these comments.
Always keep in mind that simply by using any of their free services (Gmail, Google search and your Google account) you are automatically agreeing to their current terms of service and authorizing them to do as they please with the data they collect.
This also applies to data or files you upload or transfer via their services according to this TOS addendum:
– Some of our Services allow you to upload, submit, store, send or receive content. You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours.
When you upload, submit, store, send or receive content to or through our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.
If you’d like to see what Google can and will do about collecting personal data, here’s a link to their new terms of service: