Technology Explained for All
Software
Apple: (From Gizmodo) Apple Security Breach Gives Complete Access to Your iPhone (ALERT)
Aug 3rd
Gizmodo is reporting that a new vulnerability has been found that affects iPhone, iPod, and iPads
From Gizmodo –
Right now, if you visit a web page and load a simple PDF file, you may give total control of your iPhone, iPod touch (http://gizmodo NULL.com/tag/ipodtouch/), or iPad to a hacker. The security bug affects all devices running iOS 3.1.2 and higher.
Update: Initially we thought that this exploit only effected iOS4 devices, but it turns out all iPhones, iPod Touches and iPads running 3.1.2 and higher are susceptible.
The vulnerability is easily exploitable. In fact, the latest one-click, no-computer-required Jailbreak solution for iOS 4 devices (http://gizmodo NULL.com/5601874/jailbreakme-20-jailbreaks-all-apple-ios-40-401-and-321-devices) uses this same method to break Apple’s own security (although in a completely benign way for the user).
The result is that, without any user intervention whatsoever, that program can do whatever it wants inside your iPhone, iPod touch or iPad. Anything you can imagine: Delete files, transmit files, install programs running on the background that can monitor your actions… anything can be done.
The short answer to this issue is that you need to be careful and not click on any links to PDFs on your iPhone, iPod, or iPad until Apple releases an update to this issue.
The complete post can be found on the Gizmodo site (LINK:) http://gizmodo.com/5603319/ (http://gizmodo NULL.com/5603319/)
Sprint: The EVO 4G’s are getting the OFFICIAL Android 2.2 update (froyo) starting as of Aug 3rd. (Or tomorrow 7/30 if you want to manually update your EVO)
Aug 2nd
*****8/2/2010 UPDATE – UPDATE IS HERE************
To my fellow EVO users –
To those who want to install the Froyo 2.2 update, as of 9:15 pm (EST) it is now available directly from your phone. Customers can access the software update through their HTC EVO 4G under the Settings Menu > System Updates > HTC Software Update. This will initiate the three-step process also.
*****7/30/ 2010 UPDATE******************************
As of 5p it seems that the update has yet to be released for those who are looking at updating early. Latest Report was that the update was going to be ready after 12p CST and that it would be available at some point during the afternoon/evening Friday. Ill update as soon as I can get more details.
****************************************************
Based on an announcement on the Sprint Community Blog (LINK: http://community.sprint.com/baw/community/sprintblogs/buzz-by-sprint/announcements/blog/2010/07/29/sprint-is-the-first-wireless-carrier-to-bring-android-22-to-customers-using-the-award-winning-htc-evo-4g-beginning-tuesday-aug-3 (http://community NULL.sprint NULL.com/baw/community/sprintblogs/buzz-by-sprint/announcements/blog/2010/07/29/sprint-is-the-first-wireless-carrier-to-bring-android-22-to-customers-using-the-award-winning-htc-evo-4g-beginning-tuesday-aug-3)), the EVO will be getting its froyo update in the next couple of days. As of now the announcement says that the froyo (2.2) update for Android will be available as of 12p (CST) tomorrow 7/30 for download if you want to manually update the phone yourself (This is a nice touch on Sprints part for those who just don’t want to wait) and as of Aug. 3rd Sprint will begin (OTA) over the air updates to the EVO Devices.
Froyo which is the latest (and very highly awaited) update to the Android operating system, will carry numerous updates and new features as part of its update.
Some of the changes are -
For those who just can’t wait until the Froyo OTA update, you can manually trigger the download (As of 12p CST on 7/30) by doing the following
Customers can access the software update through their HTC EVO 4G under the Settings Menu > System Updates > HTC Software Update. This will initiate the three-step process also.
Apple: Possible fix for iPhone 3G(S) that run slow or have issues after upgrading the phone to iOS4
Jul 29th
Virtually everyone is aware of the “Antennagate” issues with the iPhone 4, however there have also been reported issues for those using iPhone 3G/3GS models that upgrade to the iOS4 software. The issues appear to be everything from shortened battery life, to very slow performance of the phone (making it unusable, to random reboots of the phone. With all the attention to the antenna issues, these other issues haven’t gotten as much attention until now. The Wall Street Journal is reporting that Apple is now conducting a probe concerning complaints about these issues (LINK: http://blogs.wsj.com/digits/2010/07/28/apple-investigates-reports-of-problems-with-ios4-on-iphone-3g/ (http://blogs NULL.wsj NULL.com/digits/2010/07/28/apple-investigates-reports-of-problems-with-ios4-on-iphone-3g/) )
With all that being said, it now seems that a member of the tech site Neowin (http://www.Neowin.net (http://www NULL.Neowin NULL.net)) by the name of NathanMillson (http://www NULL.neowin NULL.net/forum/?showuser=327910) may have just figured out the cause (At least one of them) and a simple solution that many have reported fixes the issues.
From Nathan’s Neowin post:
From my experience, I find if you go into Settings->General->Home Button->Spotlight Search-> Deselect every option. No more background indexing on iPhone 3G.
I haven’t had much performance issues after this…
If you find this solution works for you, post a response and TGM will make sure to let Nathan and Neowin know.
Software: ALERT – Critical Adobe Flash Update Released. You need to make sure your system is updated to this version.
Jun 12th
Adobe has released an update to its Flash Player (New Version 10.1) and Adobe AIR software to correct 32 issues that could lead to everything from the application / your computer crashing all the way to someone else (“Bad Guy”) being able to take control of your computer. The bad guys in the past week figured out how to use the vulnerabilities to be able to infect peoples computers, this update corrects those issues.
This Adobe advisory (http://www NULL.adobe NULL.com/support/security/bulletins/apsb10-14 NULL.html) outlines the severity:
Critical (http://www NULL.adobe NULL.com/devnet/security/security_zone/severity_ratings NULL.html) vulnerabilities have been identified in Adobe Flash Player version 10.0.45.2 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.
The vulnerabilities in this patch batch affects all major operating systems: Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris; Adobe AIR 1.5.3.9130 and earlier versions for Windows, Macintosh and Linux.
**NOTE THAT THIS ISSUE DOES AFFECT SOFTWARE INSTALLED ON WINDOWS, MAC, AND LINUX.
Here are some things to keep in mind.
- If you have more than 1 browser installed on your computer (Internet Explorer, Chrome, Firefox, Opera, etc), you MUST check this on each one of the browsers, even if you only use one. Check on any that are installed.
- You need to verify the Adobe Flash Player version number installed on your system, Adobe recommends that users access the About Flash Player page (http://www NULL.adobe NULL.com/products/flash/about/), or right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player” from the menu.
- In addition, check on your installed programs list (Windows Users – Start-> Settings-> Control Panel-> Add/Remove Programs or Programs and Features). Check and see that it doesn’t list multiple installs of either Adobe Flash or Adobe AIR. If it does from that screen highlight –> select uninstall to all but the latest one.
- If you would like to make absolutely sure that all older copies of Adobe Flash are uninstalled or if you are having issues doing the upgrade, go to the Adobe knowledge base page (tn_14157) which is at (LINK) http://kb2.adobe.com/cps/141/tn_14157.html (http://kb2 NULL.adobe NULL.com/cps/141/tn_14157 NULL.html) and download the Adobe Uninstaller. This will go thru your computer and automatically delete all versions of Adobe Flash. Then you can just install the latest version.
- The following 2 links are the direct downloads from Adobe for Flash (NOTE that 1 link is for Internet Explorer and the other is for the rest of the Browsers).
http://fpdownload.ad…h_player_ax.exe (http://fpdownload NULL.adobe NULL.com/get/flashplayer/current/install_flash_player_ax NULL.exe) (IE)
http://fpdownload.ad…lash_player.exe (http://fpdownload NULL.adobe NULL.com/get/flashplayer/current/install_flash_player NULL.exe) (All other browsers)
Keeping your computer safe is not just about updating the Operating System and having an Anti-Virus program. These days the bad guys are looking for anyway into your system. Imagine that when you left your home, you locked all your doors, but left a Window unlocked because the lock was broken. A bad guy could use that Window to get inside. So what would you do, replace the lock of course. This issue with software is the computer version of just that situation.
Alert: How to deal with Rogueware software when it tries to load on your computer.
May 18th
While surfing the web today I ran across a another version of the installer that tries to load one FAKE antivirus software (Antivirus 2010 is one of the most common names). The following can come up if you visit an infected website. The site that triggered these pop ups is a well known site, so do not assume that just because you are on a MAJOR website that you are not at risk.
What to look our for
As soon as you get to the website, the following pop up appears. **This is why it is important to read messages before clicking ok.
What you probably wont see (unless you drag the window above around the screen) is the little window (as shown below) that opens directly behind the main window. If you were to expand the little window you will see that its for 1anetantispy.
If you click on the OK button above you will get infected.
What to do if you see the AV check Window
1 – DO NOT CLICK ON ANY OF THE POP UP WINDOWS.
2 – On your computer click on the start button –> click on Run (or type Run in the search box) –> Once you get the run box, type taskmgr into the Run box and press OK
3 – This will open up the Windows Task Manager. Look for all items that involve the browser you are using. (In the example below, its Internet Explorer) Highlight each item and then click End Task. Once all the browser windows close
4 – (A) If you are using Internet Explorer go to Tools –> Options –> and Click on Delete Browser History. (B) If you are using Firefox, go to Tools –> Options – > Privacy –> and click where it says “Clear you current history”.
Alert: Desktop Security2010 – Another Rogueware program which seems to be spreading fast. This is NOT something you want on your pc.
May 16th
Job security is the probability that an individual will keep his or her job, and with the rate of computer clean up that I have to do that unfortunately seems to be going up and not down, I think I have job security for a while (Honestly, this is not the kind of job security that I want). We have had many posts on TGM about viruses, spyware, rogueware, yet the “my computer is infected” calls continue to come in, as people continue to fall for the tricks that get them infected.
The latest rogueware infection is called DesktopSecurity2010. What will happen if you get infected with the DesktopSecurity2010 rogueware
- DesktopSecurity2010 is an adware program that warns users of non-existing threats in their computers so that they purchase a certain program that removes them from the computer.
- Additionally, in order to make users think that their computer is really infected, it displays a warning message when the computer is restarted, and from time to time the screen fades to black and other times blinks with different colors.
- DesktopSecurity2010 can reach the computer when the user accesses certain websites which display banners or pop-up windows which lead to the download of this program. It can also reach the computer in a link that can be received via spam messages, fraudulent websites, etc.
What should you look out for when web surfing
DesktopSecurity2010 is easy to recognize, as it shows the symptoms below (These are some possible symptoms, you can still get infected without seeing these):
- It reaches the computer in a file with the following icon:
- When it is run, a screen to install the program is displayed:
- Once installed, it starts to carry out a system scan in search for possible malware and once finished, it displays warning messages informing users that the computer is infected:
One of the known ways that the rogueware is installing
The following post on the PandaLabs site (LINK: http://pandalabs.pandasecurity.com/making-new-friends%e2%80%a6/ (http://pandalabs NULL.pandasecurity NULL.com/making-new-friends%e2%80%a6/)) shows 1 of the ways you can get infected. Two of the clean up jobs that I have had to do in this past week occurred because the user also fell for a greeting card email as described below (Confirmed).
Making new friends…
- Posted on 05/13/10 by Olaiz
I’m very happy because I’ve received a greeting card via email from a new friend, thought it’s not my birthday, my saint’s day or anything like that 
Look what a nice card I’ve received:
Besides, it has been sent from 123greetings, which is a legal website to download and send cards, so it must be trustworthy.
I’ve clicked the picture of the message and I’ve been redirected to the website http://luxxxx.googlegroups.com/web/setup.zip, but I can’t see any greeting card here, but a Google groups website containing a link… maybe I have to follow the link in order to view it…
There’s no way. I can only see the Windows of an antivirus called DesktopSecurity2010 (http://www NULL.pandasecurity NULL.com/homeusers/security-info/218297/DesktopSecurity2010) informing me that my computer is infected and that I have to pay the license in order to eliminate the malware. I think that I got infected 
and I have neither a greeting card nor a new friend…
Now, talking seriously, yesterday we commented how this false antivirus was using Google Groups users (with malicious intentions) to be distributed. In fact, the URL from which the rogueware is downloaded is like the following:
http://Google Groups user.googlegroups.com/web/setup.zip
Some of these users are felixss, gorlum or misterxyz.
Google has reacted to this and has started blocking these malicious users. So, if you try to access any URL that uses these malicious users, the following message is displayed informing you that the user cannot be found:
Even so, some malicious accounts may still be active, so don’t trust messages like this and don’t follow any link like those we’ve previously mentioned in this post.
So what can you do to help protect yourself
- If you get a link, email, instant message, asking you or telling about something you were not expecting, even if it seems to be from someone you know, DO NOT TRUST IT! Getting a message from grandma saying check out the new pictures i upload and realizing she is 80 years old, ask yourself, does grandma really know how to upload pictures? It only takes a minute to call the person, and get a response to “did you send me….. message”, if they did, they will tell you instantly. If they didn’t they will be the 1st to say “What are you talking about”.
- Because of Twitter, the use of link shorting sites seems to have become the norm. The problem is that a link to http://bit.ly/dr9Ucz (http://bit NULL.ly/dr9Ucz) could be a link to many place. How do you know if it is a safe link or not a safe link. Again, even if the link is sent to you by someone you know, DO NOT TRUST IT unless you were specifically expecting it. For the record, http://bit.ly/dr9Ucz (http://bit NULL.ly/dr9Ucz) is actually a link to techgeekandmore.com, and TGM does not list shorten links on the TGM site, because we want you to know where you are clicking to. One thing you can do to check shortened links is visit sites that expand the shortened link. (If you use one of these link expander services and copy the link, be careful to copy the link and NOT accidently double click on the link) Some of the sites you can visit to use to expand links
-> LongURL (LINK: http://longurl.org/ (http://longurl NULL.org/)), PrevURL (LINK: http://www.prevurl.com/index.php (http://www NULL.prevurl NULL.com/index NULL.php)), ExpandMyURL (http://www NULL.expandmyurl NULL.com/) (LINK: http://www.expandmyurl.com/ (http://www NULL.expandmyurl NULL.com/)), URL Snoop (http://urlsnoop NULL.com/) (LINK: http://urlsnoop.com/ (http://urlsnoop NULL.com/)), Securi.net (http://sucuri NULL.net/?page=tools&title=check-url) (LINK: http://sucuri.net/?page=tools&title=check-url (http://sucuri NULL.net/?page=tools&title=check-url)). At all the sites, enter the shortened URL and click to find out where the link will lead
-> In addition if you use Firefox to browse the web, you can install LongURLPlease (LINK: http://www.longurlplease.com/ (http://www NULL.longurlplease NULL.com/)), or LongURL (LINK: http://longurl.org/tools (http://longurl NULL.org/tools)), which are Firefox browser extensions that automatically preview the destination URL for shortened links from just about any shortener you can name.
- As always make sure that your PC is updated with all the latest Windows Updates, your Anti-virus is updated, your install of JAVA is updated, your install of Adobe Flash player is updated, Your PDF reader is updated. Most viruses, spyware, rogueware use problems with these programs to get into your computer. Use can use sites like File Hippo (LINK: http://www.filehippo.com/ (http://www NULL.filehippo NULL.com/) ) to check and make sure your programs are up to date.
What to do if you do get infected
If you still get infected, you can use SuperAntispyware and Malwarebytes programs to clean your machine, I recommend downloading both before you get any infection. Run them on a regular basis (Regular = once a week or so), even if your computer does not show any signs of issues.
To download both programs I recommend using Ninite (LINK: ninite.com)
If you would like to see more information on ninite you can see the TGM post http://www.techgeekandmore.com/2009/12/25/software-two-must-haves-for-the-new-pc-pc-decrapifier-and-ninite/
If after running SuperAntispyware and Malwarebytes, you are still infected, then you will need to use a PE (Physical Environment) disk. The PE disk that TGM recommends is UBCD (LINK: http://www.ubcd4win.com (http://www NULL.ubcd4win NULL.com)). The how to for the UBCD can be found at http://www.ubcd4win.com/howto.htm (http://www NULL.ubcd4win NULL.com/howto NULL.htm) .
(http://www
