Archive for June, 2014

HTTPS or Not

Posted by


Many of you know about the popular website called LinkedIn. It’s a sort of social network for businesses and people looking to make contact with each other. You can post your detailed resume to the site so potential employers can easily see things about you. It also allows you to network with others, which could be beneficial in landing that job that you want.

Well, just as other sites have fallen victim to cyber-attacks recently, it has been brought to light that LinkedIn had been particularly vulnerable from past years till earlier this year and it had been up to the end-user to make it not vulnerable. By default your login had started with an HTTPS connection and ended with a non-HTTPS connection. What this means is if there was someone on your home network, the local coffee shop you like to frequent, or any other open network, wireless or wired, that you had been using, they could have easily grabbed your login name and password without you even knowing.

While no financial data is on your LinkedIn account, a would-be attacker could gather quite a lot of information on you that would be very helpful in breaking into other accounts you have elsewhere.  LinkedIn has stated that all customers in the U.S. and E.U. have been now protected against these types of attacks, called “man in the middle,” starting in February of this year, with HTTPS connections always on by default. What is unclear and why this has been brought to light is that customers from any other area of the world maybe still unprotected with no HTTPS connections by default.

While this is a fairly standard issue in terms of security, it brings up a good point. You should always be checking sites that you log into that store personal information or are otherwise critical always use HTTPS connections, not just when you login. This type of connection encrypts any and all traffic that is sent from your computer browser to the hosting server of the site. You have to make it that much more difficult for attackers to successfully gain access to your information.

To do this on most sites, including LinkedIn (if they don’t use HTTPS already automatically), you simply go to your account and settings looking for the option to enable HTTPS connections. Most sites these days do this automatically but even some that you wouldn’t expect (LinkedIn in this case) still do not and leave this up to you, the end user, to do.  However it is still good to make sure this is working for you.

Stay Safe!

XP – The Real Cost

Posted by

XP Ends

You wouldn’t leave your car or house unlocked for thieves to break into.

So why do so with one of your business’s most important pieces of equipment – your computer network?

That in essence is what you are doing when you continue to run Windows XP two months after Microsoft discontinued its support of that operating system.

(Systems with Microsoft Security Essentials and its aligned Malicious Software Removal Tool will continue to receive anti-malware signature updates through July 14, 2015. But that shouldn’t be confused with the operating system itself being protected.)

What does end of support mean for the 25 percent of businesses still using XP? No new security updates, non-security patches, fee or paid support options or online technical content updates starting April 9, 2014.

The wisest solution is to upgrade to a machine with Windows 7, 8 or 8.1 (Windows Vista will hit the end of its life in 2017, making it not a viable long-term answer).

But that means substantial upfront cost, an option that’s unattractive to many business owners. So they will stick with what they have, cross their fingers and hope for the best.

While running XP until the hardware it is installed on fails may seem like the least-expensive short-term solution, other potential problems need to be factored into the cost.

Security should be uppermost among those concerns. Without critical security updates, your network may become more vulnerable to harmful viruses, spyware and other malicious software which can steal or damage business data. Even before the loss of updates, XP already had a significantly higher infection rate than other operating systems.

Second, businesses that are governed by regulatory obligations such as HIPAA may find that they are no longer able to satisfy compliance requirements.

Finally, software vendors will stop supporting their products running on XP and hardware manufacturers will stop supporting XP on existing and new hardware.

So keeping XP becomes more expensive, not just in terms of maintenance, but also from potential infections and lost productivity.

HCP recommends migrating to a newer machine preloaded with a newer operating system (OS). This is usually more cost effective than trying to upgrade an old machine with a newer OS and avoids the risk of slowing down your machine with a more modern version of Windows.

Stay safe.

Cryptolocker – What is one to do?

Posted by



Unfortunately, as discussed in the last blog entry, Cryptolocker and the new variants of it are an encryption-based infection. This type of infection requires a preemptive and proactive approach to keeping your data safe. This is because once you have discovered the infection is on a system or systems, it is already too late in most cases. You may or may not have lost any or all of your files to the infection, depending on how quickly it is found.

This infection and its variants spread through spam emails mostly. It will usually present itself as a link for you to click in an email that has been crafted to look legitimate to an end user.  The file is usually contained in a zip archive either directly in the email or through a cloud storage account such as Dropbox. It is critical to frequently tell your end users the dangers of spam mail and to never click links to files in emails unless you know for sure that it is safe.  A good policy in place would be to disallow any .zip or .exe files to be used at all in company emails, therefore getting rid of one avenue of infection. For some business or end users, this may not work.

Education for these types of infections is key because they rely heavily on successful social engineering. Now even the best-educated users will at times make mistakes and you have to plan for this with these types of encryption infections.

It is only a matter of time before a system or network of systems will get one of these ransomware-type of infections no matter the security in place. Therefore it is absolutely critical to have a backup system in place to retrieve lost data. A variant of the Cryptolocker infection called Cryptowall takes the infection to a new level by deleting what is called the system-restore files in Windows that allow you to take your computer back to an earlier time and date. It also deletes the shadow copies that Windows keeps of files. Again this means you need to have a secure and effective backup system in place for your systems. The most critical thing is you need to know that the backups will work. Regular testing is mandatory to make sure you can get your data back. A good system means nothing if the restore process doesn’t work or work well.

Now one would ask is there more that can be done other than educating users on where this infection comes from and having a good backup system in place. As of right now, the industry is scrambling to come up with good defensive approaches to these types of infections. The regular antivirus scanners have been ineffective so far at stopping the infections or even detecting that it’s on a system.  Once it’s on a system, it’s almost too late.  Here at HCP Computers, we are drafting up a few proactive and on-demand measures to help keep these types of infections from happening in the first place. Contact us and we will schedule a time to discuss these measures.

First and foremost; educate, educate, educate and backup, backup, backup.

Stay Safe

Cryptolocker – What is it?

Posted by


As many of you have probably heard, there is a security exploit out in the open called the Cryptolocker virus or Cryptolocker infection.

What is it? It is unlike normal viruses or malware that you may have had experience with before. The Cryptolocker virus is a piece of malware that holds your computer and its data at ransom. When you get the cryptolocker package installed on your machine, the first thing it does is look over your computer for user-created data files. These include all the typical files one would create with Microsoft Word, Excel, Powerpoint, text documents, documents created with any of the open source office replacement suites, PDFs, and just about any type of picture, video, or music files. Before, viruses would simply render these files useless by corrupting the file or deleting it. Cryptolocker is different in this regard.  It quickly and efficiently encrypts these user data files with a public/private encryption key set.

Now the encryption keys that Cryptolocker uses are just about unbreakable. This is because it uses a key anywhere from 2,048 bits to 4,096 bits. A key space this large would take a supercomputer many months if not years to break by trying one guess at a time. The creators of the Cryptolocker infection therefore hold your computer files at ransom with this encryption and demand money in order to get the decryption key and program you need to decrypt these files. This ransom fee has been anywhere from $1,000 to $3,000 depending on what the current rate of bit coins is to U.S. dollars and how many they demand. Paying the ransom is not a recommended choice obviously because it is expensive and you don’t want to be sending the creators your hard-earned money.

Cryptolocker is the original widespread infection that operates as an encryption ransomware. It was only a matter of time but Cryptolocker has started a trend in the virus/infection way of doing things. At this time and day, there has been an additional 10-plus similar but different encryption-based ransom infections found in the wild. Each have varying degrees of similarity to Cryptolocker, however some are even more dangerous and damaging. There’s even a version that has been discovered to run on android phones; currently Gingerbread os and above versions.  Unfortunately this looks to be a trend for the future as hackers/malware creators these days look to make the most money for the least amount of effort from their actions.

Check our next blog entry for directions on how to combat Cryptolocker.

Stay Safe