Essential networking tips

for small business

Android KitKat Unveiled

Suprising move by Google

Windows 8

Nine unanswered questions about the new OS

Pioneer 15x Blu-ray burner

coming soon for under $100

Monday, April 7, 2014

Replace Windows 8 with Windows 7 or a look-alike


Cheryle Fields’ husband hates his new Windows 8 PC. Cheryle asked me if she can replace the operating system with Windows 7.

You may or may not be able to install Windows 7 on your particular Windows 8 PC. A lot of that depends on the hardware. And, of course, you’ll have to buy a new copy of Windows 7.

But if you or a close family member hates Windows 8 that much (and I’m in complete sympathy), there are better options than paying for two versions of Windows and only using one of them.

First, see if you can return the computer. The retailer or manufacturer may have a 15- or 30-day return policy. If you bought the PC recently enough, you can probably get your money back--minus a restocking fee.

And then, you can buy a Windows 7 PC. Yes, they’re still available, although your choice of models will be considerably smaller. The major manufacturers all have search tools on their websites, where you can select criteria for your preferred computer. Check the operating system option to see if it includes Windows 7.

While writing this article, I found three Lenovo laptops, four HP laptops, and a whole lot of Dell laptops and desktops available with Windows 7. Senior editor Brad Chacos has further advice on how to get a Windows 7 PC.
0407 classic shell
If your PC can’t be returned for a reasonable price, you can make Windows 8 behave very much like Windows 7. With far less work than it takes to reinstall an alternate operating system, you can create a reasonable facsimile of Microsoft’s best user interface.

First, you need a third-party Start Menu program. There are many out there, but my favorite is the free Classic Shell. It creates a very close approximation of the Windows 7 Start Menu, with all of the features in the right places.

When you set up Classic Shell, go to the Start Menu Settings tab and select Windows 7 style. Near the bottom of the Basic Settings tab, be sure to check Skip Metro screen. You’ll never have to see that dumb home screen again.

Classic Shell includes more than just a Start Menu replacement. It can also return Internet Explorer and File Explorer (the Windows 8 equivalent to Windows Explorer) to their old selves.

What Classic Shell can’t do is turn off the charms that appear when you mouse too closely to the corners of your screen. Fortunately, there are other ways to do this.

0407 navigation properties croppedOne such solution is built into Windows 8.1. Unfortunately, this solution doesn't disable the bottom-right corner.

If that’s alright by you, right-click the taskbar and select Properties. Click the Navigation tab.
Uncheck both When I point to the upper-right corner, show the charms and When I click the upper-left corner, switch between my recent apps.

0407 winaeroTo disable all of these corners, forget the instructions above and use the Winaero Charms Bar Killer. When you launch this free program, it goes directly to the notification area. Right-click the icon for options.

Source - PC World


Friday, April 4, 2014

Sitedrop Turns A Dropbox Folder Into A Visual Workspace Where You Can Collaborate With Others

Getting everyone to use the same project management software is a challenge, but everyone seems to have a Dropbox account. Hoping to build on top of the consumer-friendly service’s popularity, a new startup called Sitedrop allows you quickly turn any Dropbox folder into a website where you can visually showcase your work and collaborate with others.

Sitedrop users are able to view, comment, favorite and even upload files to the online workspace just by dragging a file or link to a Dropbox folder.

The startup is currently being incubated by betaworks in New York, and has been slowly growing its user base since its private beta debut last fall. Today, the service, which has grown to some 3,000 beta users, is opening up more broadly.

sitedrop-ex

The idea for the company, built by betaworks Hacker-in-Residence Jessey White-Cinis and designed by his old business partner, Thomas Brodahl, grew out of frustrations they faced at the design agency they owned for ten years.

“We had constantly run into issues with project management at the design company, and this was our answer to it,” says White-Cinis. “Keeping [users] in Basecamp and making sure that all communication happens in one place is almost impossible,” he explains. “But we realized that the one thing that always stayed constant was that everyone always had a shared Dropbox folder.”

With Sitedrop, the idea is to try make that shared folder more useful, by allowing you to quickly turn it into a lightweight collaboration tool instead, while also filling in some of the holes Dropbox has today.

After signing up for Sitedrop and authenticating with Dropbox, the files in your shared folder are visible online through a custom subdomain, where they can be displayed in lists or in a more visual format, like slideshows. The service also supports previews for files created by Photoshop (which Dropbox does not), making Sitedrop popular among the creative set, including photographers and designers.

thumbnail_o

Everything in Sitedrop is folder-based, so you can manage these workspaces the same way you manage your files on your desktop, and you can control whether or not others can upload files to your site, or only view those you’ve already shared. The sites can also be password-protected for privacy purposes, and once logged in, users can collaborate on the content via additional tools for favoriting items and commenting. You can even drag links to webpages into your Dropbox, which Sitedrop will then render online.

In a future version, the plan is to support more robust revisioning, so you can “time travel” back through the various changes made to your shared content.

White-Cinis says that while the service appeals to creatives, its Swiss Army-like nature has seen people adopting it for other uses, too. ”People are using it for scrapbooking, as a wiki for documentation…and I’ve seen a few portfolios,” he says.

comments-sitedrop

Currently, Sitedrop is free and offers users up to 5 online workspaces. At a later point, the company will begin to charge for additional sites, as well as for premium features, like support for sharing video files, for example. However, today, there’s no limit on the workspace size, and there’s no other requirement for use beyond having a Dropbox account.

You can see a few examples of how it works here: Xtrapop (iOS app), The Life Aesthetic (creative startup), Ian Brewer (photography), or just sign up here to check it out.

Source - TechCrunch

Wednesday, April 2, 2014

Microsoft scam man is sentenced in 'landmark' case

Scam graphicA man who ran a Microsoft computer scam tricking people into paying for free anti-virus software has received a suspended four-month jail sentence.

Mohammed Khalid Jamil, 34, from Luton, hired people at an Indian call centre to falsely tell victims their computers had a serious problem.

The targets would be charged between £35 and £150 for software Microsoft made available for free.

As well as the suspended sentence, Jamil was ordered to pay a £5,000 fine.
He must also pay £5,665 compensation and £13,929 in prosecution costs.
The decision has been hailed as a "landmark" case by Trading Standards.

"We believe it may be the first ever successful prosecution of someone involved in the Microsoft scam in the UK," said Lord Harris, chairman of the National Trading Standards Board, which oversees the work of the National Trading Standards e-crime team.

"It's an important turning point for UK consumers who have been plagued by this scam, or variants of it, for several years.

"Many have succumbed to it, parting with significant sums of money, their computers have been compromised and their personal details have been put at risk.

"Now that one of the many individuals who've been operating this scam has been brought to justice, it's a stark warning to anyone else still doing it that they can be caught and will be prosecuted."

Remote access 
Jamil had set up Luton-based company Smart Support Guys, which employed people based in India to cold-call Britons and claim to be working for Microsoft.

The victims, unaware of the scam, would offer remote access to the fraudsters - meaning their computers could be controlled from a different location.

Once given this access, targets' computers would be made less secure, at which point the scammers would offer, in return for a fee, to install software to fix the problem.

The software installed was available for free on Microsoft's website.

In court, Jamil admitted to unfair trading by allowing his staff to make false claims regarding computer support services.

He claimed he had tried but failed to control call centre staff and not adequately supervised them.
His jail term is suspended for 12 months.

Source - BBC News

Thursday, February 27, 2014

Apple retires Snow Leopard from support, leaves 1 in 5 Macs vulnerable to attacks

OS X Life support plansComputerworld - Apple on Tuesday made it clear that it will no longer patch OS X 10.6, aka Snow Leopard, when it again declined to offer a security update for the four-and-a-half-year-old operating system.

As Apple issued an update for Mavericks, or OS X 10.9, as well as for its two predecessors, Mountain Lion (10.8) and Lion (10.7), Apple had nothing for Snow Leopard or its owners yesterday.

Apple provided Snow Leopard security updates for slightly more than four years, just four months shy of the record set by Tiger (OS X 10.4), which received its final fixes in September 2009.
 
Snow Leopard was also ignored in December, when Apple patched Safari 6 and 7 for newer editions of OS X, but did not update Safari 5.1.10, the most-current Apple browser for the OS.

Apple delivered the final security update for Snow Leopard in September 2013.

Traditionally, Apple has patched only the OS X editions designated as "n" and "n-1" -- where "n" is the newest -- and discarded support for "n-2" either before the launch of "n" or immediately after. Under that plan, Snow Leopard was "n-2" when Mountain Lion shipped in mid-2012, and by rights should have been retired around then.

But it wasn't. Instead, Apple continued to ship security updates for Snow Leopard, and with Tuesday's patches of Mountain Lion and Lion Tuesday, it now seems plain that Apple has shifted to supporting "n-2" as well as "n" and "n-1."

(In that scenario, Mavericks is now "n," Mountain Lion is "n-1" and Lion is "n-2.")

The change was probably due to Apple's accelerated development and release schedule for OS X, which now promises annual upgrades. The shorter span between editions meant that unless Apple extended its support lifecycle, Lion would have fallen off the list about two years after its July 2011 launch.

None of this would be noteworthy if Apple, like Microsoft and a host of other major software vendors, clearly spelled out its support policies. But Apple doesn't, leaving users to guess about when their operating systems will fall off support.

"Let's face it, Apple doesn't go out of their way to ensure users are aware when products are going end of life," said Andrew Storms, director of DevOps at security company CloudPassage, in a December interview.

To Apple, Snow Leopard increasingly looks like Windows XP does to Microsoft: an operating system that refuses to roll over and die. At the end of January, 19% of all Macs were running Snow Leopard, slightly more, in fact, than ran its successor, Lion, which accounted for 16%, and almost as much as Mountain Lion, whose user share plummeted once Mavericks arrived, according to Web analytics firm Net Applications.

With Snow Leopard's retirement, 1 in 5 Macs are running an operating system that could be compromised because of unpatched vulnerabilities.

Snow Leopard users have given many reasons for hanging on, including some identical to those expressed by Windows XP customers: The OS still works fine for them; their Macs, while old, show no sign of quitting; and they dislike the path that Apple's taken with OS X's user interface (UI).

Also in play is the fact that Snow Leopard was the last version of OS X able to run applications designed for the PowerPC processor, the Apple/IBM/Motorola-crafted CPU used by Apple before it switched to Intel in 2006. Snow Leopard, while requiring a Mac with an Intel processor, was the latest edition able to run the Rosetta translation utility, and thus launch PowerPC software.

The one comfort in Tuesday's updates was that it looked like Apple will continue to support Lion and Mountain Lion a while longer, even though it has offered those users a free upgrade to Mavericks. Yesterday's security updates patched 21 vulnerabilities in Lion, 26 in Mountain Lion.

In December, Storms bet that Lion and Mountain Lion had been retired when Apple did not issue security updates for those two editions, even as it fixed a handful of flaws in Mavericks. But he gave himself an out at the time, noting that Apple's silence -- it has long declined to comment on almost any question related to security -- on those editions may be temporary.

For parts of Apple's customer base, the free-OS X strategy seems to be working: By Net Applications' tally, Mavericks accounted for 42% of all versions of OS X used in January. Mavericks' continued gains, however, have come mostly at the expense of Mountain Lion -- which lost 6 percentage points in the last two months -- and Lion, which dropped by 2 points in the same period. Yet Snow Leopard has been largely unaffected. Since October, when Mavericks appeared, OS X 10.6 has dropped less each month than either its 6- or 12-month average.

Source - Computerworld Gregg Keizer

Thursday, February 6, 2014

PNG Image Metadata Leading to iFrame Injections

Researchers have discovered a relatively new way to distribute malware that relies on reading  JavaScript code stored in an obfuscated PNG file’s metadata to trigger iFrame injections.

The technique makes it highly unlikely a virus scanner would catch it because the injection method is so deeply engrained in the image’s metadata.
Peter Gramantik, a malware researcher at Securi, described his findings in a blog post Monday.
This particular iFrame calls upon a simple JavaScript file, jquery.js (below) that loads a PNG file, dron.png. Gramantik notes that while there was nothing overly odd with the file – it was a basic image file – what did catch him off guard was stumbling upon a decoding loop in the JavaScript. It’s in this code, in this case the strData variable, that he found the meat and potatoes of the attack.



The iFrame calls upon the image’s metadata to do its dirty work, placing it outside of the browser’s normal viewing area, off the screen entirely, -1000px, according to Gramantik. While users can’t see the iFrame, “the browser itself sees it and so does Google,” something that if exploited could potentially lead to either a drive-by download attack or a search engine poisoning attack.

sucuri-png-iframe-payload

The payload can be seen in the elm.src part (above) of the data: A suspicious-looking, Russian website that according to a Google Safe Browsing advisory is hosting two Trojans and has infected 1,000-plus domains over the last 90 days.

The strategy isn’t exactly new; Mario Heiderich, a researcher and pen tester at the German firm Cure 53 warned that image binaries in Javascript could be used to hide malicious payloads in his “JavaScript from Hell” con talk back in 2009.

Similarly, Saumil Shah, the CEO at Net-Square described how to embed exploits in grayscale images by inserting code into pixel data in his talk, “Deadly Pixels” at NoSuchCon in Paris last year and at DeepSec in Vienna the year before that.

Still though, it appears Gramantik’s research might be the most thought out example of the exploit to date using this kind of attack vector.

Regardless of how new or old the concept is, Gramantik stresses that it could still be refined and extended to other image files. Because of that the researcher recommends that going forward, IT administrators better understand what files are and aren’t being added and modified on their server.
“Most scanners today will not decode the meta in the image, they would stop at the JavaScript that is being loaded, but they won’t follow the cookie trail,” Gramantik warns in the blog.

Steganography, the science of hiding messages, oftentimes by concealing them in image and media files has been used in several high profile attacks in the past. The actors behind the MiniDuke campaign in 2013 used it to hide custom backdoor code while Shady Rat was found encoding encrypted HTML commands into images to obscure their activity in 2011 .

Source - http://threatpost.com/png-image-metadata-leading-to-iframe-injections/104047