Menu
The Tech News Blog

June 1, 2014

Microsoft Cautions Against Using Registry Trick for Windows XP Updates

Why You Should Ditch Windows XP Now

Well, that was easy. News of a new hack for Windows XP users has been making the rounds this week — and trust us, it's a good thing if you're one of those holdouts who is now using the operating system in the Wild, Wild, West. Which is to say, you're still running your day-to-day operations on Windows XP, even though we've passed Microsoft's cutoff date for support, patches, updates, and what-have-you.

According to numerous sources, a simple registry tweak allows you to fool Microsoft into thinking that your version of Windows XP is actually a version of "Windows Embedded POSRready 2009" In doing so, you'll set yourself up to receive updates from Microsoft all the way through April 9, 2019. That all said, the company hascaught on that this trick is in use, and it has an as-you-might-expect warning for anyone giving the registry tweak a shot:

"We recently became aware of a hack that purportedly aims to provide security updates to Windows XP customers. The security updates that could be installed are intended for Windows Embedded and Windows Server 2003 customers and do not fully protect Windows XP customers. Windows XP customers also run a significant risk of functionality issues with their machines if they install these updates, as they are not tested against Windows XP. The best way for Windows XP customers to protect their systems is to upgrade to a more modern operating system, like Windows 7 or Windows 8.1," reads Microsoft's statement.



May 27, 2014

Australian iOS Users Reporting Hijacked Devices

iPhone 5S

Several iOS users in Australia have been locked out of their devices and received messages that demand money before their gadgets will be unlocked.

Complaints began yesterday on the Apple forums when a Melbourne-based user reported having his iPad lock up while he was using it. "I went to check my phone and there was a message on the screen (it's still there) saying that my device(s) had been hacked by 'Oleg Pliss' and he/she/they demanded $100 USD/EUR."

One Oleg Pliss known in the tech community is an engineer at Oracle, but as the hacked user noted, "I was pretty sure that whoever Oleg Pliss is, it's not really the name of the person who hacked my iDevices."

Soon other users started chiming in. Most are from Australia, though one affected user posted this morning that he lives in the U.S. and has never been to Australia, while another is in the U.K.

"I have the same problem, with the exact same message. Affecting both my iPhone and iPad," wrote a Perth-based Apple user.



May 27, 2014

Spotify Hacked, Urges Android Users to Upgrade

Get Organized: How to Organize Spotify Playlists

Music-streaming service Spotify is the latest company to report a security breach.

In a Tuesday blog post, Oskar Stål, Spotify's CTO, said it has identified "unauthorized access to our systems and internal company data."

According to Spotify, the breach affected just one user. "This did not include any password, financial or payment information. We have contacted this one individual," Stål wrote. "Based on our findings, we are not aware of any increased risk to users as a result of this incident."

Still, as a "general precaution," certain Spotify users will be signed out and asked to re-enter their usernames and passwords over the coming days.



May 21, 2014

eBay Urges Users to Change Passwords After Hack

New eBay Logo

EBay is urging all users to change their passwords following a cyber attack that compromised one of the auction site's databases.

According to today's announcement, the database contained encrypted passwords, but there is no evidence that financial or credit card data was accessed or compromised, or that there was any unauthorized activity on eBay users' accounts.

Still, eBay suggests that everyone change their passwords; users will be reminded starting today via email, the Web, and other channels.

The hack, which occurred between late February and early March, was detected only two weeks ago. EBay has since conducted "extensive tests" on its networks before issuing today's warning.

"Information security and customer data protection are of paramount importance to eBay Inc., and eBay regrets any inconvenience or concern that this password reset may cause our customers," the company said in a statement.



May 8, 2014

Apple Not Encrypting Mail on iOS 7 is Bad, But Not a Disaster

Encrypted Email

While it's true that email attachments are not encrypted on the latest version of iOS 7, the severity of the flaw does not appear to be as damaging as originally reported.

Security researcher Andreas Kurtz discovered that mail attachments opened in the bundled Mobile Mail app on iOS 7 devices are not encrypted, even though Apple claims the files are secured using its Data Protection technology. Affected versions include iOS 7.0.4 and iOS 7.1, as well as the most current, iOS 7.1.1, Kurtz wrote on his blog. He verified the issue on an iPhone 4, iPad2, and iPhone 5s.

"I noticed that email attachments within the iOS 7 MobileMail.app are not protected by Apple's data protection mechanisms," wrote Kurtz, a researcher with NESO Labs.

Andrey Belenko, a researcher at viaForensics confirmed the vulnerability, but noted that while some attachments were not encrypted, other mail files had some form of data protection. The main Messages store had Data Protection enabled, but other mail elements, such as Envelope Index and Recents, did not, viaForensics found.

"The flaw was observed but did not globally affect all email attachments," viaForensics noted in a blog post.



May 5, 2014

Target CEO Out After Security Breach

Target Black Friday

Target CEO Gregg Steinhafel has announced plans to step down, about five months after the retailer revealed a massive breach that affected up to 70 million customers.

Steinhafel will step down from his positions as chairman of the Target board of directors, president, and CEO. CFO John Mulligan will serve as interim president and CEO until a replacement is found.

In a Monday letter to the board, Steinhafel said that the data breach "tested Target in unprecedented ways."

"From the beginning, I have been committed to ensuring Target emerges from the data breach a better company, more focused than ever on delivering for our guests," he wrote. "We have already begun taking a number of steps to further enhance data security, putting the right people, processes, and systems in place."

With those milestones in place, "now is the right time for new leadership at Target," Steinhafel said.



May 1, 2014

Microsoft Fixes Nasty IE Bug, Even for Windows XP

Windows XP Update Reprieve

Earlier this week PCMag reported on a zero-day bug in Internet Explorer that would allow cybercrooks to run arbitrary code on users' PCs. Just visiting a malicious website would suffice to allow the attack, and the bug affected all versions of IE from 6 to 11. Worse, given that XP has reached its end of support, those holdouts still using XP would be permanently vulnerable. Good news! Not only has Microsoft released a patch for all versions of IE, they're even patching XP's Internet Explorer 8.

According to a Microsoft post, the patch started rolling out around 10am (Pacific time) today. If you have automatic updates enabled, you don't need to do a thing. If you've chosen to have Windows Update await your confirmation before installing updates, be sure to give it that confirmation as soon as you see the notification. Of course, if you've turned off automatic updates altogether, you'll have to perform a manual installation.



April 28, 2014

AOL Breach Puts Users’ Personal Info at Risk

AOL Email

AOL today said it is "investigating a security incident" that likely led to a recent increase in incidents of email spoofing.

The breach "involved unauthorized access to AOL's network and systems," AOL said in a statement, which put email addresses, postal addresses, address book contact information, encrypted passwords, and encrypted answers to security questions at risk.

At this point, AOL has no indication that the encryption on the passwords or the answers to security questions was broken, or that financial information, including debit and credit cards, were compromised.

"We nevertheless strongly encourage our users and employees to reset their passwords used for any AOL service and, when doing so, also to change their security question and answer," AOL said. "We believe that spammers have used this contact information to send spoofed emails that appeared to come from roughly 2 percent of our email accounts."



April 28, 2014

Microsoft Warns of Internet Explorer Zero-Day Bug

Internet Explorer (IE) logo

Microsoft has released a security advisory that warns about remote code executions in various versions of Internet Explorer.

"This issue allows remote code execution if users visit a malicious website with an affected browser," Microsoft said. "This would typically occur by an attacker convincing someone to click a link in an email or instant message."

The bug affects Internet Explorer 6 - 11, though according to security firm FireEye, "the attack is targeting IE9 through IE11."

"We believe this is a significant zero day as the vulnerable versions represent about a quarter of the total browser market. We recommend applying a patch once available," FireEye said.

Microsoft said that Enhanced Protected Mode, on by default in IE10 and IE11, as well as Enhanced Mitigation Experience Toolkit (EMET) 4.1 and EMET 5.0 Technical Preview, "will help protect against this potential risk." But until a patch is released, IE users should be on high alert and not click on any sketchy links or travel to unknown sites, or temporarily switch to another browser.



April 22, 2014

AOL Mail Hacked, Accounts Sending Spam

AOL Email

If you get a suspicious email from an AOL user, it's probably best to delete it. The service has apparently been compromised and some accounts are sending out spammy messages.

But rather than compromising actual accounts, it appears the scammers are just spoofing them. As AOL explained in a help page, "spoofing is when a spammer sends out emails using your email address in the From: field. The idea is to make it seem like the message is from you – in order to trick people into opening it."

"These emails do not originate from AOL and do not have any contact with the AOL Mail system – their addresses are just edited to make them appear that way," the company said. "The message actually originates from the spammer's email account and is sent from the spammer's email server."

The easiest way to tell if you've been affected is if your inbox is littered with message bounce backs from emails you never sent. Or perhaps a friend or two has been kind enough to alert you to the spam messages your account appears to be sending. To determine if you've been hacked versus spoofed, check you sent messages: if there are sent emails you didn't send, it's a hack. If there's nothing there, it's a spoof.

AOL is urging users to change their passwords and be on the lookout for sketchy emails so they don't fall prey to phishing scams.