Android Vulnerability - Stagefright - 950 Million Phones Are At Risk

MMS Messages.png

A new vulnerability in Android smartphones , named "Stagefright" has placed almost one billion users (95% of Android devices ) at risk that allows hackers to remotely access a device by simply sending a multimedia text message.

Dubbed Stagefright , it is the biggest smartphone flaw discovered and considered highly dangerous, as hackers are able to exploit it without the need for user interaction.

So What Would Happen ?

Once the attackers get in, they would be able do anything — copy data, delete it, take over your microphone and camera to monitor your every word and move

So How Does It Happen ?

To compromise your Android handset, all a hacker needs is your phone number, Then, they can send a specially-crafted media file via MMS (Multimedia Messaging Service ) text message that will remotely execute the code and compromise the device.

To make matters worse you don’t even need to view the media file: when the message is received, Android will display notifications that trigger the code and it’s even possible that by the time you go to look at the message, the attack could have deleted the message. You may never even know what that you have been attacked.

Why does it happen :The reason is that Android processes incoming media files in text messages before you even see them. But this means that malicious code can infect the system as soon as it hits the phone, too.

What Phones Are Susceptible To Stagefright ?

All Android versions 2.2 and newer are susceptible to this attack. 

What Are Google Doing About This ?

Google know about it and have issued a patch , however due to the way updates from Google are handled , as Google send the updates to the phone maker and then to the telco it can be a while till we see this patched.

Estimates from security experts state that only 20% to 50% of devices will actually be patched

How can I prevent this happening ?

In lieu of a security update, users can protect themselves against the attack by disabling automatic MMS retrieval in their messaging app of choice or in their Multimedia message settings on their phone. Also users are advised against opening MMSs from unfamiliar numbers.

More information can be found here:

 This Simple Fix Will Help Keep You Safe From The Stagefright Exploit

Stagefright: It Only Takes One Text To Hack 950 Million Android Phones

Stagefright: Everything you need to know about Google's Android megabug

It's Windows 10 Release Day - Tips & Advice

Windows 10 Installation

It is July 29th and that means the release of Windows 10 will start to be seen on peoples computers when they have " reserved ' it.

The size of the download for Windows 10 will be about 3GB so when you are downloading make sure you leave your computer on.

You will be notified when you can install Windows 10 as it will appear in " waves "

If you run into issues when installing it has been reported that all upgraders of Windows 10 are reportedly getting a free 15 minute call with Microsoft if they run into problems

Key Security Feature

Its more secure – Windows updates are mandatory , they will be downloaded to your computer and you can choose when to install (if you must) or just install them .

Features

The Start Menu is back , showing all your programs , along with “ Live Tiles ‘ which you had seen in Windows 8

Windows 10

 

Windows 10 Reservation Icon 

Many would have seen the Windows 10 icon appear in the bottom right hand side of their desktop asking for you to reserve a copy so it can be progressively downloaded before the release date.

Some consumers are not seeing this but have no fear you will get Windows 10 if you are running Windows 7 , 8 or 8.1. ( If you are running a genuine copy )

if you do not see the icon check out this article from The Verge - How To Get The Windows 10 Update 

Windows 10 Questions

If you have any questions on Windows 10 , here are some links to articles including a great step by step article including how to tell if you may have compatibly issues with your current setup moving forward.

So What Is My Opinion ?

I like Windows 10 , I have downloaded versions from the Windows Insider program and this really is the version we should have seen after Windows 7.

It runs well , the layout is good , the apps work well and when the new computers with Windows 10 are released it will be a pleasant experience for those buying a new computer.

Will there be upgrade issues for some , sure there will as with any upgrade and because many people run a " different " setup but these issues will be overcome in time.

Windows 10 Information

Windows 10 Page 

Download Windows 10 Upgrade Advisor

Windows 10 Is Almost Here: Here’s What You Need to Know

Upgrade To Windows 10 - Microsoft

Looking for a downloadable guide to Windows 10 - Windows 10 Quick Guide

Cryptolocker - Torrentlocker - Do Not Fall For Them

Cryptolocker

New versions of Cryptolocker ( Torrent Locker ) are alive and well – I have seen 2 businesses  fall victim to these in the last few weeks – 1 had NO backup and 1 fortunately did.

Cryptolocker / TorrentLocker will install on your computer when you “ click ‘ to open an attachment in an email ( usually a ZIP file ) and it will install and gradually “ encrypt “ EVERYTHING on your hard drive.

You will then be unable to open any files

You will see instructions about how to get the encryption key if you pay the ransom ( maybe is the big word here )

What are your options ?

·       Pay the ransom and hope you get the key allowing you access to your files

·       Restore from backup and wipe your computer

Either way your computer will have to wiped and restored from a known good copy of windows.

To stop it running you should download CryptoPrevent which should stop it running and is currently your best choice.

Please note there can be no guarantee on this software or any software saving you.

CryptoPrevent

Will your antivirus save you : No

You MAY be able to decrypt it yourself but so far I have seen none of these work - still they are worth a try.

More information on decryption can be found here:

Tesla Crypt Decrypt It Yourself

Your Locker of Information for CryptoLocker Decryption

Passwords - Do Not Share And Make Sure You Choose Wisely

Passwords

Passwords are, for many , the weakest link in their security chain.

Whether it is your online accounts , banking , or logging into your computer , your password needs to be good.

Names that are visible should be avoided at all costs : for example -  richard2015 is a terrible password that will be broken very quickly.

Last Pass

However 20Richa15rd is an improvement.

Make sure you know your password , use a password manager such as Last Pass 

If 2 factor authentication is available make sure you use it , something you know (your password) and something you have ( the code sent to your mobile phone number ).

DO NOT SHARE your password - it is yours - many could learn from this Seinfeld Episode 

A strong password is your first line of defense against intruders and imposters.

Never give out your password to anyone.* Never give it to friends, even if they’re really good friends. A friend can – maybe even accidentally – pass your password along to others or even become an ex-friend and abuse it.

Don’t just use one password. It’s possible that someone working at a site where you use that password could pass it on or use it to break into your accounts at other sites.

Create passwords that are easy to remember but hard for others to guess. When possible, use a phrase such as “I started 7th grade at Lincoln Middle School in 2004” and use the initial of each word like this: “Is7gaLMSi2004.” And make them at least a little different (by adding a couple of unique letters) for each site. On some sites you might even be able to type in the entire phrase.

Make the password at least 8 characters long. The longer the better. Longer passwords are harder for thieves to crack.

Include numbers, capital letters and symbols. Consider using a $ instead of an S or a 1 instead of an L, or including an & or % – but note that $1ngle is NOT a good password. Password thieves are onto this. But Mf$1avng (short for “My friend Sam is a very nice guy) is an excellent password.

Don’t use dictionary words: If it’s in the dictionary, there is a chance someone will guess it. There’s even software that criminals use that can guess words used in dictionaries.

Don’t post it in plain sight: This might seem obvious but studies have found that a lot of people post their password on their monitor with a sticky note. Bad idea. If you must write it down, hide the note somewhere where no one can find it.

Consider using a password manager. Programs or Web services like RoboForm (Windows only) or Lastpass (Windows and Mac) let you create a different very strong password for each of your sites. But you only have to remember the one password to access the program or secure site that stores your passwords for you.


Don’t fall for “phishing” attacks. Be very careful before clicking on a link (even if it appears to be from a legitimate site) asking you to log in, change your password or provide any other personal information. It might be legit or it might be a “phishing” scam where the information you enter goes to a hacker. When in doubt, log on manually by typing what you know to be the site’s URL into your browser window.

Make sure your computer is secure. The best password in the world might not do you any good if someone is looking over your shoulder while you type or if you forget to log out on a cybercafe computer. Malicious software, including “keyboard loggers” that record all of your keystrokes, has been used to steal passwords and other information. To increase security, make sure you’re using up-to-date anti-malware software and that your operating system is up-to-date.

Consider a “password” for your phone too. Many phones can be locked so that the only way to use them is to type in a code, typically a string of numbers. Sometimes when people with bad intentions find unlocked phones, they use them to steal the owners’ information, make a lot of calls, or send texts that look like they’re coming from the owner. Someone posing as you could send texts that make it look like you’re bullying or harassing someone in your address book with inappropriate images or words.

* Some parents ask their kids to share their passwords with them. This might be OK with young children, but you might want to respect your teen’s privacy and not ask. Also, if you do ask your children for their passwords, make sure they understand that this is a rare exception to the “do not share password” rule.
— http://www.connectsafely.org/tips-to-create-and-manage-strong-passwords/

Apple Music - Tips & Fixing Issues - Updated

Apple Music

As with any major change to software some people may experience some issues and with Apple Music that has occurred.

I personally have had no issues and think Apple Music is a great service.

One of the biggest issues that people have contacted me about is the syncing across multiple devices has stopped working , such as you create a play list on one device and it does not appear on all devices.

The quickest fix for this has been to sign out of iTunes on your devices and then sign back in.

Apple this week have released an update to iTunes ( Apple Music ) that fixes other issues.

More information can be found below:

A great article from Serenity Caldwell over at iMore should answer all your questions : Troubleshooting Apple Music : The Ultimate Guide

How-To: Fix iTunes 12.2’s iTunes Match/Apple Music DRM-adding bug

Apple Music FAQ

Apple Music FAQ: Everything You Need To Know