Online PC Support

PC Support

Welcome

Poodle Bug: Marks To Be the Third Security Flaw, But Less Scary Than Heartbleed and Shellshock

Have you recovered from the shock of facing two latest security threats in a row, when one new internet security flaw popped up – Poodle Bug? Yes, Padding Oracle on Downgraded Legacy Encryption (Poodle) bug marks to be the third security flaw discovered this year.

Poodle, a security bug in the widely used software – Secure Sockets Layer (SSL) 3.9 cryptography protocol (SSLv3), which is used to secure internet has been discovered by three researchers from Google. It is a security flaw in the web-encryption technology, which is believed to open doors for the hackers to take full charge over email, banking and several other online accounts.

Though Poodle bug is considered a big threat for every encrypted internet activity, but still it is considered to be less harmful than Heartbleed and Shellshock.  Tal Klein, Vice President, Adallom said, “If Shellshock and Heartbleed were Threat Level 10, then Poodle is more like a 5 or a 6”.

The important part that needs to be noted down over here is that this is not a flaw in the SSL Certificates, their private keys or in their design, instead the flaw lies in the old SSLv3 protocol. The good news over here is that the SSL Certificates are not affected by this security flaw and thus, the customers having the certificates on servers supporting SSL 3.0 are not required to replace them.

How does the Poodle bug work?

The network between the computer and the server is always under the prying eyes of attackers. Here, the attacker controlling the network between the computer and the server could interfere with the process used to verify which cryptography protocol can be used by the server. The security protocol used by the server is verified using a ‘protocol downgrade dance’.  With the use of this technique, the computers are forced to use the older SSL 3.0 protocol to keep the data exchange secured. Now, the network is fully under the control of attackers and they can now exploit the bug using the man-in-the-middle (MITM) attack.

The attack can be used to decrypt the secured HTTP cookies, which could further allow them to steal information or take full control of user’s online accounts. Once, the bug is exploited-nothing is secured online.

Tips to fight back the Poodle Bug

Below given is the list of actions that you as a user can follow:

  • At first, ensure that the SSL3.0 is disabled on your browser.
  • Always check for secure ‘HTTPS’ while visiting any website to avoid MITM attacks.
  • Keep a check at the notices from the vendors you use for the recommendation regarding software and password update.
  • Try to avoid potential phishing emails coming to you from attackers to avoid going to any false website.
  • Always try to stick with the official site domain.

Though every security flaw is scary, but you as a user have full control over the security of your online activities. You just need to avoid access through unencrypted modes and everything on your end will be secured.

Android Lollipop, Google’s latest mobile platform is unveiled

After months of speculation and testing, Google has announced the latest version of its most popular mobile operating system. Called as Android Lollipop, this recent mobile platform equips more than 5,000 APIs. It has a fresh artistic style called Material Design, which is designed to give consistent look and feel across different Android-based devices. As far as the user interface is concerned, this time it is more responsive and intuitive with natural motions and realistic lighting elements including shadows.

According to the search engine giant Google, “Lollipop made for a world where moving throughout the day means interacting with a bunch of different screens—from phones and tablets to TVs. With more devices connecting together, your expectation is that things just work.”

Google further revealed that when using the one-of-a-kind battery saver feature of this most recent version of mobile OS, the life of the devices running on Android Lollipop will be extended by as much as 90 minutes. This particular feature of the phone will prove to be of great help for anyone that has to recharge their devices again and again. Using this feature, you can see the battery level of your device and how long will it take to charge it. It is the first time that battery saver feature has been included in a mobile platform.

The new operating system also includes some outstanding security as well as notification features. In order to offer you optimum security, the operating system supports a kill switch, which makes using a stolen device quite completely impossible. This time, Google has also turned on the encryption by default to keep any kind of security snafus at bay. Notifications have also been updated that will enable users to hide sensitive updates and prioritize notifications accordingly. Furthermore, you can view and respond to messages right from the lock screen. And if you want, you can schedule a quiet time to silence notifications.

Right now the current version of Android, Lollipop will come on devices, including Nexus 9 tablet,  Nexus 5 and Nexus 6 smartphones and the Nexus Player set-top box. And in the coming week, it will be available for download on Google Play devices and Nexus 4, 5, 7 and 10.

Lenovo launches its slimmest convertible Ultrabook ‘Yoga 3 Pro’

Yoga 3 Pro is Lenovo’s thinnest and lightest convertible Ultrabook till date. Revealed via a live satellite at an event held in London, this model by Lenovo features Intel’s Latest 14nm fanless Core M processor and is the successor to the IdeaPad Yoga 13 line. The most amazing aspect about Yoga 3 Pro is its 360-degree hinge. It is merely 12.8mm thick and weighs just 1.19kg, making it the perfect travel travelling companion. The simple yet elegant silvery-grey finish of Yoga 3 Pro is quite complementing.

Apart from its hinge design, another intriguing factor of this latest Ultrabook is the accelerometer, which can find out whether it is in portrait or landscape mode. It then rotates accordingly. When it is in the tablet mode, this Ultabook can be easily managed and controlled via physical volume keys and a start button.

Another prime highlight of Yoga 3 Pro is its build, which is very strong.

Dr Web, a Russian firm spotted a new Mac malware dubbed iWorm

Lately, a Russian security firm Dr Web spotted a new Mac malware “Mac.BackDoor.iWorm” that used Reddit to communicate with its command and control servers. The malware infected as many as 17,000 Mac PCs, primarily in the US, Canada and the UK.

Accroding to the company, “When Mac.BackDoor.iWorm is initially launched, it saves its configuration data in a separate file and tries to read the contents of the /Library directory to determine which of the installed applications the malware won’t be interacting with.”

Dr Web further added, “If ‘unwanted’ directories can’t be found, the bot uses system queries to determine the home directory of the Mac OS X account under which it is running, checks the availability of its configuration file in the directory, and writes the data needed for it to continue to operate into the file.”

The malware once entered on a victim’s machine, opens a port and waits for all the incoming signals. Then in order to communicate with the command and control servers, it then uses Reddit.

BlackBerry comes with a new smartphone “Passport”

At an event in Toronto, BlackBerry launched an unconventional smartphone “Passport” at a price of $599 for the unlocked version. According to the company, initially, just after the launch, the smartphone will be available through ShopBlackBerry.com and only for customers in Canada, Germany, France, the UK and the US. And within one year, BlackBerry would start selling the smartphone in more than 30 countries, including India, Saudi Arabia and the other parts of the Middle East, Singapore, Austria, Nigeria, Hong Kong, Indonesia, Malaysia, the Netherlands, South Africa, Australia, Vietnam, Belgium, Italy, Switzerland, Mexico, Venezuela, Philippines, Russia Slovakia, Spain, Romania, and Colombia.

This latest smartphone by BlackBerry is the first ever phone to have BlackBerry 10.3 OS onboard and features such as, BlackBerry Assistant and BlackBerry Hub with Instant Actions. And using BlackBerry 10.3 Os, users will also be able to browse through Amazon’s App Store for Android and access to as many as 24,000 apps.

The most intriguing aspect about BlackBerry Passport is that it includes 2.2GHz quad-core Snapdragon processor. It also equips Adreno 330 GPU, 3GB of RAM and 32 GB of built-in storage capacity, which can be easily expanded to 128GB. Another prime highlight of the smartphone is its 13-MP rear OIS camera and 2-MP front camera. As far as the battery life of the phone is concerned, it will run up to 30 hours.

The phone measures 128×90.1×9.3mm and boast different connectivity options, including Wi-Fi a/b/g/n/ac, Bluetooth 4.0 LE, Micro-USB + Micro-HDMI via SlimPort, USB OTG, NFC, GPS, DLNA, Glonass, GPRS/ EDGE, 3G, and 4G LTE. The BlackBerry Passport features a Nano-SIM card slot too.

As far as the display of the smartphone is concerned, it sports 4.5-inch 1440×1440 pixel resolution IPS LCD display with 453ppi. And using its three-line hardware keyboard having capacitive touch sensitivity, users can easily perform gestures, browse through lists and choose auto-complete recommendations.

Amazon launches new version of Fire tablets

Lately, Amazon introduced two Fire HD and two Fire HDX tablets to enable its customers buy more and more products and services from its web store. With prices ranging from $99, $139, $379 and $479 for Fire HD with a 6-inch screen, 7-inch Fire tablet, 8.9-inch Fire HDX 8.9 with Wi-Fi version and 8.9-inch Fire HDX 8.9 with LTE version respectively.

The Fire HD tablets are equipped with powerful hardware features and sports quad-core processors along with front and rear cameras. Both the Fire HD tablets boast Gorilla displays. Amongst the two tablets, the 6-inch screen Fire HD tablet can display images at 252 ppi, whereas the 7-inch screen Fire HD tablet can display images at 261 ppi.

The Fire HDX tablets with Wi-Fi and LTE version weighs as less as 374 grams and offers impressive battery life of 12 hours. These tablets have Qualcomm’s Snapdragon 905 processor that delivers 70% faster graphics than other HDX tablets. As far as the functionality of the processor is concerned, it operates at 2.5GHz. The Fire HDX tablets comprise of Andreno graphics core that can render images at a resolution of 1920×1080 pixels. It also comes with a feature to control brightness to make reading ebooks easy and convenient.

In addition to these four tablets, the company also launched its first ever tablet for kids, called as Fire HD Kids Edition. This tablet has been primarily designed to give kids an experience of a real tablet and not a toy. The prime features of the Fire HD Kids Edition, include quad-core processor and HD display. Currently, the company has introduced two versions of Fire HD Kids Edition- one with a 6-inch screen for $149 and another with a 7-inch screen for $189, both with tow-year guarantee. These tablets also offers one year of free access to as many as 5000 books, TV shows, movies, games and educations apps.

Preorder for all these  tablets will start from October.

Samsung comes up with a free business security app “My KNOW”

As a business user, how confident do you feel when it comes to sharing credentials on your Android-based Samsung smartphone? To provide a sigh of relief to all professionals and assure that their privacy is completely secure lately Samsung introduced a security app called as My KNOX.

It is especially made for working people in companies with Microsoft Exchange ActiveSync (EAS) accounts, enabling them to synchronize e-mails, calendar events and even all their important contacts between PCs and mobile devices. Initiated from Samsung’s very popular KNOX service, this free app is a very simple method to shield your smartphone, without taking the help of IT people. It enables professionals to remotely locate, wipe as well as lock your smartphone by just using my KNOW User Portal.

Within smartphone, My KNOX creates a virtual Android workplace with its own home screen, launcher, apps, and widgets. Thus further offers access to more secure work e-mail and every data and application stored on your mobile.

According to company’s official blog, “My KNOX is a fast and easy way to get access to your work email and key business apps without requiring IT admin support. My KNOX separates your work from your personal life on your device. And if you are looking for a free security solution that ensures your privacy while providing the simplicity of having a secure workspace for email and apps that is managed by you, look no further than My KNOX.”

In addition to this free app, Samsung also announced its new Know services “Knox Premium” and “Knox Express” for IT admins. These services will enable the IT people to easily deploy cross-platform mobile security across the company. Amongst the two, Knox Premium is primarily for large enterprises and will cost $1 per user. On the other hand, Knox Express is for small and medium businesses and is free of cost. However, Cloud support for Knox tools will cost $3.60 per user.

Currently, My KNOX app can be installed on Samsung Galaxy S5 or Galaxy Note 4 smartphone without an IT administrator’s involvement.

Five Nigerian groups involved in Craigslist buyer scam

Have you ever tried selling a gadget on Craigslist? If yes, you must have been contacted by someone showing interest in the product you are selling, ready to pay more than the selling price and asking you to ship the product to Nigeria. And if you have been contacted, they would have also asked you to give details of your PayPal account to transfer you the money. But unfortunately, once you provide your details, you neither get any money in your account nor any information about your gadget. You become a victim of a scam.

According to a recent study, five major criminal gangs of Nigeria have been identified who are cheating sellers on Craigslist. These criminals are so smart that they have made their tricks look absolutely genuine and legitimate. Also, they use advanced check-writing equipment and accomplices from the U.S. in order to prevent any sign of suspicion amongst the sellers.

To catch the frauds, Damon McCoy and colleague Jackie Jones from the computer science department at George Mason University posted an advertisement to sell laptops at a premium of 10 percent. The fake buyers contacted through e-mail. To track them, McCoy and Jones replied to their e-mails with the advertised product’s images. When scammers clicked on the image link, their IP address and their location were revealed. And majority of the scam e-mails were from five common groups.

LinkedIn introduces new security tools

Lately, LinkedIn released new security features to enable its users manage authenticated sessions on various devices. Called as “See where you are logged in,” this new feature lets you see where, when and on what devices you are logged in to your LinkedIn account. You can even know the corresponding location, IP address, OS and browser type used to login to your account. And if you want or anything found suspicious, you can right away sign out of all the sessions in one single click.

According to the company, there was an urgent need of a security feature that could tell users about all their active sessions and manage them accordingly. Users, a lot of times happen to access their accounts on devices like friend’s smartphone or a public computer, which is not a good practice. And they don’t bother to sign out of their accounts due to which an active session can remain open on that device, giving other users an entry to their accounts. That’s why; LinkedIn came with a feature that gives users the option to remotely check their accounts and close them if left opened.

On the latest features, company’s head of security and privacy added “Not sure if you remembered to log-out of your LinkedIn account on your friend’s computer? We have you covered. We’ve added a single place to see everywhere you’re signed in to LinkedIn and manage those sessions in your settings. Go to your settings and click on See where you are logged in to see a complete list of the devices that you are logged into. You also can manage these sessions from this new page. If you see a session that you want to turn off, simply click on the sign out link.”

In addition to this feature, the company also introduced a new addition to the e-mail notifications it sends to its users in case of security breach, such as change in their password.

HP launched two new Pavilion and ENVY models

Lately, HP announced two new additions for its very popular Pavilion and ENVY range with a couple of notable differences. Touted as Pavilion x2 and ENVY x2, both the newcomers feature removable keyboards that convert the laptop into tablets. And in order to provide extra protection to the screen when folded, the keyboards are covered with a special fabric. Not just this, the keyboards also connect to the tablet wirelessly via Bluetooth so that you can easily use them in any position.

Here’s a closer look at the new models of Pavilion and ENVY by HP.

Amongst the two, Pavilion x2 is equipped with an Intel Atom processor and sports a 10-inch screen. As far as the operating system is concerned, it has a full Windows 8 package. Though Pavilion x2 doesn’t offer Beats inside, it has a couple of speakers in the front that deliver DTS sound. The battery life of the laptop is advertised to run for as much as 11.75 hours.

While on the other hand, ENVY x2 has a display of 13.3-inch and offers storage space of 256 GB SSD. It is powered by Intel Core M processor and boasts of a Beats Audio sound system.

In addition to ENVY x2 and Pavilion x2, HP also updated both of its Chromebooks, including Chromebook 11 and Chromebook 14.

Any use of third party trademarks mentioned on this site , brand names , products, phone numbers and services is only referential and onlinepcsupport hereby disclaims any sponsorship , affiliation or Endorsement of or by any such third party .