Posts Tagged

IT Support

Internet Of Things Items Can Create Vulnerability

Elizabeth Technology January 23, 2024

Internet of Things items are convenient, otherwise they wouldn’t be selling. At least not next to regular, non-wifi-enabled items. They don’t even have to be connected to the internet, and they should stay that way!

An Internet of Things item, or an IoT item, is a device that has a WiFi- or network-enabled computer in it to make the consumer’s use of it easier. This includes things like WiFi-enabled/networked washing and drying machines, ovens, fridges, mini-fridges, coffee makers, lamps, embedded lights, etc. anything can be an IoT item, if it’s got WiFi capability.

Network Entry Point

Internet of Things items, when connected to WiFi, represent a weak link in the chain. They’re poorly protected, they’re designed to favor user friendliness over all else, and they’re usually always on. You likely don’t unplug your fridge or washing machine when you go to bed – that computer may sleep, but it’s not off. You probably don’t disconnect the internet when you go to bed, either. Some devices take advantage of this, and only schedule updates for late at night so you don’t notice any service interruptions. Unfortunately, their strengths are their weaknesses, and an always-open port is a dream for hackers.

Outdated Password Policies

Internet of Things items are rarely password protected, and if they are, many users don’t bother actually changing the password from the factory default. This makes them excellent places to start probing for weaknesses in the network!

Assuming someone’s hacking into a place to ding it with ransomware, there are a number of worthy targets: corporate offices, nuclear facilities, hospitals, etc. are all staffed by people, and people like their coffee. A well-meaning coworker bringing in an internet-enabled coffee machine for his coworkers is suddenly the source of a critical network vulnerability, an open port in an otherwise well-defended network!

If the coffee machine, or vending machine, or the lights are IoT items, they need to be air-gapped from the networks supplying critical data within the center (or cut off from the network completely), the same way outside computers are. The devices are simply unable to protect themselves in the same way a PC or phone is – there’s no way to download a suitable antivirus. If something gets past a firewall, and that password’s still default or nonexistent, there’s effectively no second layer of protection for IoT devices.

Malware

For example, hacking into a fridge is not nearly as hard as hacking into an old PC. Even great antivirus can struggle with traffic coming from inside the network, and IoT devices are often missed in security checkups. After all, when McAfee or Norton or Kaspersky recommends you scan your computer, are they offering to scan your lightbulbs as well?

Once they’re in, the entire network is vulnerable. Ransomware events with no obvious cause, malware that’s suddenly deleted all the files on a server, stolen data and stolen WiFi – all of it’s possible with IoT devices. There’s more to gain than just bots for the botnet, which is why hackers keep going after these IoT items.

IoT devices are also much easier to overwhelm to gain access, even with firewalls and effective load balancing. DoSing an IoT item can be as simple as scanning it. No, really. A team in the UK found that they could shut down turbines in a wind farm by scanning them. The computers inside weren’t equipped to handle both a network scan and their other computing duties at the same time. Many user devices are in the same spot or worse!

Security

Besides turbines, items like cameras and door locks probably shouldn’t be connected to the internet just yet. A terrifying string of hacks let strangers view doorbell and baby monitoring cameras, for example, because the cameras themselves were difficult to defend even though the network was protected by a router. This is terrible for obvious reasons and class action suits were filed soon after. It even happened accidentally; Nest users would occasionally end up viewing other people’s cameras accidentally, a bug in the system that was only fixed after complaints were made. A consistent pattern is forming, here: security patches are only issued after vulnerabilities are discovered by the consumer! Any other type of programming wouldn’t get away with this without some public outcry – you shouldn’t have to become a victim of a security flaw to get it fixed.

And then there’s things that physically interact with the security features of a house, like electronic locks. There’s nothing wrong in theory with a password lock. However, electronics are not inherently more secure than physical locks, and adding in WiFi only gives lockpickers another ‘in’. Hacking the lock could lead to being locked out of your own home, or worse. Besides, a regular lock will never unlock itself because its battery died, or because you sat down on the fob while getting on your bike or into your car. If you do want a password lock, it’s better to get one that’s not network enabled.

We aren’t quite at the point where hacked self-driving cars are a legitimate issue, although the danger is growing on the horizon. Cars are also poorly protected, computer wise.

BotNets

The fridge doesn’t need a quadcore processor and 8 GB of RAM to tell you that it’s at the wrong temperature, or that the door’s been left open and you should check the milk. The voice-controlled lightbulbs only need enough power to cycle through colors. IoT items are weak. However, that doesn’t mean they can’t be used for things like Botnets, even if your main PC wards off botnet software.

Botnets are networks of illegitimately linked computers used to do things like DDoSing, brute-forcing passwords, and all other kinds of shenanigans that a single computer can’t do alone. By combining the computing ability of literally thousands of devices, a hacker can turn a fridge into part of a supercomputer. No one ant can sustain an attack on another colony, but an entire swarm of ants can!

This is another reason tech experts are worried about IoT items becoming widely used. Their basic vulnerabilities give skilled hackers the ability to ding well-protected sites and fish for passwords even if the network they’re targeting doesn’t have any IoT items on them. It’s a network of weaponizable computers just waiting to be exploited. Remember, password protect your devices!

Source:

https://eandt.theiet.org/content/articles/2019/06/how-to-hack-an-iot-device/

How to Protect Your IoT Product from Hackers

https://cisomag.eccouncil.org/10-iot-security-incidents-that-make-you-feel-less-secure/

https://www.courtlistener.com/docket/16630199/1/orange-v-ring-llc/

What Is Short-Circuiting?

Elizabeth Technology December 5, 2023

What’s a Short Circuit?

A short circuit is when something comes into contact with an electric current, and unintentionally gives it a shorter path. For example, sticking a fork into an active toaster will result in the fork redirecting the electricity through the fork, because it’s an easier path. Fun fact: the reason the coils inside the toaster get hot is because the path the electricity travels through has a lot of resistance. The fork is a much shorter path, but the other end is usually connected to a human body – which doesn’t handle electricity running through it very well. Old fashioned Incandescent lightbulbs work in the same way, but they’re juiced up so much that they produce both heat and light.

So why does this break things inside the computer? Well, not everything in the computer is meant to run off of 120V of pure outlet-supplied house power. If that flow of electricity comes into contact with a piece of hardware not made to handle it, the hardware fails, sometimes irreparably.

Static shock on the very delicate parts can short circuit them too. Be sure you’re grounded and charge-free before touching the computer’s insides!

What’s a Hardware Failure?

The difference between hardware and software is the difference between the machine and the things it does, basically. The CD tray is hardware, but the disk it’s holding contains software. A video game is software, the controller you use to interact with it is hardware! Music files on your computer? Software. Speakers to listen to it? Hardware! Hardware failure can be anything from the Wi-Fi receiver getting bent out of shape, to the CD tray getting stuck, or pins/solder coming loose inside the machine, and while software failure can be caused by hardware trouble, it can also happen spontaneously. If the computer blue screens? That’s a software failure. If the fan starts to sound like it’s hitting something repeatedly? Hardware!

The really fun issues are the ones that could be both: is your screen showing funny colors because a cord is pinched, or because something important in the software for the display was deleted?

What’s a Kernel Failure?

A kernel failure is when things happen to confuse the kernel, the essential bit of software that keeps programs from trying to pull the same file all at once. If you’ve ever worked with Microsoft Word, you might’ve experienced trying (and being unable) to move a file in the file selector while the document is still open. The kernel doesn’t control that, but it’s a similar principle. The file selector won’t move the doc as long as it’s open because you’re also using it – more specifically, Word is using it and can’t share. You have to close the document to let the file selector ‘use’ it to move it.

The kernel operates on similar principles: when one thing is using essential software, the kernel keeps other things from using that software until the first program is done with it. It keeps a schedule of what programs get to use which assets and when. While that might make it sound like it’s a software thing, both hardware and software can cause kernel panics. Incompatible driver extensions and incompatible or corrupted RAM are two of the most common causes.

What’s a Blue Screen Error, and What’s a Crash?

If you’ve ever owned or worked long-term on a Windows computer, you might have seen this one before :The Blue Screen of Death. A blue-screen happens when an illegal operation confuses the computer and causes it to shut down. For example, if a program’s permissions are read only, but another program tries to write on it, the computer may bluescreen and restart. If a program tries to use a piece of software reserved only for the operating system, the computer blue-screens and restarts.  Permissions violations, and illegal operations both cause blue-screening, but hardware failure is sometimes a cause too.

A crash is a pretty broad term. Anything that brings the computer to a stop can be a crash. Overloading it? Crash. Blue screen? Considered a crash. It shuts off randomly, and the tech can’t tell what caused it? Crash!

Sources: http://thexlab.com/faqs/kernelpanics.html

What is a short circuit?

https://www.explainthatstuff.com/electrictoasters.html

https://support.microsoft.com/en-us/sbs/windows/troubleshoot-blue-screen-errors-5c62726c-6489-52da-a372-3f73142c14ad?ui=en-US&rs=en-US&ad=US

(original page no longer available – web archiving service is fundraising as of December 2020, you have been warned) https://web.archive.org/web/20030823202532/http://support.microsoft.com/?kbid=150314

Computer Power States: How is Rebooting Different From Sleep Mode?

Elizabeth Technology October 3, 2023

Closing Your Laptop/Desktop Sleep Mode

You may want to put your device into sleep mode when you need to save your battery life, when you need to move it, or when you need to step away from your desk for a period of time. Sleep mode doesn’t turn your computer or laptop off, it just conserves power. Open programs are paused, and the screen is turned off.   

Some devices will turn off if left in sleep mode for an extended period of time, so you shouldn’t leave any work on your computer unsaved while the screen is closed or off. Your computer may go into sleep mode if it is left idle.

Rebooting

Rebooting shuts down your computer, and then immediately restarts it. This will often solve issues with programs that have gotten stuck, are crashing, or are otherwise struggling – when the computer is turned off, they are forced to start fresh. This goes for any other programs open on the computer as well, so be sure to save your work before you restart!

Shutting Down, and Then Restarting

This is the same as a reboot, but you decide how long to leave it off. Sometimes, programs will prevent the computer from shutting off all the way during a reboot (or they will keep doing the last thing they were doing before a reboot, if the computer’s RAM is not completely wiped), so by waiting 30 seconds to make sure it really is turned off and all the components have powered down, you force those programs to restart too.

Assigning Macros

Elizabeth Technology April 25, 2023

If you’re getting sick of having to, say, embolden and italicize words in your program over and over, have no fear – you can reduce the number of steps you have to take to do that (and many other tasks) using macros!

How To Make a Macro

The process is simple! To add a macro to a button on your mouse for use across the computer, follow these steps as listed by Microsoft (this document has pictures): https://support.microsoft.com/en-us/topic/how-do-i-create-macros-bd0f29dc-5b89-3616-c3bf-ddeeb04da2fb

To do so in Word, here: https://support.microsoft.com/en-us/office/create-or-run-a-macro-c6b99036-905c-49a6-818a-dfb98b7c3c9c

And Excel, here: https://support.microsoft.com/en-us/office/quick-start-create-a-macro-741130ca-080d-49f5-9471-1e5fb3d581a8

As with anything you do that could change the functionality of a button or mouse click, be very careful when assigning buttons certain actions! You don’t want to remove your ability to do something important (like right-clicking) by adding a macro that closes Word every time you try to paste something without using the keyboard.

Macros as a Malicious Entity

Programs like Word and Excel can come with macros designed to run as soon as the program is opened, and not every macro is harmless. Some do things like making hundreds of new documents, some can corrupt your drive, and most of them try to take over the other documents on the computer when they’re opened. This is why recent editions of Microsoft Office products warn you that you shouldn’t open a document outside of Safe Mode unless you trust it’s source. An ordinary-looking .XLSM document can completely brick your hard drive if it comes with the macros to do it!

This is also why you should always verify the sender of an attachment before you open an attachment, even a .pdf. Malicious attachments using macros can be used to steal the contents of the target’s email address book and send those addresses malicious emails too, continuing the cycle and spreading the document until it gets somewhere with valuable information. An early version of this, a macro called “Melissa”, would bait users into opening the document in Word, and then hi-jack their Outlook to send it’s bait email to the first fifty contacts in the victim’s address book as the victim (read more here at the FBI site: https://www.fbi.gov/news/stories/melissa-virus-20th-anniversary-032519). Melissa itself may be obsolete, but the technique sure isn’t.

Worse, because the macro is coming from an application, it’s already compatible with anything that’s using that application. Mac is not spared this time. A malicious macro can open hundreds of garbage word docs on a Mac too!

How to Bind Keys For Everyday Use

Elizabeth Technology April 18, 2023

Firstly, check out what bindings your operating system of choice already has built in to the program!

Here’s Microsoft’s list of pre-existing keyboard shortcuts: https://support.microsoft.com/en-us/topic/dcc61a57-8ff0-cffe-9796-cb9706c75eec

And here’s Apple’s: https://support.apple.com/en-us/HT201236

Microsoft

To start, let’s look at Microsoft’s limitations. Every shortcut must start with the CTRL key. The second key must always be either ALT or SHIFT. The third key can be almost whatever you want on the keyboard (any letter, number, or punctuation mark, just not special characters) but there can only be three keys. Additionally, the shortcuts you make are going to override the originals, so it’s important to read the list above and consider which ones you’re okay with potentially overriding.

According to the Perkins School for the Blind, one of the easiest ways to set up custom bindings to open specific programs within windows is to:

1) pin the program to the task bar,

2) right click it,

3) right click it’s name in the menu that pops up in step two (may take a second)

4) left click “properties”

5) click the box that says “Shortcut Key”

6) type in the desired shortcut combination by pressing the keys

7) click ‘OK’.

After this, you can remove the program from your taskbar if you don’t want it there. The key combination should then open your desired file! Take note, though – if you used the same key binding as something already bound, it will overwrite whichever one came first.

You should also write down what you made so you don’t lose track.

Apple (Mac)

Apple’s weaknesses are different! When you create a shortcut using a binding that is already used elsewhere, the binding you make won’t work, and the system keeps it’s defaults. However, like Microsoft, you can only use a key once in a particular shortcut.

To make your shortcut on a Mac:

1) Open Settings, then tap Accessibility.

2) Tap Keyboards.

3) Tap Full Keyboard Access and turn it on.

4) Tap Commands.

5) Tap a command, then press a custom key combination to assign to it.

6) Tap Done.

You can also create keyboard shortcuts for many specific commands within apps!

1) Choose the Apple menu, go to “System Settings”, click “Keyboard” (you may have to scroll to see it), then click “Keyboard Shortcuts” on the right.

2) Pick “App Shortcuts” on the left, click the Add Button (may look like a plus sign),

3) Click the Application pop-up menu, then choose either a specific app or “All Applications”.

“All Applications” will let you set a shortcut for a menu command that appears in many apps, while picking the specific app will only set a shortcut for that app. If the app doesn’t appear in the list, hit “Other”, and find it in the box that opens there.

4) In the menu title field, type the menu command for which you want to set a shortcut, exactly as it appears in the app – including the “>” character (use ->), any ellipses, or punctuation.

5) Click into the Keyboard Shortcut field, press the buttons you want to use for the shortcut, and then click ‘done’.

Basic Adobe Acrobat Reader Instructions

Elizabeth Technology April 4, 2023

Adobe Reader is a free program offered by Adobe, that allows users to read PDFs. However, it cannot edit them, at least not for free!

Adobe Acrobat DC

Adobe Acrobat is a paid-subscription product that allows users to read and edit PDFs.

How Do You Set One As Your Default Program?

For Windows Users (10 and 11):

Right-click the PDF, choose ‘Open With’, click ‘Choose Default Program’, and then select your preferred PDF program from the list it provides. (If you have both Adobe Acrobat Reader DC and Adobe Acrobat DC, you should generally select Adobe Acrobat DC – it has more features!) If you want it to always use the program you’ve picked, select the checkbox at the bottom that says “Always use this app to open .pdf files” at the bottom, and hit ‘Okay’.

 For Apple Users:

Click the PDF file’s icon in the finder to select it. Go to ‘File’ in the top left, and select ‘Get Info’. Click the triangle next to ‘Open With’ to open the dropdown menu of programs, and select your desired program from the list (if it’s not there, it may be available under the option for ‘Other’). Click ‘Change All’.

Social Engineering as a Hacking Tool

Elizabeth Technology January 17, 2023

You may have heard by now that LastPass suffered a pretty big breach, although thankfully no user passwords were outright compromised (you should still enable 2FA on anything LastPass touched though – the URLs of the websites were lost in the breach so hackers could attempt to brute-force into an account they know you’ve visited).

The attack in question wasn’t a hack in the traditional sense, but a social engineering attack. The hacker(s) created a fake account in order to fool a developer into sharing credentials, at which point they stole data from the development environment to use later in a large-scale attack.

Change your passwords and enable 2FA wherever you can – if you’ve been using LastPass’s recommended 8 character long passwords, or anything that’s not truly random, you should upgrade your password to a longer one. 8-character passwords are no longer an impenetrable wall like they used to be, so longer, more random passwords or even passphrases that are multiple words long are better!

Remember: don’t listen to accounts claiming to be people you know if you don’t recognize the email address, and always check the address carefully for spelling mistakes. It does not matter if they know your name or if their email tag says ‘mom’ – both of these things are easy to make happen. Social engineering attacks include phishing attacks, so following the protocols for phishing can help avoid social engineering breaches as well. If someone calls you and demands you take immediate action, either by threatening or promising a gift that will disappear if you don’t respond ASAP, remember to pause a minute to really think about what they’re asking for, and verify thoroughly.

Similarly, if your work uses badges to control who enters the building, you shouldn’t hold the door open for people you don’t recognize as coworkers – this is known as ‘piggybacking’ and it takes advantage of the fact that most people want to be polite and will hold the door.

This is far from a comprehensive list, so always keep your eyes peeled – identity theft and social engineering can come from any direction!

Microsoft ‘Buddy Programs’

Elizabeth Technology January 12, 2023

Outlook vs. Exchange

Microsoft Exchange handles your emails. Rather, it handles them behind-the-scenes: you generally don’t have to get into Exchange to get your emails, just Outlook. Outlook is your mail client, the thing you use to send mail and look at the mail you’ve received, while Exchange is your mail server, which manages the resources needed to get the mail to you in the first place.

Since it’s a business feature and not a consumer one, the odds are you won’t be interacting with it very often (we do because we administrate business mail accounts!). Exchange also handles things like sharing or un-sharing mailboxes, as well as backing up your emails.

OneDrive vs. SharePoint

SharePoint is like Exchange, but for OneDrive, Teams, and a handful of other products! One large difference though is that SharePoint is designed to be a usable library as well as an archive. SharePoint allows you to design ‘sites’, (which are more like collections of files instead of websites) that can store and share files in the same way Google’s suite of services does, meaning team members who have access can modify the host file in real time. That way, you don’t have to merge files! If you’re worried about someone getting access to files they shouldn’t, SharePoint allows you to add and remove people on an individual basis. Additionally, most Microsoft products keep a log of changes made, although it doesn’t go back forever.  

Where OneDrive only backs up files for one person, and those files aren’t available unless shared, SharePoint handles the backing up and the sharing at the same time.  

More Antivirus is Not Always Better!

Elizabeth Technology August 9, 2022

Built-In Antivirus

Microsoft Windows has come with it’s own antivirus for quite some time. Windows 10 and 11, for example, came with Windows Defender built in and on automatically unless another antivirus was installed, at which point it would automatically switch off. Windows Defender by itself is plenty of defense for the kind of run-of-the-mill threats you’d run across browsing unsecured websites or trying to download games from websites other than big, trusted ones like Steam (given you’re listening to it when it suggests you double-check the source and double-check that you meant to download a .exe file) but some people would rather have this protection from a paid-for antivirus like Kaspersky or McAfee. The fact that those programs cost money doesn’t necessarily mean they’re better, but it can be a peace of mind thing – complaining about something that cost money means that some penalty can be extracted if the user isn’t satisfied, even a penalty as small as a partial refund.

This Computer’s Not Big Enough for the Two of Us

Windows Antivirus is unique for automatically stepping down when another program steps up. Many others don’t!

Antiviruses do not get better the more that you have. They interact in ways that step on each other’s toes and lead to false alarms. As an example: say a computer has both Norton antivirus and McAfee antivirus installed. McAfee will try to scan the computer for new threats upon startup, but will be interrupted by Norton, who interprets the file-checking as potentially hazardous behavior. Norton isn’t wrong, because ransomware will often sweep through files in some way or another, but it doesn’t recognize McAfee, and almost no other program has a reason to do that anti-viral scanning. Thus, Norton then tries to report McAfee to you! Some antiviruses have safety rails that literally will not let you whitelist (whitelisting refers to telling a program that a file or action is okay, or ‘whitelisted’) certain executable programs, so you get stuck in this horrid, unbreakable loop of antivirus fingerpointing every time you boot up your computer.

These interactions actually make your computer less safe – if both antiviruses have deadlocked themselves out of scanning because the other one says it’s a virus, your computer is not being scanned. That’s bad! Scanning is not completely foolproof, and a regular residential antivirus won’t necessarily be able to catch or handle something industrial grade, but it catches plenty of small things like trojans before they become serious problems that can cripple your computer.

Your computer is much better off with just one brand of antivirus on it at a time. Instead of more, buy better. And if you’re unsatisfied with one brand’s performance, completely uninstall it before you install the program you replace it with. Not only does that prevent them from interacting in a negative way, it also prevents the previous program from hassling you to renew it with pop-ups (McAfee is infamous for this). Either way, it’s going to save you some annoyances!

And in Other Realms

The antivirus problem is a pretty unique one because most programs don’t interact with every file on your computer in the way that they do. Two art programs are not going to start fighting over which one you should use, for instance. However, some other cases can be pretty similar. Like VPNs! Having more VPNs is going to slow down your computer without much additional benefit. The way a VPN works is that it takes your request, encrypts it, sends it to a server, unencrypts it, completes the request, encrypts it again, and then sends it back to you. This keeps your ISP from seeing this request, but it doesn’t necessarily anonymize the data – after all, the VPN’s server has to unencrypt the data to actually complete the request, so the VPN knows what the data is, and it knows where the request is coming from in the first place. The VPN has the same visibility the ISP initially had. Adding more VPNs to your computer will not solve this problem, it will just move it down the chain, and add extra time to each request you make in the meantime as it bounces around VPN servers.

If you only need to protect your data from the coffee shop’s open Wifi or want to watch Netflix Canada, the kind of VPNs you see advertised on Youtube will be able to do the job – the data won’t be strictly, unsubpoenably anonymous, but it will be encrypted and rerouted well enough to make those two things happen. If you’re trying to search for things that nobody can know about, you’d be better off downloading TOR (which stands for The Onion Router), a popular VPN with an excellent reputation for encryption and security. Using TOR to do illegal things is illegal, of course, but the act of downloading it and using it by itself is not.

‹  Older posts