Firefox Will End Support For XP, and Vista Users In 2018

<img class=”alignleft size-full wp-image-6998″ src=”https://www.securepc-wi.com/wp-content/uploads/2018/07/Firefox.jpg” alt=”” width=”300″ height=”225″ />Microsoft stopped supporting Windows XP and Vista quite some time ago., Butbut so far, Firefox has been hanging tough, continuing to provide updates to their browser’s users on both platforms, doing at least something to extend their useful life a bit longer.

That’s soon coming to an endgoing to change soon. Mozilla recently announced that as of June 2018, their support for both XP and Vista would be coming to an end.

Originally, Mozilla planned to discontinue support to both XP and Vista in December 2016. That date came and went, and the company announced that they’d provide a revised date for ending their support no later than September 2017. They’ve now settled on a final date, and odds are that the two platforms won’t get another extension beyond this.

If you’re still using either XP or Vista, it’s well past time to migrate or upgrade. Unfortunately, tens of millions of users around the world are still clinging to these systems, because the legacy software running on them simply isn’t compatible with more modern operating systems.

The danger, though, is that sans security patches, these systems are growing increasingly vulnerable to hacking attacks as time passes. New security flaws and exploits are being discovered all the time, and they’re not getting patched, making these old systems little more than ticking time bombs on your company’s network.

All that to say, if you’re still struggling to upgrade your legacy systems so you can finally move away from Windows Vista and XP, it’s more important than ever. No matter how important those legacy systems are to your company, the hard truth is that the longer those old systems remain connected to your network, the more danger your company is in. It’s not a question of if a hacker will exploit that system, it’s a matter of when.

The clock is ticking.

Google Has Announced Earbuds That Translate Language In Real Time

Google Labs has produced some amazing ideas. Some of them have found their way to the market, and many others have not. The one thing they have in common, though, is that they’re all intriguing and exciting.

That’s especially true of Google’s latest offering, Google Pixel Buds.

If you’ve ever read “The Hitchhiker’s Guide To The Galaxy,” then you know the term “Bable Fish.” If you grew up watching Star Trek, then you know all about the Universal Translator. Well, Google has built the version 1.0 of that very device.

The new earbuds are able to translate forty different languages in something close to real time. Close enough, in any case, to be useful in day to day conversation.

Obviously there are some glitches and limitations at this point, just as there were in the first smartphones and computers, but the fact that this new technology exists at all, in any form, is nothing short of amazing.

The potential applications are limitless, and the number will only grow as the technology matures. We can see the possibility of seamless global communications that cut across language barriers. It boggles the mind.

If you do business with vendors all over the globe, imagine how much simpler this is going to make your life. As mentioned, it’s a given that early adopters will face certain limitations and no doubt chafe under the shortcomings of the early versions of the device, but that’s been true of just about every invention we’ve ever seen enter the marketplace.

Consider speech-to-text technology, for example. The early versions were quite buggy and you could count yourself lucky if they successfully interpreted 40 percent of your words, translating them into text. These days, that percentage is closer to 98.

The best way to help this new product succeed is to jump in and start using it, bugs, flaws, shortcomings and all. Kudos to Google Labs!

MAC Computers Are Still Suffering From EFI Hack

One of the first, best pieces of advice computer owners get is to always keep their operating system up to date. It’s sound advice, because OS manufacturers generally do a good job of responding to new attack vectors and releasing security patches designed to make sure that hackers don’t have an easy time breaking into your system.

Mac users, though, face a slightly different problem. It’s one that can’t be solved by something as simple as keeping their OS current.

The issue lies with EFI, which stands for Extensible Firmware Interface. This technology was designed by Intel, not Apple, and it is the bit of code that runs before the Apple OS boots up and takes over. Unfortunately, any code, firmware included, can contain flaws and security vulnerabilities, and in the case of EFI, hackers have found a way in that bypasses Apple’s normally robust security measures.

By injecting malicious code prior to the OS taking the reins, hackers have been able to quietly infect a surprising number of Mac machines, and because the firmware isn’t part of the OS proper, none of Apple’s security updates touch it.

It’s certainly possible for the company to push firmware updates, but these are handled differently than OS security patches, and as such, not all users get them. Even if they get a notification, they may not install the update.

In fact, recent research by the security company “Duo Labs” analyzed more than 73,000 Macs and found that 4.2 percent of them were running firmware versions with known vulnerabilities.

This is a problem badly in need of a robust solution. Users have been conditioned to install OS security updates, but rarely think about the firmware that controls the initial boot process, and as such, have a blind spot for the dangers that outdated firmware represents.

So far, Apple has shown surprisingly little interest in offering a more reliable firmware update solution, so if you use Mac computers in your home or office, for the time being at least, it falls to you to be sure that you’re updating not just the OS that drives your machine, but the firmware that your OS relies on.

Google Personal Data Requests Are On The Rise

Google’s latest Transparency Report is out, and the results have raised concerns with privacy advocates from around the world.

This time last year, Google received 44,943 requests relating to 76,713 user accounts from the governments around the world. This year’s figures have increased to 48,941 requests relating to 83,345 accounts. The company acceded to 65 percent of requests made.

The US government was, predictably, the biggest requestor, with the German, British and French governments also featured prominently.

Note that these figures specifically do not include FISA (Foreign Intelligence Surveillance Act) requests, as such requests are subject to a six-month reporting delay.

Of interest, a key component of FISA is set to expire at the end of 2017, and Google is working with Congress to try and pass a reform that will improve netizens’ privacy protections.

The core argument is that processing requests from foreign governments is too slow, and could be replaced by an update to the US Electronic Communications Privacy Act (ECPA). According to Richard Salgado, Google’s Director of Law Enforcement and Information Security:

“ECPA should also be updated to enable countries that commit to baseline privacy, due process, and human rights principles to make direct requests to US providers.

Providing a pathway for such countries to obtain electronic evidence directly from service providers in other jurisdictions will remove incentives for the unilateral, extraterritorial assertion of a country’s laws, data localization proposals, aggressive expansion of government access authorities and dangerous investigative techniques. These measures ultimately weaken privacy, due process, and human rights standards.”

It’s too soon to say whether Google’s efforts will bear fruit, but if they do, it would be a big step in the right direction, and an unqualified win for privacy watchdog groups everywhere.

Interestingly, Apple also released its annual Transparency Report, which revealed a six percent drop in government requests, compared to last year’s figures. At the same time, though, the number of FISA requests Apple received soared from 2750-2900 related to 2000-2249 accounts to 13,250-13,499 related to 9000-9249 accounts.

Regardless of what happens to FISA in congress later this year, the main takeaway is that governments around the world are making an increasing number of requests for personal data of our biggest tech companies, which is a disturbing trend that is sadly not unexpected.

Sonic Drive-In Latest Company With Credit Card Breach

<img class=”alignleft size-full wp-image-7004″ src=”https://www.securepc-wi.com/wp-content/uploads/2018/07/Sonic.jpg” alt=”” width=”300″ height=”225″ />Another week, another data breach, and this time, popular fast food chain Sonic found itself in the crosshairs.

The breach came to light when a Brian Krebs, a journalist for Infosec, spotted a large batch of credit card data for sale on an underground website.

IBM’s “X-Force” division confirmed Krebs’ findings, and later that same day, Sonic confirmed the report, offering all of its customers two years of free fraud and identity theft protection.

At this point, the company has released no details on how many of their 3600 locations were impacted, or how many customers might have been affected. However, Krebs noted that the cache he saw contained some five million records, which at least gives us some indication as to the scope and scale of the attack.

Given the relative lack of information about the incident so far, the best thing you can do if you frequent any Sonic location is to monitor your credit and debit card statements closely and take advantage of the free credit monitoring service offered.

It’s no great surprise why hackers are so interested in credit card data. Each record sells for between $25 and $50, so that cache of five million records represents a significant payday.

The fear, as pointed out by numerous security experts of late, is that given how easy it has been for hackers to breach company POS systems, the hackers will up the ante and begin introducing ransomware to the payloads they install on these systems.

Without a functioning POS system, business grinds to a complete halt, so the thinking is that most businesses facing this kind of attack would pay the ransom immediately, making the hackers’ payday even sweeter.

While this type of attack hasn’t been seen yet, most experts agree that it’s just a matter of time, making it one more thing to worry about. This is all the more reason to make sure your own POS terminals are as secure as you can possibly make them. You definitely don’t want to be next!

Literally Every Yahoo Email User Was Hacked In 2013 Breach

Late last year, Yahoo announced that it was the victim of the largest data breach in history. It impacted, by their initial estimates, fully one third of their user base, some one billion users.

As it turns out, Yahoo’s estimates were wildly inaccurate. Literally every person who had a Yahoo account in 2013 was impacted, making the total in the neighborhood of three billion accounts (yes, that’s billion, with a “B”).

If you’re a Yahoo user, and have had your account since 2013 or before, then your account was impacted, regardless of if you received a notification from the company.

You may be tempted to simply delete your account, especially if it’s one you no longer use on a regular basis, but don’t. Yahoo’s policy is to recycle defunct accounts after thirty days, meaning your account can be hijacked by anyone if you delete it.

The best bet is to change your password immediately and enable two-factor authentication to provide an added layer of protection.

Also, if you’re in the habit of using the same password across multiple websites, be sure to change any that share your Yahoo.com account’s password. One of the first things a hacker will try is to use compromised credentials on other accounts. If you don’t take immediate action, you’re essentially handing the hackers the keys to your digital kingdom and opening yourself up to identity theft, compromised bank accounts and credit cards and more.

In fact, this would be a great time to simply get out of the habit of using the same password across multiple web properties. It’s a bad habit, and if it’s one you’ve developed, then it’s time to make a change. True, it’s not as convenient, and having to remember multiple passwords can sometimes be annoying, but isn’t your digital security worth it?

Hackers May Have Accessed Corporate Document Filings At The SEC

The hackers of the world have been busy recently, but this latest report from the SEC shows that not only has the number of their attacks been increasing, but also that the level of sophistication continues to grow by leaps and bounds as well.

Specifically, the SEC reported that hackers may have gained access to their “EDGAR” (Electronic Data Gathering, Analysis, and Retrieval) system. This is a database that handles and lists corporate filings and disclosures, and the hackers may have used the data they mined from that system to illegally profit from stock market trades.

Essentially, they pried open the database and got a sneak peek at sensitive corporate filings before they were made available to the public. Armed with that knowledge in advance, they knew exactly which companies were going to appreciate in value, and which companies were going to take a hit to their stock prices, which made it child’s play to make profitable trades.

It gets worse, though. The SEC is also looking into instances where phony filings records may have been injected into the database with the specific intention of creating a stock price appreciation or tumble for specific companies.

This, then, isn’t a typical attack at all, where hackers attempt to breach a system to get at customer lists or credit card information to resell on the dark web. This is much more refined and complex, and in addition to making unknown sums of money for its architects, it has the effect of undermining confidence in the entire economic system as a whole, which makes it doubly dangerous.

Of course, as part of the SEC’s official statement, they say that the issue has been identified and patched, and that they’re cooperating fully with law enforcement officials. Both of those are good things, but unfortunately, they will do little to restore consumer confidence any time soon.

The lesson, of course, is this: no one is immune, and your company could be next.

Microsoft Edge Browser Coming To Android And IOS

Since ditching its beleaguered Internet Explorer browser, Microsoft’s latest offering, Edge, which is bundled with Windows 10, has been struggling to gain a foothold in the market.

Yes, it comes preloaded on Windows 10 machines, and that fact alone has prompted significant use. However, the browser has its share of weaknesses and limitations, one of the largest being that it has, until now, completely lacked a cross-platform, multiple device experience.

That has changed. Users can now install the Edge browser on iOS and Android devices, which makes it easier to surf the web seamlessly across multiple devices.

It should be noted, however, that “smartphone Edge” is Microsoft Edge in name only. The variants created for iOS and Android devices have little in common with Microsoft Edge for the PC, other than the name, and a similar look and feel.

In the case of the iOS version, this is because Apple doesn’t allow the development of third-party browsers, so iOS Edge is essentially the Safari browser, wrapped in a different skin.

Google’s Android platform doesn’t have rules quite as restrictive, and as such, Edge for the Android platform is built around Chromium, which is an open source Chrome variant.

Even with these limitations, though, the multi-platform, multi-device Edge does get the job done, allowing for basic tab syncing across devices.

This development, while encouraging, is likely to do little to change the equation much. Most users are pretty happy with whatever browser they’re currently using, and unless there’s a truly compelling reason to switch, they simply won’t.

This development, while certainly a nice addition, is not something most people are likely to find compelling enough to switch browsers for. However, it may have some impact at the Enterprise level, if and where there are applications and web portals that have been optimized for use with Edge. If your company has one of these, then this is welcomed news indeed.

Did Equifax Send Concerned Users To A Phishing Site?

By now, you’ve probably heard that Equifax recently suffered a massive data breach which left them with a considerable amount of egg on their faces.

The investigation into that matter is ongoing, and the company issued a video-based mea culpa to its customers, but unfortunately, the situation for the company just got worse. Here’s the basic timeline of events and where things stand so far:

• The first successful breach against Equifax occurred between May 2017 and July 29, when the intrusion was discovered.
• The secondary breach was just discovered this month, but actually occurred in March of 2017, before the main breach. The company maintains that the earlier attack had nothing to do with the most recent one, although a variety of anonymous sources claim that this is not the case.
• In both cases, Equifax retained the services of security company Mandiant to assist them with the investigation into the breaches
• As part of the company’s formal response to the breaches, they set up a website, “equifaxsecurity2017.com” which was designed as a portal that Equifax customers could use to see if they’ve been impacted by either breach.
• Unfortunately, the company recently sent out a tweet to its customers directing them to “securityequifax2017.com” which is a phishing site, almost certainly set up by the same hackers that attacked the company in the first place.

Equifax representatives quickly caught the mistake and deleted the tweet, but of course, the damage had already been done. As of today, Google Chrome now flags the phishing site as deceptive, but it is likely that at least some of Equifax’s customers clicked the link embedded in their tweet and found themselves on a bogus site.

The attack on Equifax, even considering the impact of the errant tweet, certainly wasn’t the largest hack we’ve seen in 2017 in terms of scope and scale. But it, taken together with the recent hack of the SEC’s EDGAR system, has done tremendous damage to the confidence in our economic system as a whole. Damage is done far beyond the physical size of the attacks and the total number of records impacted.

It’s too soon to say whether this represents a trend, with hackers pursuing some type of agenda-based strategy in preference for simple theft, but recent events could very well be interpreted in that way. Time will tell.

In any case, the answer to the question asked in the headline is yes. For a brief time, Equifax did indeed direct its users via Twitter, to a bogus site.

The IRS Awards Security Contract To Equifax Even After Hack

<img class=”alignleft size-full wp-image-7010″ src=”https://www.securepc-wi.com/wp-content/uploads/2018/07/TheXIRS.jpg” alt=”” width=”300″ height=”225″ />You’ve probably heard about Equifax’s recent troubles. More than 145 million consumer data files were exposed, including names, addresses, social security numbers and more.

The problem was viewed as so serious that Equifax’s CEO stepped down and congressional hearings were launched, but then, a funny thing happened. Equifax got awarded a no-bid government contract worth millions ($7.25 million, to be exact) to help the IRS verify taxpayer identities in order to prevent fraud.

One might wonder how this happened, especially since the company recently got raked over the coals for profiting from the very hack they tried to prevent. During the congressional hearing on the matter, Senator Elizabeth Warren pointed out that Equifax stood to make millions by selling credit monitoring services to the very customers whose data they were supposed to be protecting, so it’s a fair question.

The answer lies in the fact that the IRS regards this service as being critical, and one that cannot stand interruption of any kind. Based on their research, they have concluded that Equifax is the only company capable of providing it.

That conclusion seems strange, given that there are, in fact, two other similar credit reporting agencies, but in any case, the contract was awarded to Equifax in spite of their recent troubles.

The move is understandably raising eyebrows in various sectors, with government watchdog groups and privacy advocates both crying foul.

Unfortunately, in the immediacy, there’s little to be done. This is a case where the wheels of government just don’t turn quickly enough to keep pace with current events. Until another company can be approved to get the job done, Equifax is the only game in town, as far as the government is concerned. Needless to say, this is not exactly what one would call confidence-inspiring.