Branding | SecurePC LLC - Computer Repair, Maintenance and Security

Latest IPhone Update Syncs Messages Across All Devices

If you use Apple products, you may have noticed an annoying “feature”. If you’re using the messaging app on your phone and texting someone and then you move to your Mac and access the same program there, the conversation you were having on your phone isn’t present. The two devices are messaging islands that can’t reliably communicate with each other. Since they can’t, you can’t start a conversation on one device and then pick it up later on another.

True, Apple fans have found workarounds for the issue, but these are far less than perfect.

There’s good news, though. As of the latest iPhone update, your phone will now synchronize your messages across all Apple devices you own.

It’s a small thing, but you’d be amazed at how often it matters. Back in the “good ol’ days” most people just had one computer they used for everything. We no longer live in that world. Today, there are more active smartphones than there are people living on the planet, and the smartphone is just one of the many computing devices we use.

The advent of cloud-based technologies made accessing data across multiple devices possible, allowing you to work seamlessly on the same project with whatever device you have in hand at the moment. However, some things (like messaging) have been impossible, or at least highly inconvenient to access across multiple devices. That is, until now.

Granted, this improvement won’t change the world, but it will serve to make your world more seamless, convenient, and efficient. That makes it worth talking about.

In a lot of ways, the upgrade is like tabbed browsing. Until you start using it, you cannot fully appreciate just how awesome it is. By the time you realize how great it is, you’re hooked and can’t imagine messaging any other way. Kudos to Apple for an excellent enhancement!

Panera Bread Customer Accounts Exposed To Threats

Panera Bread company is the latest to find itself in hot water. Recently, security researcher Dylan Houlihan discovered that the company had failed to encrypt (or otherwise protect) a file containing usernames, email addresses, physical addresses, phone numbers and loyalty account numbers for a staggering thirty-seven million of its customers.

The file was found stored as plain text, and accessible to anyone who bothered to go looking for it. The good news is that no one appears to have absconded with the data, so odds are that even if you’re a Panera customer, you’re not at risk. The bad news is that Panera’s handling of the incident to this point has been dreadful, to say the least.

First, the company was slow to even acknowledge that there was a problem, and when they did, they attempted to downplay the number of users the oversight impacted. Second (the truly disturbing part of the ongoing story), even when the company did acknowledge the scope and scale of the incident, they left the plain text file on the website. It was completely unsecured until the security professional (Houlihan) contacted them a second time.

To date, their most detailed response has been that the investigation into the matter is ongoing.

There’s a harsh lesson here for any business owner. This is a textbook example of how not to respond to an incident like this. There are so many different things Panera could have done to make this a non-issue. The first of which would have been to immediately take the file down or secure it. Next, to immediately notify all the customers on the list (just in case the file had been downloaded by hackers). Lastly, issue a detailed action plan that assured customers that the company was taking steps to make sure something like this would happen in the future. Sadly, exactly none of that has happened.

Microsoft Surpasses Google In Latest Valuation

<img class=”alignnone size-full wp-image-7941 alignleft” src=”https://www.securepc-wi.com/wp-content/uploads/2018/07/microsoft-stock-valuation-resized.jpg” alt=”” width=”300″ height=”225″ />Microsoft’s stock price is surging, putting the company’s total valuation at $753 billion. This makes it the third most valuable company on the planet, behind Amazon (782 billion), Apple ($923 billion) and leaving Google in fourth place, valued at $739 billion.

Google first overtook Microsoft in 2012, and since that time, the two companies have traded places repeatedly. So Microsoft’s current 3rd place position is expected to be relatively short-lived.

It’s worth noting, however, that since Satya Nadella took over for Steve Ballmer, Microsoft’s stock price has more than doubled, the company has moved decisively into some new areas, and has been dramatically refocused.

Some of those changes include:
<ul>
<li>A big emphasis on cloud-based technologies</li>
<li>A heavy emphasis on artificial intelligence</li>
<li>Big investments in quantum computing</li>
<li>Equally large investments in mixed-reality headsets</li>
<li>An emphasis on cross-platform technologies</li>
</ul>
Even more significantly, the company has veered away from two areas that had long been Microsoft staples. The company has abandoned efforts to develop a Windows-based smartphone, and has moved away from the strategy of putting Windows at the center of everything Microsoft.

Although Google is likely to regain its #3 market cap position in the near future, Microsoft has some important strategic advantages over both Google and Apple that will serve it well in the long run. The most significant of these is the fact that it has a much more diverse revenue stream.

Google gets some 90 percent of its income from advertising, and Apple gets some 60 percentof its income from the venerable iPhone. Microsoft, based on the most recent quarterly report, is generating 35 percent of its income from the Surface and its gaming division, another 30 percent from its cloud-based services, and a similar percentage from Office and the company’s various productivity tools.

T-Mobile Site Leaked Data On Millions Of Customers

<img class=”alignnone size-full wp-image-7947 alignleft” src=”https://www.securepc-wi.com/wp-content/uploads/2018/07/t-mobile-site-resized.jpg” alt=”” width=”300″ height=”225″ />ZDNet Researcher Ryan Stevenson recently found a big problem on T-Mobile’s website regarding an unprotected API. As a result of the flaw, untold millions of T-Mobile’s customers’ account information was left exposed and completely unprotected. Literally anyone who stumbled across the site and tried to abuse it could access a wide range of customer information with no password required.

This includes, but is not limited to:
<ul>
<li>Customer name</li>
<li>Phone number</li>
<li>Mailing Address</li>
<li>Account Number</li>
<li>The status of the account (current, past due, suspended, etc.)</li>
</ul>
In an unknown number of cases, tax IDs and PINs were also exposed.

T-Mobile has a bug bounty program and pays a bounty to anyone who discovers a flaw that impacts the company. Stevenson received a $1,000 reward for discovering the issue, and subsequent research revealed that the flaw had been present on the company’s website since October, 2017 or prior.

T-Mobile’s handling of the incident has been less than stellar so far. Although they have acknowledged the existence of the issue and have already moved to correct it, the company has issued no information relating to how many customer records were exposed.

There is no evidence that any of the exposed records were inappropriately accessed. Typically, when an incident like this occurs, the company in question provides details relating to the scope and scale of the incident, informs all potentially impacted customers and usually provides a year of free credit and identity monitoring. So far, none of that has occurred.

While it’s certainly possible that the company may take these steps in the future, we were both surprised and disappointed that they had not already done so, especially given the fact that this was essentially a self-inflicted wound. Here’s hoping that in the days ahead, they do something to earn back the lost trust.

FBI Advises Users To Reboot Their Routers

Cisco’s Talos Security Team has identified a new threat, and it’s a nasty one impacting more than half a million consumer-grade routers in the US. According to the Talos Team’s report, the new malware is impacting a broad cross-section of routers made by TP-Link, QNAP, Netgear, Mikrotik, and Linksys.

Known as “VPNFilter,” the malware currently infecting routers appears to be the first stage in a multi-phase attack, with the first segment allowing the hackers to collect a wide range of communications data and slave the device to launch attacks on others. The code also contains a kill command that allows the hackers to destroy the device at will.

As of now, the FBI has already taken swift action and has seized a domain used by the hackers as a means to deliver the later stages of the attack. They report that the primary and secondary means of further infection have been dismantled. They also report, however, that the hackers still have a fallback method of infection, which relies on sending “poisoned” data packets to each infected device.

Based on an evaluation of the code and the presence of redundant mechanisms for delivering the later stages of the infection, the code has been traced to a Russian hacking group with deep ties to the Russian government. The group is known by a variety of names, including Fancy Bear, Sofacy, APT 28, and Pawn Storm.

On the heels of seizing the domain, the FBI released a statement that includes:

“The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices. Owners are advised to consider disabling remote management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware.”

Microsoft Purchases GitHub – What Does This Mean For Open Source?

Microsoft just made a big, significant purchase that has raised more than a few eyebrows. They just acquired GitHub for a hefty $7.5 billion.

What makes the purchase interesting and potentially troublesome is that Microsoft is the world’s largest proprietary software company, and GitHub is the world’s largest open source hosting service.

The natural question on everyone’s mind then, is what does this mean for open source? Is it doomed? Is it soon to go the way of the dinosaur, or will Microsoft hold the reins of power loosely and let open source continue to flourish?

Those are fair questions, especially given that GitHub is used by more than 28 million developers around the world, and is home to more than 85 million code repositories. In addition to that, the company was built on Git, which is an open source version control software written by Linus Torvalds (the creator of Linux). Its founders have worked hard to develop innovative workflows that have made the hub easy to use and work with.

The fear is that Microsoft will start strangling those developments and insist that GitHub begin using proprietary Microsoft products. While it’s too early to say for certain, the early indications are encouraging. Microsoft has stated that GitHub will be allowed to retain its status as an “open platform” and its service will continue to be offered for free.

Having said that, there will be some changes, including the fact that Microsoft will be offering integration between its AppCenter mobile testing service and projects hosted on GitHub. This builds on previous collaborations between Microsoft and GitHub. Last year, GitHub announced that they would support Microsoft’s “Git Virtual File System,” which the company designed for enterprise-sized data repositories.

The skeptics are right to be skeptical, but so far, the early indications are positive. Note that it’s not a done deal just yet. The merger is subject to regulatory approval in both the US and the EU.

Intel Taking Additional Steps To Prevent Security Flaws

By now, you’ve almost certainly heard of “Spectre,” one of two recently discovered security flaws that impact every chip made by Intel in the last ten years.

The story of Spectre, and Intel’s response to it has been an interesting one. In response to the flaw’s discovery, Intel rushed a firmware patch, but quickly had to take it back and recommend that users not install it, because it created as many problems as it solved.

Intel has since released a better, more stable patch, but hasn’t stopped there. The company recently revealed that it is introducing various hardware protections against Spectre-like vulnerabilities that may be detected in the future.

According to Intel’s CEO, Brian Krzanich, “(We have) redesigned parts of the processor to introduce new levels of protection through partitioning. As we bring these new products to market, ensuring that they deliver the performance improvements people expect from us is critical. Our goal is to offer not only the best performance, but also the best secure performance.”

While that is welcome news for people planning to make purchases in the near future, owners of existing Intel-powered equipment will still have to have to rely on firmware updates for Spectre protection. This unfortunately comes with the tradeoff of a hit to CPU performance.

In tandem with that update, the company also announced that as of now, they have firmware updates available for all of its products launched within the last five years. This coupled with their recent partnership with Microsoft to help deliver Spectre updates to their legions of impacted customers should provide peace of mind, even with the expected hits to system performance.

Unfortunately, with new variants of Spectre and Meltdown being discovered on a regular basis, this is likely not the last we’ll hear about this issue.

Google Changing Name Of Android Wear Without Updates

Wearable computing devices from smart watches to glasses are struggling to find an audience, and Google’s Android Wear operating system hasn’t gotten much love in recent years. It has weakened as major players in the tech space have struggled to find a market for these products. On the face of it, these products would seem to be wildly popular, but still haven’t quite captured the imaginations of a critical mass of the consuming public.

Google’s recent announcement that it was rebranding Android Wear to “Wear OS,” is the most significant move we’ve seen in over a year. However, without significant updates, simply changing the name isn’t going to improve the OS’s visibility or viability.

The name change was driven by the fact that when the OS was first released, it appeared only on smart watches, but the company later added iPhone compatibility, which made the name less than perfectly applicable. In a blog post related to the rebranding effort, Google referred to Wear OS as “a wearables operating system for everyone.”

It’s hard to make a convincing argument that Google is all that interested in wearables. One needs only to compare the company’s handling of Wear OS with the way Apple handles wearable products and OS’s.

We had to wait two and a half years between the version 1.0 and version 2.0 of Wear OS. Android Wear was released more than 13 years ago, and since its release, the company hasn’t made any updates or announcements except for the recent blog post announcing its rebranding.

There are some signs that Google has long term plans for the floundering operating system, though. The company has been recruiting high-profile brands including Tommy Hilfiger, Michael Kors, Hugo Boss, Guess, Gc, Fossil and others to make and sell Android watches. It will be interesting to see what the company does in coming months.

Microsoft Ending Forum Support For Older Operating Systems

Big changes are coming from Microsoft starting in July (exact date unknown), and it has potentially dire implications if you’re using some of the company’s older technology.

Microsoft announced that in July, they’ll no longer provide forum-based support for a wide range of products and software, including:

Microsoft Band
Zune
Surface Pro
Surface Pro 2
Surface RT
Surface 2
Microsoft Security Essentials
Internet Explorer 10
Office 2010
Office 2013
Windows 7
Windows 8.1
Windows 8.1 RT

Although the company didn’t cite a specific reason for the change, it seems obvious that this is another move to push people into buying the latest and greatest of the company’s offerings. Unfortunately for them, the announcement has been met with more than a little hostility, and for good reason.

Consider that the company has pledged to continue to support Windows 7 until 2020, and Windows 8.1 (and variants) until 2023. Given that we’re still quite some distance from those EOL dates, closing an important avenue of support for a product the company is still ostensibly supporting seems a bit premature. Nonetheless, there’s no indication at this time that the company has plans to extend the forum support for any of these products beyond July.

In some instances, this won’t prove to be problematic. Few people still use Internet Explorer 10 as anything more than a curiosity, and Zune was never especially popular, so the loss of those forums isn’t likely to cause much backlash. However, in the case of Windows 7 and 8.1, not only has the company pledged support for years to come, but those products are still actively used by a significant minority around the world, and those users aren’t thrilled with the recent announcement.

In any case, given that the company is unlikely to change course, this is all the more reason to make upgrading a priority if you’re still using any of the products mentioned above.