There’s an article on the BBC news website that popped up yesterday that took our interest. It states that a “hack” lets phones “eavesdrop and make premium calls”. This was obviously a great concern for us, as it named our primary vendor, snom, as the manufacturer whose phones were used in the research.
The article can be seen on the BBC website here: http://www.bbc.co.uk/news/technology-35579273
What we can’t understand is why the BBC chose to publish such a non-story. What this “security hack” boils down to is not changing the administration page password from the default. Yes, you heard right. The only security flaw is not setting an admin password for managing the settings on the phone.
In fact, if you ignore the fact they used old firmware to carry out their tests and you perform that exact same test on firmware that isn’t old (and was only a beta release) the phone itself prompts you on the screen at every opportunity to set an Admin password.
As of 1st April 2016, there will no longer be an Openreach modem installed for new FTTC connections. This means that when the Openreach engineer visits to switch you on with our service they will only do the jumpering activity at the local street cabinet and then close the job. This means you wont have to wait in on the engineer coming to your premise to install any equipment.
If you’ve decided to purchase your router and equipment through Consider IT, we’ll have it all preconfigured for you. If you’ve chosen for a site install, one of our technicians will still turn up on site at the pre-agreed time to get you online.
Openreach are running this as a pilot and will be holding regular review sessions to understand the highlights and lowlights of these kinds of installs.
We are currently aware of a lot of malicious spam emails currently doing the rounds. As of posting this, few anti-viruses pick up the virus attachments.
The fake email pretends to come from e-mail address firstname.lastname@example.org, but is actually a simple forgery and does not in fact come from Les Caves.
The contents of the e-mail message are as follows:
From: Avril Sparrowhawk [Avril.Sparrowhawk@lescaves.co.uk]
Date: 22 December 2015 at 11:14
Subject: CWIH8974 PAYMENT RECEIVED
Thanks very much for your payment we recently from you, however there was a missed invoice. Can you just confirm this will be included in the next payment run, or whether there were any queries with this particular invoice?
I have attached the invoice for your reference.
Pressing the backspace key 28 times will let you circumvent a locked-down Linux machine researchers at Universitat Politechnica de Valencia recently discovered.
The GRUB bootloader used by most Linux distributions has the option to password protect boot entries. Not only will this prevent tampering but allows you to prevent peripherals such as CDs and USB ports from booting an OS. Without this protection an attacker could boot a system from a live USB key or CD, switching into their preferred operating system to download or access files stored on the machine’s hard drive.
This flaw with Grub2, of which versions 1.98 and 2.02 are affected, means a simple tap of the backspace key 28 times will bring up the prompt usually hidden behind the password screen.
TalkTalk have once again shown their inability to keep customer data safe. Police are now investigating what TalkTalk term a “significant and sustained cyber-attack” on their website.
Their website currently shows the page above highlighting the fact the website is unavailable right now.
An official statement was released by TalkTalk on 22/10/2015: View Statement in Full.
What the statement doesn’t highlight is what customers of TalkTalk need to do now.
The investigation is ongoing, but unfortunately there is a chance that some of the following data may have been accessed:
- Dates of birth
- Email addresses
- Telephone numbers
- TalkTalk account information
- Credit card details and/or bank details
TalkTalk have also created a help page here for those who may have been affected: http://help2.talktalk.co.uk/oct22incident
Please be aware, TalkTalk will NEVER call customers and ask you to provide bank details unless we have already had specific permission from you to do so.
We have noticed a large number of calls yesterday and today in relation to users on Windows 7 where the computer sits stuck on a “Starting Windows” page. The common denominator between all of these incidents is that the computers had AVG Anti-Virus installed.
Whilst we wait on AVG getting back to us with news on this issue we have been resolving these incidents by booting the computers in to Safe Mode, un-installing AVG completely, then booting back into Windows in normal mode before reinstalling AVG.
This is not the first time Anti-Virus programs have caused catastrophic issues with Windows PCs. In April 2010 a McAfee pushed out an update that caused a false positive identification, and incorrect deletion, of the critical Windows system file svchost.exe.
On 14th July 2015 Microsoft will cease supporting Server 2003. This means that, going forward, there will be no more updates or patches for the Server Operating System, which will lead to a less stable and less secure server infrastructure for any businesses that choose to continue to use the system after this date.
Any organisation that is still currently using Microsoft Server 2003 needs to put in place a plan of action to migrate to a new server Operating System, or find an alternative IT infrastructure solution.
Edinburgh IT Support consultants, Consider IT, suggest getting in touch and we’ll provide options for moving forward to a secure and reliable solution.
HMRC has turned its back on Microsoft after announcing the news that they plan to switch to Google’s cloud apps services.
First reported by The Register, 70,000 HMRC employees are dumping Microsoft’s productivity solutions in favour of the Google Apps service proudly boasted by the internet giant.
This means HMRC will be the first of the major UK governmental departments to make the switch away from Microsoft.
Interestingly, back in May 2013, MPs accused the internet giant of deliberately subverting its motto, “don’t be evil”, in order to pay less tax. It’s almost ironic that of all the government bodies to make the move to Google Apps it’s HMRC that’s doing so.
Infuriated members of the House of Commons Public Accounts Committee (PAC) lashed out at the company as one of its most senior executives insisted it was not “selling” advertising in the UK – but in low-tax Ireland instead.
SourceForge is a popular website that offers source-code repository, downloads mirrors, bug tracker and other features. It acts as a centralised location for software developers to control and manage free and open-source software development. What you might know it from is its usefulness in providing downloads of popular software, rather than having to go to the developer’s website to get it.
Since yesterday at least, SourceForge has now since started to distribute adware/malware in certain projects hosted on their site.
NMAP, an open-source network tool used extensively by IT Professionals has been hijacked by SourceForge and the developers have hit back on security notice boards:
Hi Folks! You may have already read the recent news about SourceForge.net hijacking the GIMP project account to distribute adware/malware.
PayPal and eBay have fallen out and are splitting up with each other on 1st July 2015. PayPal have published a new set of Privacy Policies that will come into force on the same day.
PayPal is nice enough to give its customers only two options when it comes to the new terms: begrudgingly accept them or close your account entirely.
- notify you regarding your account
- troubleshoot problems with your account
- resolve a dispute
- collect a debt
- poll your opinions through surveys or questionnaires
- contact you with offers and promotions
- as otherwise necessary to service your account or enforce this User Agreement, our policies, applicable law, or any other agreement we may have with you.