IT Security

Apr 27

Google Chrome is ending support for Silverlight – used by NOW TV and BT Sport to play video.

The Microsoft runtime depends on an ageing plug-in protocol called Netscape Plugin Application Programming Interface (NPAPI), for which Google is currently phasing out support in its browser.


The Google Chrome team originally speculated that support for the old protocol would be removed from Chrome before the end of 2014.

Silverlight remains very popular with broadcasters because of the level of encryption it offers. Many broadcasters seem to be sticking with Silverlight instead of migrating to HTML5.

“With each step in this transition, we get closer to a safer, more mobile-friendly web,” said Justin Schuh, software engineer and plug-in retirement planner at Google.

Sep 26

The Shell Shock security flaw could be bigger than Heartbleed.

A serious security flaw recently discovered in the Bash command-line shell application has been nicknamed “Shell Shock”.

Bash, an acronym for Bourne Again Shell, is a command-line shell application that allows users to issue commands to launch programs, features and make changes by typing text into a console. It’s typically used by programmers and server administrators when making changes to their servers. Bash usually isn’t open to the general public nor made available to access over the Internet by unauthorised users, but Shell Shock changes that.

This isn’t a new vulnerability (although it’s only just been discovered),  in fact it’s been around for 20-25 years. It allows the user to manipulate “environment variables” to influence how the software responds and ultimately exploit the machine it is running on.

Aug 06

Don’t be a victim of Counterfeit Software…

As an IT Support company, our clients put their trust in us to source and supply various hardware and software solutions. We purchase Microsoft Office by the bucket load and almost on a daily basis it’s one of the team’s job to go through the headache of unpacking the Microsoft Office box, pulling out the licence key, and going through the hassle of installing Office 2013 on the client machine. Today was different. We sourced our copies of Office from our normal supplier, took delivery, opened the boxes, and proceeded to download the software.

That part of the procedure is normal. What isn’t normal is being told by the Licence Card to visit a website that isn’t Microsoft’s.

Apr 15

The Heartbleed Bug

heartbleedThe Heartbleed Bug is a vulnerability in the popular OpenSSL cryptographic software library. This is the software that almost 60% of the internet will use to establish a secure communication between the server and the client. When you browse a website and you see the padlock sign, chances are it uses OpenSSL to establish this secure link. Windows Servers are generally unaffected by this issue, but other providers that use Linux (or OpenSSL specifically) will likely have had this vulnerability running for some time.

Whilst a lot of the big players in the cloud world are saying that they have now patched their systems and that users do not need to change their passwords, we are taking the stance that it doesn’t hurt to change your passwords on a regular basis and this is as good a time as any.

Mar 31

Does the date 8th April 2014 mean anything to you?

If you’re a business and care about the security of your IT equipment then it should.

On the 8th April, Microsoft’s Windows XP and Office 2003 products will no longer be supported. The products wont stop working, but critical security updates will no longer be developed and rolled out for these products. That means that if a major security flaw is discovered, Microsoft will do nothing about it.

30% of PCs still use Windows XP and at least a handful of our clients still have one or two Windows XP machines in their office (thankfully they’re moving away this week).

Keeping your IT infrastructure secure is serious business and only at the beginning of March, The British Pregnancy Advice Service (BPAS) was fined £200,000 for not making sure the data they held about people was stored securely.

Oct 29

North East Lincolnshire Council has been fined a monetary penalty of £80,000 (eighty thousand pounds) for failing to encrypt a USB stick that contained personal information about the physical or mental health of pupils and their teaching requirements as well as information about their home life.

On 1 July 2011 an unencrypted USB memory stick containing personal and sensitive personal data was lost on the data controller’s premises. A special educational needs teacher had been working with the information held on the USB stick while using a laptop that was connected to the data controller’s networked computer system.

When logging off the system and leaving the office for the day, the teacher forgot to remove the USB stick. When the teacher realised the mistake and tried to retrieve the USB stick, it was gone.

Sep 24

At about 3:25pm yesterday (Monday 23rd September 2013), Google Apps suffered some service issues. Clients were noticing issues sending or receiving emails.

Google estimated that this issue affected less than 0.024% of the GMail user base.

Their team provided updates constantly every hour and at 7PM they confirmed the issue was much more widespread than first thought, affecting 50% of GMail users.

At 3AM this morning (24th September), Google confirmed that the issue was resolved and provided this statement:

As of 1600 Pacific Time, Gmail message delivery and attachment download is functioning normally for all users. We apologize for the duration of today’s event; we’re aware that prompt email delivery is an important part of the Gmail experience, and today’s experience fell far short of our standards.

Jun 07

The Information Commissioner’s Office (ICO) has issued Glasgow City Council with a penalty of £150,000 following the loss of two unencrypted laptops, one of which contained the personal information of over 20,000 people.

The serious breach of the Data Protection Act comes after the council was previously issued with an enforcement notice three years ago, following a similar breach where an unencrypted memory stick containing personal data was lost.

In the latest incident, two unencrypted laptops were stolen from the council’s offices on 28 May last year. The laptops were stolen from premises which were being refurbished and where complaints of theft and a lack of security had been made. One laptop had been locked away in its storage drawer and the key placed in the drawer where the second laptop was kept, but the second drawer was subsequently left unlocked overnight, allowing the thief access to both laptops.

May 16

The support for Windows XP with Service Pack 3 ends 8th April 2014. If you’re running Windows XP with Service Pack 3 (SP3) after support ends, to ensure that you will receive all important security updates for Windows, you need to upgrade to a later version, such as Windows 7 or 8.

Feb 26

As if Apple weren’t embarrassed enough…

iPhone_5_34L_Black_PRINTSome smart person has found a bug in iOS 6.1 which effectively renders the lock screen entirely useless. By doing a bit of this and a bit of that whilst the phone is in a locked state, any person that knows the simple process can make use of the bug in iOS to unlock the iPhone 5 in a matter of seconds.

As IT Consultants, we’re not going to give you the process for doing it. We want to make users of the iPhone 5 aware of this serious security flaw so that you can be extra vigilant with your iPhone until Apple get around to releasing a fix for this mess.

By sliding to unlock, doing a few other things, then pushing the sleep/wake button, the phone will unlock as if you’ve entered the pin code (and no, you don’t enter the pin code!).