The world in which we live gets more technologically advanced every day and things that were previously accessible to only a select few have now become available to pretty much everyone. During the 1980’s when personal computers were the newest thing, the desktop devices were much more expensive (not to mention cumbersome) than they are today.

Thirty plus years later, personal computers are commonplace in homes around the industrialized world and everything on the internet is now available anywhere at anytime thanks to a large variety of handheld mobile electronic devices, including cell phones, laptops and tablets.

Another electronic device that is quickly changing the way we live and work is the drone that began as a hobby for flying enthusiasts or expensive gifts to kids from parents who could afford them. Today multiple companies are manufacturing affordable drones which have made them more popular and the devices are quickly becoming mainstream business tools.

Multiple government agencies and a variety of businesses are now using drones to assist in accomplishing their goals which include photography, news media, farming, law enforcement, shipping and more uses for drones are always being found.

Both UPS and Amazon plan to start delivering packages using drones instead of the typical mail transporting services. When that becomes reality you will have to worry about your package even making it to your doorstep to be stolen by someone watching for package deliveries because hackers will be able to gain control of drones in-flight and redirect them to another location.

As we have seen in the past any type of electronic device that gets connected to a network becomes a potential target for hacking. These nefarious efforts are made easier by devices that have little or no security measures in place and are easy to set up facilitated by using open ports and unencrypted communications.

A recent example sparked anxiety in the up-and-coming drone industry when a drone was found outfitted with hacking capabilities that would allow it to hack into local wireless networks after landing on roofs of businesses, homes or government facilities.

DefCon demonstrated in 2015 that someone could very easily take control of a drone while in flight. Since shipping drones will likely be launched each time from a specific location, it won’t take long for hackers to determine flight patterns and easily assume control of regularly flying drones and their cargo.

The logistical nightmare created by dronejacking for companies like Amazon and UPS could negatively impact the success of such programs even though successful dronejackings would be unreliable and package contents are unknown.

Drones have also been known to annoy people when they fly over their houses and many have resorted to throwing rocks or shooting guns to bring them down. This presents questions about invasions into personal space and “no-fly zones,” which are just a few of the issues currently being considered by national and local authorities. Ordinances and regulations about drones are still being formulated so many agencies don’t know how to handle drone complaints.

The media and photography enthusiasts use drones to get pictures that are not easily accessed otherwise using expensive high-quality photographic equipment. Hackers could easily assume control of not only the expensive drone, but the costly equipment it carries which creates a tempting target for dronejacking by those who resell various devices including drones and camera equipment.

Multiple federal, state and local law enforcement agencies use drones for surveillance and to assist with crowd control in highly charged scenarios like protests and situations involving active shooters. Protesters could look to technology to take out surveillance drones and security feeds upon which law enforcement agencies rely.

Researchers have found open ports and weak authentication tools in many drones used for consumer shipping which allows hackers to send remote commands to drones to redirect them. Most of these redirections are currently being done manually but it won’t be long before someone produces a format that makes exploitation easier.

Most vulnerabilities are easily remedied with a software update from the drone manufacturer and those who manufacture more expensive high-end drones will probably offer fixes sooner than cheaper drones for which fixes will be a long time coming.

Cybersecurity experts predict that drone exploit kits will soon start making the rounds on the internet and more media stories about dronejackings will appear in newscasts worldwide. Questions about personal no-fly zones will abound and debates on social media will be heated about solutions that may include running software from a laptop instead of hurling rocks and loading weapons.

Experts also predict drones will be taken out of the air by individuals using directional antennas and that hackers will develop a way to quickly eliminate surveillance drones used by law enforcement.

Commercial aviation grew slowly over a long period of time as did rules and regulations governing it. Drones are advancing at a much more rapid pace which is leaving the United States Federal Aviation Administration scrambling to formulate regulations governing where and when both private and commercial drones can fly and local authorities are awaiting those rules and regulations, as are individuals who operate or are affected by drones.

Intel Corp is a leader in the tech world of cyber security and uncovers an average of 245 new computer related threats daily. The experts at Intel have developed a Threat Dashboard that lists all the current threats, vulnerabilities, ransomware, exploit kits and campaigns of which their experts are aware that are designed to nefarious invade electronic devices for the purpose of stealing valuable personal and confidential information.

Intel has determined the following to be the Top 10 Vulnerabilities of which computer users everywhere need to be aware:

CVE-2017-0038

This is a vulnerability in Microsoft Windows that could permit a remote hacker to gain access to sensitive information. The flaw lies within the Graphics Device Interface (gdi32.dll) which can be exploited using an EMF file which is an extension of the spool file format Enhanced MetaFile which is used for reading, filing, storing and printing documents in the Windows computer operating system.

Cloudbleed

This vulnerability was found in websites that use CloudFlare which is a content delivery network that lies between the computer user and the user’s internet host. The vulnerability results in possible memory leaks that expose private customer information.

CVE-2016-1019

Adobe Flash Player is affected by this vulnerability which allows remote hackers to cause a denial of service, application crash and/or the possibility of executing arbitrary code using unspecified vectors (direction and magnitude). Adobe Flash Player is a popular freeware for accessing content created there, including Internet applications, viewing multimedia and streaming audio and video.

CVE-2016-4117

This vulnerability also affects Adobe Flash Player’s by enabling remote code execution.

CVE-2016-0189

This vulnerability allows remote hackers to execute arbitrary code, cause a denial of service or memory corruption in Microsoft JScript 5.8 and VBScript 5.7 and 5.8 engines, which are used in Internet Explorer’s versions 9 through 11 and other products.

CVE-2016-7200

Microsoft Edge’s Chakra JavaScript engine is affected and allows remote hackers to execute arbitrary code, cause a denial of service or memory corruption using a “crafted” website which are those built for purposes of carrying out a cyber attack.

CVE-2017-0037

This vulnerability could result in remote code execution in Microsoft Internet Explorer and the flaw lies within the “HandleColumnBreakOnColumnSpanningElement.”

CVE-2016-7201

Microsoft Edge’s Chakra JavaScript is affected with this vulnerability and allows remote hackers to execute arbitrary code, cause a denial of service or memory corruption using a crafted website.

CVE-2016-7288

This vulnerability also affects Microsoft Edge and could result in execution of arbitrary code or a denial of service and the flaw lies within the scripting engines that are exploitable using crafted websites.

CVE-2017-0016

This vulnerability causes memory corruption in Microsoft Windows applications and could result in a denial of service with the flaw lying in mrxsmb20.sys and the way SMB traffic is handled.

Computer users have their work cut out for them trying to keep up with the latest computer viruses and hacking vulnerabilities that can affect anyone anywhere anytime. Maintaining up-to-date security software is critical to fighting nefarious computer invasions as well as developing a working relationship with competent IT professionals like those at EyesEverywhere.

Yahoo has been repeatedly victimized by nefarious high-profile hacking incidents one of which affected over half a million account holders. Several months after that attack, Yahoo admitted to having been the victim of another breach dating back to 2015 that put over half a million account holders at risk.

The United States Securities and Exchange Commission (SEC) confirmed that more than thirty two million Yahoo accounts were hacked in a cookie forging attack that dates back to 2015.

Apparently, hackers used a sophisticated cookie forging exploit which they were able to execute without having to know or use account passwords.

Yahoo will determine which accounts were invaded by hackers that took or used forged cookies and will notify account holders potentially affected by the breach. The tech giant identified and invalidated the cookies which essentially cut off the hackers.

Regarding the cookie forging exploit, Yahoo wrote in SEC filings:

“In November and December 2016, we disclosed that our outside forensic experts were investigating the creation of forged cookies that could allow an intruder to access users’ accounts without a password. Based on the investigation, we believe an unauthorized third party accessed the Company’s proprietary code to learn how to forge certain cookies. The outside forensic experts have identified approximately 32 million user accounts for which they believe forged cookies were used or taken in 2015 and 2016 (the “Cookie Forging Activity”). We believe that some of this activity is connected to the same state-sponsored actor believed to be responsible for the 2014 Security Incident. The forged cookies have been invalidated by the Company so they cannot be used to access user accounts.”

Internal investigation by the SEC determined that Yahoo had enough knowledge of the hacking situation to disclose it in 2014, that several unidentified senior executives of the company failed to “properly comprehend or investigate” the breach and that its legal team should have opened an inquiry about the hacking in 2014. An SEC filing states:

“The Independent Committee found that failures in communication, management, inquiry and internal reporting contributed to the lack of proper comprehension and handling of the 2014 Security Incident.”

This latest information saved Verizon $350 million in its prolonged negotiations to acquire Yahoo which will be deducted from its initial $4.83 billion buyout offer. Also in light of these recent developments, Yahoo’s Chief Executive Officer (CEO) has agreed to take full responsibility for the oversights and will forgo the annual bonus and equity grant which will be redistributed to Yahoo employees.

Amazon’s contributions to the tech world continue with the introduction of Alexa which is a “virtual personal assistant” that uses Amazon Echo (hands-free speaker system) to provide audio to multiple electronic devices for purposes of asking and receiving responses to a variety of questions. Alexa can also be used for playing music and audiobooks, setting alarms, creating “to do” lists, providing real time information about traffic and weather and other voice interaction capabilities.

Alexa can also act as a “hub” for several “smart” electronic devices which operate using various wireless protocols. Most of those devices allow activation of Alexa by speaking a “wake word” but some require users to push a button to activate Alexa’s listening capabilities. Currently Alexa is only available in English and German languages.

Alexa has created a lot of buzz about privacy issues and questions as to whether or not the device can be used for nefarious spying purposes. After WikiLeaks revealed that the Central Intelligence Agency (CIA) employs a huge arsenal of remote hacking tools, registered users of the website Reddit.com raised the issue of Alexa’s possible collaboration with the CIA. Reddit.com is a website that allows registered users called Redditors to submit content in a variety of forms and those submissions are voted up or down by fellow-Redditors to organize posts and determine where they rank and appear within the website under a variety of categories.

One of the recent submissions was a video clip that poses questions to Alexa with regard to its connection to the CIA in which viewers can hear a woman ask “Alexa, would you lie to me?” to which the device responds “I always try to tell the truth. I am not always right but I would never intentionally lie to you or anyone else.”

The anonymous lady posing the questions in the video then asks “Alexa, what is the CIA?” to which the device immediately responds “The United States Central Intelligence Agency, CIA.” She then asks “Alexa, are you connected to the CIA?” A noise can be heard that resembles the dull “dunk” sound you hear when you click on something that can’t be viewed but Alexa offered no answer. The lady asks the same question again and gets the same sound and no answer, which is completely atypical of the device’s normal response capabilities.

Some folks give Alexa the benefit of the doubt suggesting that it doesn’t respond because it’s experiencing some kind of problem registering the question but others fear the device didn’t know how to respond and is actively recording and spying on them.

Interestingly, Redditors got the same response from other virtual assistants known as Google Now and Apple’s Siri. When they asked Google Now “Are you connected to the CIA?” the device responded “Me? I don’t know.” Similarly, when Redditors asked Siri the same question, the device responded “I can’t answer that.”

It’s not surprising that this video has unleashed a flurry of conspiracy theories about the CIA using multiple electronic devices, including telephones and televisions, to spy on people. Contributing to the conspiracy theories is the fact that it is well known that Amazon has previously worked with the CIA, including in 2014 when the agency paid $600 million for Amazon to develop a cloud computing infrastructure designed to specifically meet the needs of the CIA. Recently Amazon also became involved in a murder trial during which it claimed First Amendment rights to requests for releasing recordings that Alexa might have in relation to the case.

Most companies don’t want to alienate clients by collaborating to exchange information with any government agency but a few have been known to do so in addition to Amazon, including Yahoo which is suspected of being in cahoots with the FBI and NSA by providing user data to those intelligence agencies.

The liberal voice for world, business and sports news, reviews, opinions and analyses known as The Guardian indicated in 2014 that Amazon is also not particularly careful about protecting private user information which promotes and contributes to the perpetuation of conspiracy theories about Alexa.

Amazon attempted to quell conspiracy implications by releasing a statement about the video reviewed by Reddit saying:

“This was a technical glitch which we have fixed. Alexa’s response to this question is:

” Are you connected to the CIA?

“No, I work for Amazon.”

What could Apple possibly come up with to incorporate into its next generation iPhones that will make everyone want the updated version? Well, according to the U.S. Patent and Trademark Office, the tech giant has applied for and been issued a Patent for a technology that enables “enhanced face detection using depth information.” That should do it!

The tech giant will use specifically modified software and hardware modules in its newest iPhone creation. According to the Patent and Trademark Office, Apple’s new technology will be available for both still images and videos.

The Patent Application indicates that the new technology uses a combination of camera modules, depth sensors and computer imagery to produce “depth maps” which it uses to accurately identify human faces that appear in the image. Apparently, the new technology breaks down the image into smaller frames or “windows” and then selects one or more in which to “test for presence of human faces.”

The feature uses depth information to make the identification process easier and more accurate, but becomes less reliable when more faces appear at varying depths and locations within the image/video, which could contribute to false detection issues, according to the Patent and Trademark Office.

This news comes amid rumors that Apple may be ramping up its reality capabilities and might introduce an innovative 3D selfie camera, which will rely on infrared modules that are capable of projecting patterns of optical radiation into images that will allow the device to split the image or video into depth maps.

Until the announcement is made by Apple, these innovative features are pure conjecture but, if and when the new technology becomes available, it will only be included on premium iPhone models and is expected to also have a premium price of over $1000.

The FBI recently reported that cybercriminals are netting an estimated $325 to $500 million every year using ransomware and malvertising schemes. Because of the increasing prevalence and sophistication of these scams, authorities are completely baffled about how to handle this rising threat that often causes business owners and computer users to just “pay the ransom” in order to continue their business operations.

Ransomware is a malicious computer software designed to do nothing more than block access to computer systems until a sum of money is paid, thus “Ransomware.” “Malvertising” is a combination of the words “malicious” and “advertising” and involves the use of internet advertising to spread malware by injecting malicious ads (or malware-laden ads) into an otherwise legitimate online network of web pages and the advertising feautured on those pages.

You’ll know if your computer has been infected by blatant signs of infection that include sluggish internet connections, programs that take too long to load or your cursor being 20 seconds behind your mouse. Other times it’s a silent destructive force and you need to know the signs of infection.

The most obvious is getting a “pop-up” that indicates your files have been encrypted and there’s a deadline to pay a certain amount of money (ransom) in order to retrieve them. Creators of ransomware want you to immediately know that your computer is infected because that’s how they make their loot … and the sooner the better!

Browser redirects are also typical problems with infected computers which means that you are constantly redirected to a different page than the one you’re trying to access and repeated attempts result in the same redirection.

You may also notice that your home page has changed or the presence of new toolbars that you can’t remove or bombardment with pop-ups. Close one and another one pops up and there’s no escaping the vicious circle. Sometimes a particular website will have awful ads that make you feel like something wicked is happening but, most of the time, if your monitor screen is full of pop-ups, you have an adware infection.

Other not so obvious signs of infection include a slow running computer, constant crashing, unresponsive web browser, freezing of browser or unfamiliar icons on your desktop. It’s also possible that you downloaded legitimate software that contained one or more Potentially Unwanted Programs (“PUP”), which weigh down the operation of your computer.

Another problem typical of infected computers is “bounced” emails, or those that return to your inbox as “undelivered.” An infected computer will attempt to send out emails to the addresses in your contacts list and, if the “to” address doesn’t work, the email bounces back to the “from” address, which is your email address. So if you’re receiving a lot of bounced-back emails you probably have a malware infection.

There are also stealth infections, such as “botnets” and others that are designed to use your computer as part of an infected network of computers, used for attacking other networks/systems, which you will not discover unless you regularly scan your computer with a security program that detects potential problems.

Your computer is not the only electronic device you need to worry about because your cell phone is not immune to malware infections. If your phone battery drains quickly, it could be all those games you play or the music and videos you stream OR it could be infected with mobile malware. You should pay close attention to your cell phone bill to be sure you aren’t being charged for messages you didn’t send or for things you didn’t purchase.

Ransomware and malvertising are interrupting internet business daily and you need take measures to ensure that you protect your systems to keep your business operational and free of these nefarious infections.

Contact the professionals at EyesEverywhere IT Consulting today for a better understanding of the tactics used by cybercriminals to infect your electronic devices and for tools and solutions designed to detect and eliminate ransomware and malvertising and thereby protect your data and business from cybercriminals.

As if Torontonians didn’t already have enough to do, Microsoft has launched a new version of Windows for everyone to master. Microsoft Windows is the most popular software for business and personal use because it contains a wide range of applications that include everything from simple word processing to complicated spreadsheets.

Windows is the preferred computer operating system throughout the world, but is quickly losing ground as more people turn from clunky computer desktops to more portable tablets and smartphones, which use operating systems created by Microsoft’s rivals, Apple and Google. Both rivals indicate a preference for maintaining separation between operating systems for PCs and mobile devices and reject Microsoft’s plan to combine the two.

The last release by Microsoft was Windows 8, which was introduced two years ago and attempted to meet growing demands for hand-held mobile devices, but failed because users hated it and its tablet-like design and inapt controls for devices that use keyboards and mice.

Microsoft jumped from unpopular Windows 8 to Windows 10 in an attempt to emphasize its ongoing efforts to move forward by reviving popular features from older versions and combining them with new features in the hope of regaining the loyalty of desktop PC users while, at the same time, meeting increasing customer demands for modern touch-screen technology on smartphones and tablets.

Windows 10 offers “the familiarity of Windows 7 with some of the benefits that exist in Windows 8,” according to Joe Belifore, an executive who oversees Windows design and evolution.

Terry Myerson is the Executive Vice-President of Microsoft’s Operating Systems Group and indicated “Windows 10 represents the first step in a whole new generation of Windows.” He compared it to buying a new car with a better sound system and more powerful engine without the necessity of having to “learn a new way to drive.”

Windows 10 is a blend of old and new and will have various controls that are familiar to users of older Windows versions with new features that are easily learned, even by those who still use Windows 7 or earlier versions.

Beware that if you use the “express” setting when you upgrade to Microsoft 10, doing so will enable Microsoft to gather any and all of your personal information unless you configure your privacy settings otherwise. Do not use the express settings unless you want Microsoft to know everything about you and what you are doing online.

The experienced professionals at EyesEverywhere understand Windows 10 and every phase/version of its evolution and are always ready to help by sharing valuable information with Torontonians who maintain hectic personal lives and demanding business schedules that require the assistance of tech savvy experts in various fields of expertise.

Call the expert professionals at EyesEverywhere today to discuss Windows 10 and any transitional problems you may be experiencing so that you can get back to your area of expertise.