(252) 565-1235
Client Support

Carolina IT Group

Call Us (919) 800-0888 Request Support Contact Us

Archives for June 2018

New Trick Lets Hackers Bypass Office 365 Email Security

by

What’s old is new again.

Hackers have recently begun re-deploying a decade-old trick called ‘ZeroFont’ to get around Microsoft’s security filters and deliver phishing and spam emails to Office 365 email accounts.  The gimmick?  Zero-point fonts.

As anyone with even passing familiarity to Office 365 knows, if you’re drafting a document, you can change the font size to suit your tastes and preferences.  What few people realize is that you can use html code to set your font to zero-point size.

Of course, such a move has no practical application in everyday usage, because no one could read a zero-point font.  Hackers, however, can make cunning use of it, and Office 365 is unable to detect the presence of zero-point fonts.  Since they’re not detected, they’re not marked as malicious and sail right through the security filters.

By itself, the zero-point trick is useful, but not inherently deadly.  Unfortunately, it can be combined with other tricks like Punycode, Unicode, or Hexidecimal code to insert malicious commands into what appears to be a totally innocent email.

It gets better (or worse, depending on your point of view).  Just last month, researchers at a company called Avanan discovered that it was possible to use the HTML tag in an email or Office 365 document, point it at a malicious site, and the security filters would blithely ignore it.

Again, it should be noted that these tricks aren’t new.  They’ve been around for years, fell out of favor in preference for newer techniques, and now are being recycled.  Apparently, they’re so old that they skate right past modern security flags and filters.

Expect updates soon to catch these types of things, but in the short run, just be aware these types of attacks are not only possible, but trivial to execute.

Google Cracking Down On 3rd Party Browser Extension Installs

by

Malicious code can wind up on your PC or phone by any number of roads.  Companies do their best to guard the digital passes, but invariably, things get missed and the hackers find a way in.  It’s a constant battle, and sadly, one that the good guys are losing.

Recently Google has stepped up its efforts, this time by focusing on Chrome browser extensions installed by third parties.  By the end of the year, no extensions will be allowed on Chrome except for those acquired via the Web Store.

James Wagner, Google’s Product Manager for the Extensions Platform, had this to say on the topic:

“We continue to receive large volumes of complaints from users about unwanted extensions causing their Chrome experience to change unexpectedly – and the majority of these complaints are attributed to confusing or deceptive uses of inline installation on websites.”

It’s a thorny problem, but industry experts broadly agree that Google is taking the right approach here.  Beginning in September, Google plans to disable the “inline installation” feature for all existing extensions.  The user will instead be redirected to the Chrome Web Store where they’ll have the option to install the extension straight from the source.

Then, in December 2018, the company will remove the inline install API from Chrome 71, which should solve the problem decisively.

Of course, hackers being hackers will no doubt find a way around that, but kudos to Google for taking decisive action here.  While browser extensions aren’t a major attack vector, it’s troublesome enough that Google’s attention is most welcome.

It should be noted that one of the indirect benefits of Google’s plan is that it further bolsters the importance of user ratings of extensions.  They’re highly visible on the Web Store, so anyone who’s considering installing something has a good, “at-a-glance” way of telling whether the extension is good or a scam. That’s information they wouldn’t get had the extension been installed inline.

Again, kudos to Google!

Another Vulnerability Found In Intel CPU’s

by

More bad news for Intel. Yet another security flaw has been identified in the processors the company makes.  This one is so newly discovered that the full technical details have yet to be released.  Here’s what we know so far, from a recent Intel announcement:

“System software may opt to utilize Lazy FP state restore instead of eager save and restore of the state upon a context switch…Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other process through a speculative execution side channel that infers their value.”

In simpler terms, what this means is that a hacker could use this exploit to gain partial cryptographic keys used by other programs running on the target computer.

While related to the recent Spectre and Meltdown security flaws, this one is different in two ways.  First, it’s not quite as severe as the formerly discovered flaws in scope or scale.  To make use of this, one would require an incredibly exotic attack that would simply be beyond the capabilities of most hackers.

Also, it should be noted that where Spectre and Meltdown impacted dozens of chipsets dating back more than a decade, the “Lazy FP State Restore” flaw only impacts chips beginning at Sandy Bridge.

The other key difference is that the flaw in this case, does not reside in the hardware.  That’s good news for businesses of all shapes and sizes, because it means that when Intel and their hardware vendors have a patch ready, it will be quick and relatively painless to install it.

Unfortunately, since the initial discovery of Spectre and Meltdown, a number of variants of those flaws have emerged, and now this new one.  It’s unlikely that this will be the last we’ve seen of these types of issues, so if you’re using Intel equipment, brace yourself.  There’s likely more to come.

G-Mail Users Will Soon Have To Use New Design

by

Change is coming, and not everyone is happy about it.  Recently, Google redesigned its G-mail interface, and since then, they’ve allowed their free users to opt into the new changes.  G-Suite users may or may not see the option to try the new interface, depending on whether their administrators have enabled the option and made it visible.

The company just announced that beginning in July, 2018, administrators will be required to give all users the ability to opt into the new interface.  Then, sometime in September 2018, all users will be switched to the new interface by default, although the option to switch back to the old interface will be available for approximately one month.  After that, the option to use the old interface will vanish, and all G-Suite users will only be able to use G-Mail using the new interface.

The company has not made any official announcement regarding users who have free G-Mail accounts. However, most industry insiders expect that given the timetable outlined above for G-Suite users, free G-Mail users can expect an email or other communication from Google about when the option to use the old interface will be going away for good.  Ultimately, Google means for everyone to use their new interface design, and will certainly enforce that.

Google’s handling of the change has been exceptional.  Change comes to us all, and in business, sometimes it can descend at a terrifying pace.  Only by slowing things down to a more human scale can you give your employees time to adapt and grow accustomed to the coming change.

Kudos to Google for a job well done, and business owners, take note.  Change may be inevitable, but it doesn’t have to be scary.  Just give your employees time to get used to the idea.

Yahoo Messenger Will Shut Down In July

by

It’s the end of the line for Yahoo Messenger.  As of July, it will be no more, marking the end of an era.

The announcement comes just six months after AIM (the old AOL messaging program) was shut down.  The first major messaging programs from the early days of the internet will soon be a thing of the past.

Users will have six months to download their chat histories from Yahoo Messenger. If they  haven’t gotten what they need by then, they’ll lose their chance forever.

It probably won’t come as a major blow to most people.  Although it used to be one of the most popular and widely used communications programs, its popularity has slipped markedly in recent years, to the point that there’s little justification in continuing support for it.

The company had this to say on the matter:

“We know we have many loyal fans who have used Yahoo Messenger since its beginning as one of the first chat apps of its kind.  As the communications landscape continues to change over, we’re focusing on building and introducing new, exciting communications tools that better fit consumer needs.”

Currently, the company has no direct replacement for Messenger.  The closest match would be a group messaging app called “Yahoo Squirrel,” which is currently in beta.  Users interested in the new tool can request an invitation at squirrel.yahoo.com.

For the rest of us, Yahoo Messenger’s loss isn’t likely to cause problems from a business perspective. This, along with Microsoft’s retirement of the venerable MS Paint, serves as a reminder that the internet is growing up.  Many of the tools we’ve used and taken for granted for years are now fading away.  It’s a brave new world.

Some Private Posts On Facebook May Have Been Exposed

by

Facebook is in hot water again.  Recently, the company admitted that while testing a new feature on the site, they inadvertently made public the posts of more than fourteen million users.  The incident occurred between May 18th and May 22nd and occurred when Facebook was testing a new “Featured Posts” enhancement.

The goal was that users could selectively make posts visible to everyone.  Unfortunately, the error created a situation where any posts users in the test group made were automatically shared to everyone.  The company found and corrected the mistake on May 27th, but during the intervening span of days, any posts those users made were set to global visibility.  Facebook is currently in the process of contacting the impacted users and asking them to review any posts they made during the impact period.

Chief Privacy Officer Erin Egan had this to say: “To be clear, this bug did not impact anything people had posted before – and they could still choose their audience just as they always have.  We’d like to apologize for this mistake.”

Unfortunately, this is not the first time in the recent past that Facebook has gotten into hot water over the mishandling of user data.  Earlier this year, Facebook CEO Mark Zuckerberg had to testify before Congress when it came to light that the company acknowledged they had improperly shared private information pertaining to tens of millions of its users with Cambridge Analytica, which used the information in an attempt to influence the most recent presidential election.

Even if you’re not a member of the test group, if you use Facebook and made any posts between May 18th and May 27th when the company fixed the bug, it pays to review your posts just to make sure that their visibility has been properly set.

Microsoft Ending Forum Support For Older Operating Systems

by

Big changes are coming from Microsoft starting in July (exact date unknown), and it has potentially dire implications if you’re using some of the company’s older technology.

Microsoft announced that in July, they’ll no longer provide forum-based support for a wide range of products and software, including:

Microsoft Band

Zune

Surface Pro

Surface Pro 2

Surface RT

Surface 2

Microsoft Security Essentials

Internet Explorer 10

Office 2010

Office 2013

Windows 7

Windows 8.1

Windows 8.1 RT

Although the company didn’t cite a specific reason for the change, it seems obvious that this is another move to push people into buying the latest and greatest of the company’s offerings.  Unfortunately for them, the announcement has been met with more than a little hostility, and for good reason.

Consider that the company has pledged to continue to support Windows 7 until 2020, and Windows 8.1 (and variants) until 2023.  Given that we’re still quite some distance from those EOL dates, closing an important avenue of support for a product the company is still ostensibly supporting seems a bit premature.  Nonetheless, there’s no indication at this time that the company has plans to extend the forum support for any of these products beyond July.

In some instances, this won’t prove to be problematic.  Few people still use Internet Explorer 10 as anything more than a curiosity, and Zune was never especially popular, so the loss of those forums isn’t likely to cause much backlash. However,  in the case of Windows 7 and 8.1, not only has the company pledged support for years to come, but those products are still actively used by a significant minority around the world, and those users aren’t thrilled with the recent announcement.

In any case, given that the company is unlikely to change course, this is all the more reason to make upgrading a priority if you’re still using any of the products mentioned above.

Contact Info

740 Greenville Blvd. SE., Ste. 400-374
Greenville, NC 27858

Phone: (252) 565-1235

Call Now Button