Lyjotoblog

Following the discovery of Superfish installed in certain Lenovo laptop and tablet models, some users have found, compiled, and published a list of other apps that also use SSL Decoder or Digestor, the Komodia software development kit (SDK) responsible for granting the said risky app its HTTPS interception functionality.

Unfortunately, some of the apps mentioned were parental control software, which are used by parents and caretakers to safeguard young teens and kids from potential online threats. They are as follows:

• Keep My Family Secure. A free parental control software Parental Control Solutions Ltd. a subsidiary of Komodia, that allows the blocking of websites based on children’s age.
• Kurupira Web Filter. A free software that targets both English and Portuguese users. It has the following features: anti-porn, website and program blocking, time control, and monitoring of computer and program usage history.
• Qustodio. A free app for Windows, Mac, iOS, and Android. Aside from having features that majority of parental control software have, Qustodio has options to monitor or block calls and SMS messages. It also provides a panic button children can press to call help from parents or carers.
• SecureTeen. A paid app for computers and mobile devices. Most of its functionalities are similar to that of Qustodio’s.

We cannot say for now if the above is already an exhaustive list. There might be other similar programs that use the SDK that have yet to be discovered.

For parents and carers, we encourage you to check your home computer and all mobile devices for presence of the applications we mentioned above. You can do that by doing a simple system search, or you can also use this sitethat was specifically created by a security researcher to automatically detect any application on systems with the Komodia SDK.

Once you have confirmed that one or more of the above apps are indeed installed and running, you now need to confirm if they have unrestricted private root certificates. It is important that you remove the certificate/s first before uninstalling the risky apps. You can visit this page and follow steps II and III for instructions on how to do this.

There is no automated way to remove certificates, so please be careful when following procedure. If needed, seek the help of family members who are savvy enough to maneuver within the system while under guidance.

You can refer to this page on our forums for instructions on how to remove the offending apps. Please note that steps to remove them are the same steps to uninstall Superfish.

Over the past several days, a Trojan virus has rapidly spread across Facebook and infected around 110,000 users. The bug, which is spread through a pornographic video, tags up to 20 friends of an infected user, and then infects new users when those friends click on the link. This tagging method, along with the fact that friends of the tagged users can see the link, has caused the virus to spread at a rapid pace.

Facebook has commented on the bug and said it will do everything possible to fight its spread.

“We use a number of automated systems to identify potentially harmful links and stop them from spreading,” Facebook told Threatpost. “In this case, we’re aware of these malware varieties, which are typically hosted as browser extensions and distributed using links on social media sites. We are blocking links to these scams, offering cleanup options, and pursuing additional measures to ensure that people continue to have a safe experience on Facebook.”

However, the best way for users to avoid falling victim to this scam is to simply be aware of it — and to be skeptical of any suspicious link. Just clicking the link to the video isn’t enough to infect users, who are prompted to download a fake Flash player in order to watch the “video.” It’s disheartening that so many people have fallen victim to such an elementary scam in such a short amount of time, but if you’re well-informed and know what to look for, you can easily avoid their fate.

Always think twice if you are prompted to download anything in order to view a video. This is a very popular trick with malware authors. It’s also recommended to enable ‘tag review‘ in your Facebook settings to keep items from automatically appearing on your Timeline.

No matter how technologically advanced we become, crime has a way of keeping up. Your business doesn't have to get caught in the cross hairs however.

Cybercrime is one of the largest fraud risks for a small-business owner. The 2014 Global Fraud Study released by the Association of Certified Fraud Examiners determined businesses can lose 5 percent on average of their revenue each year to fraud. They pegged the total monetary amount at nearly $3.7 trillion across the globe. The study also reports that more than one in five of the nearly 1,500 cases analyzed in more than 100 countries had employees walking out the door with at least $1 million in cash.

People don't realize how often small businesses are targeted for their data and bank accounts. The loss of data, a lawsuit over how the data was captured, and the loss of thousands of dollars in a bank account can all put a business under. Below are some of the more common cybercrimes every business is subject to, and some ideas to prevent them.

1. Malware From the Internet

Malware from the Internet is obtained either by downloading free programs (which small-business owners often use) or by browsing the Web with a vulnerable computer. Think your computer isn't vulnerable? If you have ever declined to update Java for any period of time, your computer was probably vulnerable to cyberattack.

Once malware downloads onto the computer from one of these two sources, your computer may now be controlled by a billion-dollar crime industry. These crime organizations sell access to your computer, data acquired from it (credit cards, passwords, SS numbers, email addresses, proprietary company information, addresses, bank account information, access to your bank account, etc.) and they can even lock down your computer to ransom it. They can do this by encrypting the data or restricting access and requiring you to pay hundreds of dollars with a MoneyPak card.

2. Malware From Email

This is obtained by an incredibly well put together phishing attack. Crime organizations obtain email lists and send emails that appear to be from legitimate domains and from legitimate companies. Why is this form of attack so successful? Because if you get an email from FedEx about the details of your tracking information or shipped package, you would expect it to come from something@fedex.com.

The fake emails actually come from the fedex.com domain, or so it appears. Crime organizations actually spoof the email to show the legitimate domain. Then they put together a very well-written email about the details of your package and persuade you to open an attachment or follow a link (as companies often request via email).

Like any business owner, you probably know that a lot of companies have your email, and you often buy, ship, and sell a lot of things. So if you get an email saying your shipment needs your attention and a customer might be affected by it, you are likely to open it. This email could contain malware which may then infect your machine, and it can become exploited much like malware from the Internet.

Emails for this type of attack are not just from FedEx; they will typically appear from well-respected companies like UPS and even the Better Business Bureau.

3. Social Engineering

This is an older style of attack that has been occurring more frequently. A business will receive an urgent call from a person (often a male and sometimes speaking with a western Asian accent) who will generally associate himself with Microsoft. They usually have some story about the business owner's computer being compromised and that it needs to be fixed. The caller then will direct the business owner to take actions on their computer to rectify the issues. This generally ends in this scam company getting your credit card details and access to your computer. After all, they want to be paid for fixing your issue and need access to your computer to fix it.

Every single type of fraud listed here resulted in a financial impact to the business owner with potentially lasting consequences. So how can a business protect itself?

1. Backups.

Ensure backups are regularly paid for, that they are performing without fail, and that they are stored offsite or in the cloud.

2. Pay for antivirus.

Get the good stuff. For antivirus to be worth anything there needs to be a team of security professionals scouring the Web and creating definitions of different types of malware to be wary of. If you have a well-paid team, you generally end up with better antivirus.

3. Pay for both email and spam protection.

Having your own email domain generally makes a business seem more professional in the first place, rather than relying on the free spam filter that a free email comes with. If you pay for email and spam protection, you look more professional and receive a spam filter that works better.

4. Updates.

Always keep your computer up-to-date with the latest version of any program you have on it. If you don't, it can create security holes.

5. Ignore unexpected calls or emails.

Never consent to give away information or perform actions if the person called you or if you weren't expecting their email.

6. Have a well-trusted IT company on hand to deal with these issues when they pop up.

Paying an IT company to manage all of these things for you in the first place is probably the safest way to go.

There will always be new scams and risks when you run a business or startup. The principles above should help keep you as safe as possible while still allowing you to continue running an efficient operation.

Microsoft's answer to the ever-changing world of mobile devices? More of the same.

The Redmond, Wash., software giant offered up some tantalizing details about Windows 10 on Wednesday, the highly anticipated upgrade to its operating system designed for both computers andtablets. Unlike past versions, which have straddled a line between annoying and stale, Windows 10 will power new features and capabilities that could change how people use all their devices.

New features span from the mundane to the gee-whiz, beginning with a revamped start button and ranging to a video game social network and holographic headgear that brings the visions of Hollywood science fiction a step closer to reality. And everything delivered a new twist on Microsoft's ongoing strategy to create software that works on all devices, be they laptop, desktop, tablet or smartphone.

"We want people to love Windows on a daily basis," Microsoft CEO Satya Nadella said during an event held at the company's headquarters.

To make Windows 10 too compelling to ignore, Microsoft will offer the upgrade free to anyone using the past two iterations of Windows dating back six years.

Microsoft is at the center of one of the technology industry's biggest debates. At stake is the way consumers use devices, what they can expect them to do and how app developers design their programs. What's even harder for the world's largest software maker is that it's largely alone in this pursuit. Nearly every major tech company has focused its energies on silos of technology -- each with unique software and look -- that tie together using Internet services.

So far, customers haven't bought in to Microsoft's approach. While Windows is one of the most used computer programs in the world, mobile operating systems from Apple and Google command far more users and apps. The Apple approach, in particular, completely diverges from Microsoft.

The iPhone maker mandates separate software for its tablets, smartphones and computers. And though mobile devices have become powerful, with many features similar to a laptop or desktop, the company still draws a sharp distinction between how people use the two devices. It's one thing to quickly cut together a clip for YouTube on a phone, and another when editing a Hollywood movie on a computer.

Not at Microsoft.

Microsoft said many of its programs have been written using the same code whether for a desktop or a phone; It's just a matter of how they're used or displayed. Even the company's Xbox video game console, one of the most popular products the company sells, is being revamped with new Windows software and programs that can run on a desktop or mobile device. The company said it would release more details in March.

Underscoring its commitment to the one-Windows strategy, Microsoft showed a new Web browser called "Spartan." The new browser's most touted feature: Its ability to work across smartphones, tablets and computers.

Many of the company's other software programs offered a strikingly similar look and feel to their cousins on other devices. Outlook, the company's widely used email and calendar app, is a mere list of messages on a phone. Tap one of the messages and it fills the screen. Tapping on that list of emails on a tablet or a computer opens a message to the side, exploiting those devices' extra real estate.

Microsoft also gave a glimpse of its futuristic efforts, including a touch-enabled TV-like display, called a Surface Hub, intended for videoconferencing and whiteboard brainstorming. It also offered a new spin on virtual reality with its HoloLens headgear. HoloLens marks Microsoft's entry into the 3D virtual reality market, pitting it against Google Glass, which lets people see images and text layered onto their view of the world, and the more immersive Oculus Rift, from Facebook.

Whether Microsoft will ultimately succeed with this all-inclusive strategy is still unclear. It will be up to Microsoft to attract customers back into the fold when it releases Windows 10 later this year.

Unless you opt out, Sky will start automatically blocking material deemed inappropriate for youngsters as soon as this month.

Sky Broadband customers take note --Sky will shortly start blocking adult content by default, unless you opt out.

The broadcasting behemoth has had a web filter, dubbed Sky Broadband Shield, on offer for some time. "What we're doing now," explains Sky's Lyssa McGowan in a blog post, "is simply making sure that the automatic position of Sky Broadband Shield is the safest one for all - that's 'on', unless customers choose otherwise."

Sky's system offers different settings (PG, 13, 18 and custom), and also features a watershed option that changes your settings automatically with the time of day. Internet service providers including BT and Sky have been asking their customers to say yes or no to adult content for some time now, but Sky's new setup will see its filter automatically turned on, unless you say no, or have already said no to filtering in the past.

Sky says it'll be emailing customers this month who haven't chosen to either enable or disable Broadband Shield, nudging them towards making a decision. Unless you've requested otherwise, Sky will eventually simply turn it on, at which point you'll have to log in and manually turn Broadband Shield off if you want to navigate to any online material that Sky's system deems unsuitable for young minds.

The introduction of on-by-default online filtering -- which UK Prime Minister David Cameron demanded be made mandatory in 2013 -- has proved controversial. Last year a senior member of the Liberal Democrats said that such filters created a "false sense of security" for parents. In December of 2013 a UK study found that porn filters were blocking sex education sites, but not all actual pornography.

"This is very alarming," Jim Killock of Open Rights Group told CNET. "Censorship should never be turned on by default. Filtering blocks all kinds of useful and important websites and users should understand what it is before it is applied."

Sky says that Broadband Shield doesn't give the company access to what you're doing online, so your privacy is protected.

"It's better for people to make their own choice," McGowan writes on Sky's blog, "but until they do, we believe this process to be the safest one. Meanwhile we can ensure that they're protected from phishing, malware and sites unsuitable for young children."

BT has adult content filters switched on as default for new customers, but told CNET, "Although new customers will find that the controls are pre-selected as 'on', BT does not oblige anyone to activate parental controls, as we believe they should make an active choice about this issue. Customers who choose parental controls are taken through a quick activation process in which they can personalise settings to suit their family's needs.

"BT takes the issue of online safety extremely seriously. We are currently sending our existing broadband customers a browser message as part of our efforts to ensure all customers make an active choice about whether or not they want to set up free parental controls," the telecoms giant said.