Mac Ransomware? Yup…

Ransomware knows no bounds

Nicole Reineke at Unitrends recently published an article about a new attack vector for Ransomware –Macs. (https://www.unitrends.com/blog/mac-ransomware) She says “…and although it is crude, it is certainly effective.”

“There is no truth to the idea that Apple’s computers are somehow harder to hack—either through viruses, exploits, or social engineering—than their Windows or Linux counterparts. The reason for their relative security is simple. Apple computers represent only 7.4% of the global market share, and 13% of the market share in the US. With fewer computers on the market, it’s simply not been worth it for hackers to write specialized malware.”

Quoting further from the article:

“Crude, slightly broken, and definitely dangerous

This new ransomware variant, the creatively-named MacRansom, is definitely not up to the standard of the finely-crafted malware, such as Cryptolocker, that’s been giving Windows users so many headaches. It only encrypts 128 files at a time, and it’s so poorly coded that it mangles the files it encrypts. Unfortunately there’s still a way that they can get a hold of your enterprise backups albeit slowly.

Therefore, even if victims pay up the $700 ransom, they’ll never be able to fully restore that data.

There are some technically-sophisticated aspects to this virus, but nothing stunning. It copies features that were used in previous versions of Apple ransomware, such as KeRanger, and incorporates techniques to hide itself from antivirus. These are all features that have been seen before on malware targeted at Windows machines.

The real danger posed by MacRansom isn’t in its technical wizardry, but rather in its availability. MacRansom is part of a growing category of ransomware known as Ransomware-as-a-Service (RaaS). MacRansom isn’t the sole intellectual property of a single group of criminals—it’s for sale.”

Security is no longer a concern of “only” Windows users. Security is an all-the-time thing online. Keep your passwords complex and random – -and change them often. Keep your machines patched and have a solid protection plan in place.

We are happy to assist with your security needs. We have a full range of security and backup solutions from on-premise to on-the-cloud. We can help. Contact us today!

Coldroot will have you seeing red

As reported by Zach Whittaker at ZD Net’s Zero Day (http://www.zdnet.com/article/coldroot-nasty-mac-trojan-went-undetected-for-years/) Macs have been targets of the “Bad Guys” for years. Only recently has a very old Trojan seen the light of day: Coldroot.

These types of Trojans can act as key loggers (logging everything you type) and even act as the user with full remote control.

Antivirus vendors should be scanning for this in the near future.

 

Read the full article here: http://www.zdnet.com/article/coldroot-nasty-mac-trojan-went-undetected-for-years/

Have Evernote files you want to transfer to OneNote?

I still maintain that OneNote is the best FREE tool you’re not using. Especially if you have a touch or pen device — but any device will do. There’s a OneNote App for that (really!). One of the arguments against switching over to OneNote was the lack of ability to move those files over easily. Well, here goes that argument.

Microsoft has released a tool that will import your Evernote files into OneNote from the Evernote Plus ($25/yr) and Evernote Premium ($50/yr). No word on the ability to import from the Basic (free) or Business ($120/yr/user) versions.

This is version 1 of the tool, so I’m sure there will be glitches and imperfections. I would also anticipate that, if successful, the tool will be upgraded to include all versions. In order to use this new tool, you’ll need Windows 7 or later. There currently is no Mac version of the converter tool.

Once you’ve run the tool, the files you import will be available across all devices (Win, Mac, iOS, and Android). Microsoft offers up a graph with the features gained by doing the import.

Microsoft also provides more details on how to use OneNote importer on this support page.

Remember – -this is a Version 1 tool. Your mileage may vary — but I still suggest you do it!

Source: Mary Jo Foley from All About Microsoft

Apple recalling faulty USB-C charging cables

Apple announced on 2/12/16 that they were recalling some of the USB-C charging cables for MacBooks.

A limited number of Apple USB-C charge cables that were included with MacBook computers through June 2015 may fail due to a design issue. As a result, your MacBook may not charge or only charge intermittently when it’s connected to a power adapter with an affected cable.

Apple will provide a new, redesigned USB-C charge cable, free of charge, to all eligible customers. This program also covers Apple USB-C charge cables that were sold as a standalone accessory.

For MacBook owners who provided a valid mailing address during the product registration process or Apple Online Store purchase, Apple will send you a new cable by the end of February 2016.

All other eligible MacBook owners should use the replacement process below to receive a new USB-C charge cable.

How will you know if you have a bad cord?

Affected cables have “Designed by Apple in California. Assembled in China.” stamped on them. New, redesigned cables include a serial number after that text. See images below.

apple usb c

Apple will need the serial number of your MacBook to make sure you qualify for a replacement cable. You can take your MacBook to an Apple Store, an Authorized Apple Service Center or contact Apple Support.

iPhone “Error 53”: a “feature” that bricks your phone

 

What is “Error 53”?

This “feature” effects any iPhone that has the fingerprint sensor in the home button. It does not matter if you don’t use the fingerprint function — there’s a chip built into the home button cable that is synchronized with the main logic board. If that chip or cable is damaged, the home button works fine (without fingerprint). BUT the next time you upgrade the iOS the phone ends up in an endless boot loop. Why? Because the logic board asks the chip “you out there?” and if there’s no response (because the chip is damaged) the phone locks down to “protect your security.” In a stunningly brilliant move rather than have a useful “this is why it’s not working” message pop up, the cryptic “Error 53” rears its ugly head.

Why should you care?

Ever broken your screen? If the “3rd party” tech fixing it isn’t extra careful you could be carrying around a $600+ iBrick at your next update. The idea here is that Apple wants you to bring in your phone to Apple for repair. Then they can pressure you to upgrade or repair/replace the device for a kingly sum (it IS Apple and that IS what they do.)

I have personal experience with this “feature.”

Because I repair screens on phones, I ran into this “feature” shortly after the i6’s were released. I ended up replacing two i6 phones for customers because I damaged the home button cable. At that time, Apple Support had no way to “fix” the issue — at least that was the story I received from them at the time. They initially quoted me $300 for the home button repair (A new phone was $700 then) before deciding that they couldn’t help me at all. There is no insurance for small devices like phones for techs — I had to pay for the phones out of pocket. Ouch.

It gets worse

It would seem that “Error 53” is coming up for people that have never had their phones repaired or cropping up much later after a repair was made. Apple’s justification for this is (as sent to ZD Net):

“We take customer security very seriously and Error 53 is the result of security checks designed to protect our customers. iOS checks that the Touch ID sensor in your iPhone or iPad correctly matches your device’s other components. If iOS finds a mismatch, the check fails and Touch ID, including for Apple Pay use, is disabled. This security measure is necessary to protect your device and prevent a fraudulent Touch ID sensor from being used. If a customer encounters Error 53, we encourage them to contact Apple Support.”

The thing is — you can’t just swap the home button and have the fingerprint move with it. The fingerprint data is stored on the logic board of the phone. There appear to be no “smarts” in the home button chip that store any information other than how to read a fingerprint and to “phone home” to the logic board. If you swap the button, all you get is a fingerprint-less “regular” home button. iFixit tested this.

And the lawyers salivate

In what should be a surprise to no one, Apple is currently being slapped with a bunch of class action lawsuits. I don’t think this type of action is necessary, but it might be the only way to get Apple to figure out a better way to handle this “feature.” Or (and probably more likely) it will encourage them to “dig in” and fight all the way. That helps no one. Including Apple.

 

For a really nice Q&A layout to the Error 53 issue, check out this article by  of ZDNet:
http://www.zdnet.com/article/iphone-error-53-what-we-know/

Here’s the link to iFixit’s Investigation of Error 53:
http://ifixit.org/blog/7911/error-53-iphone-6s/

Microsoft Fetch! guesses the breed of your dog — or what breed you are.

fetchmicrosoft_0_0

Microsoft Garage recently released a fun new iPhone App — Fetch!

It’s Joey and Fletcher Approved — it correctly identified their breeds even though I purposely took *terrible* pictures of them. Their faces were mostly covered as they slept. I haven’t had the nerve to find out if I belong in their “pack.” 🙂

From the Microsoft Press Release:

Man’s best friend has inspired a new app – Fetch! Using your iPhone camera or photo library, it can identify and classify dogs by breeds and tell you what kind of human personality fits best with specific breeds. And just for fun, the app will even take an informed guess on what kind of dog you or your friends might be.

Released through the Microsoft Garage just in time for the American Kennel Club’s Meet & Compete and the Westminster Kennel Club Dog Show, this mobile app demonstrates the potential for Microsoft  researchers’ continued advances in artificial intelligence, which have already appeared in other playful ways through Microsoft Project Oxford-powered experiences such as HowOld.netTwinsOrNot.netMyMoustache.net and Mimicker Alarm. In Fetch!, Project Oxford works together with some powerful new machine learning technology to deliver interesting results for all kinds of photos.

“There was an interest in creating a framework that would allow you to take a domain – in our case, dogs – and recognize numerous classes, such as breeds. We were interested in enabling an app to allow you to make object recognition extraordinary, fun and surprising,” says Mitch Goldberg, a development director at Microsoft Research whose Cambridge, U.K based team built the experience. His team works at the intersection of user experience, machine learning, computer vision and more recently, intelligent cloud services. He’s also had two German shepherd dogs, though now he has a cat. “We wanted to bring artificial intelligence to the canine world. We wanted to show that object recognition is something anyone could understand and interact with.”

Fetch! is designed for repeat use, and after giving it a couple tries, it’s easy to see how addictive it can be. You start with your dog, or your friends’ dogs. If the dog’s breed is unknown, the app will show a percentage of the closest breed. Tapping the percentage rosette leads to the top five breeds that could be in the dog. Clicking on the arrow in the corner leads you to more information on the breed.

“If you want to take photos of dogs, it will tell you what dog breed it is, if it’s one of our supported breeds,” Goldberg says. “If I choose to take a photograph of a flower, it’ll say, ‘No dogs found! Hmmm… This looks more like…flower?’ But if you take a picture of a person, it’ll kick into its hidden fun mode. And in a playful way, it’ll communicate to you not only what type of dog it thinks you are, but also why. It’s fun to see if the app knows it’s not a dog. A lot of the time, it’ll tell you what that image is. When there’s not a dog, you still want to use it.”

No two pictures yield the same result. You could resemble a Doberman Pinscher in one photo (sunglasses, no makeup) or a Pekingese (no glasses, makeup) in another. If you photograph an inanimate object, it might tell you, “No dogs found!” and make an informed guess at what it is.

If you like what you see, you can share the image on your social networks and through email.

 

Windows 10 UPGRADE should always be FREE.

Source: https://www.thurrott.com/windows/windows-10/64450/the-windows-10-upgrade-should-always-be-free

Paul Thurrott does an outstanding job laying out the case of why the Windows 10 Upgrade should always be free.

I think that Microsoft will do the right thing. And today, I’d like to make the case that this is the only correct outcome. It is in fact, “the only outcome.”

That Microsoft gets that the world has moved on is obvious: They’ve evolved Windows into an always-updated modern monstrosity, and Windows 10 is now updated as if it were a simpler mobile OS or a cloud service. Yes, there are some fits and stops along the way, but this first year is all about making that transition.

Given this, it doesn’t make sense to return the Windows 10 upgrade to the paid model from the past. That is, once you’ve paid for Windows—by getting it with a new PC, usually—you’re entitled to free upgrades for the life of that device, just as you are (basically) on Android and iOS. The passage of 12 months of time doesn’t change that at all: If a customer still using (the still supported) Windows 7 in August 2016, or January 2017, or whatever, wants to upgrade to Windows 10, it is still in Microsoft’s best interests that that happen. And it should be as frictionless as possible. It should be free.

I agree. It’s the most logical decision. We’re moving to a subscription based, always on and in the cloud economy. Apple has already somewhat embraced this — it’s the model we’re all using for our smartphones already.

Why Microsoft wants everyone to have Windows 10

Microsoft is in what appears to be a huge rush to get everyone to upgrade to Windows 10. They’ve even put a date on when they will quit giving it away for free: July 29, 2016.

Why is that and what’s the rush you ask?

There are a few good reasons to get everyone on the same playing field. It’s easier to issue patches and updates if you don’t have to create and test four (or more) different versions of whatever exploit the bad guys found. You wouldn’t have to worry about anything that was over 10 years old and still using software that has been full of security and performance holes for the last eight. That old, slow hardware that diminishes the customer experience can be retired. These are the reasons that come from the top of my head. There are more and (likely) better reasons than these few.

So how will Windows make money off of this? They’re giving it away for free.

One billion devices. (It’s necessary to do that line with your best Dr. Evil voice impersonation.) Microsoft has set a goal of getting Windows 10 on one billion devices. The fastest route to that goal is giving it away for free. They have a sunset date of July 29, 2016 but it seems logical for them to continue past that date as they haven’t quite reached one quarter of their goal (200,000 at last report). One billion devices delivers enough customers for developers to come back to the Windows Store and start designing those Apps we’ve all become so familiar with. The Windows Store really is pathetic compared to Apple’s iTunes and Android’s Google Play stores. Apple already is on over a billion devices and reported $31 billion dollars in sales per year. In Apps and “services”. That’s not a fair comparison you say? Microsoft is an operating system on a computer, not a phone. True — until now. Microsoft is building Windows 10 as a “universal platform” that works on all your devices from desktop to tablet to phone. It’s designed the App Development kit to enable developers to take advantage of all those different screen sizes in one set of code so that the experience is consistent across all those different devices.

Microsoft is taking a page from the Apple and Google model.

Apple gives away its OS. So does Google (Chrome OS). Apple makes its money from a 30% cut of the pie for every sale in it’s app store. Google primarily sells advertisements (and by extension your tracked data). Microsoft giving away Windows 10 to encourage you to engage in their own subscription model. Office 365 is the current “flagship” with what Microsoft hopes is the Microsoft Store nipping at its heels IF they can get the developers on board. Microsoft has been dabbling with the advertising (like in the free email client Outlook.com), but so far has stayed away from it on most other things. I hope they continue to do so. I will gladly pay for a subscription if it means I can stay “commercial free.”

It ends up being a numbers game.

One billion devices provides incentive for developers to create; users to buy and Microsoft to make money. They take a “hit” on revenue up front, but in the long game they come out ahead as we buy Apps and Office365 and whatever other subscription based product they come up with. It makes sense to me to just continue to offer Windows 10 for free as an upgrade with a small fee for the OS on new devices that would be part of the purchase price (like it is now). Only time will tell what strategy Microsoft will use but it looks like they’re on a path that can keep them relevant and solvent. Even when they’re “giving it away.”

Source Article for my ramblings: http://www.businessinsider.com/microsoft-windows-10-free-upgrade-2016-1

Web link crashes Safari on your iPhone or Mac

It works on Android too — and it’s not a good idea to do it on either.

So far it looks like a “harmless” prank. If you visit the site crashsafari.com (please don’t) it will crash the Safari browser on Mac and iOS (phone) devices so hard that you’ll likely require a reboot. It appears to do the same to Chrome on Android devices and PCs.

From the Endgadget article:

“There doesn’t appear to be any malware lurking behind the code, and you should be fine once you restart your browser or device. However, there are concerns that someone could use the crash to compromise your security (some attacks rely on crashes to open vulnerabilities)… or at least, use a URL shortener to hide the link and pull a prank.”

Read the full story here: http://www.engadget.com/2016/01/25/web-link-crashes-safari/