News

Apple has announced that it only expects your £500 iPhones, iPads and Apple Watches to only last three years and Mac computers only four.

As part of the company’s new environmental push, which includes its new Apps for Earth campaign with the WWF, Apple has listed how long it expects its products to last for their “first owners” and therefore how much they contribute to the greenhouse gas lifecycle.

Within a new question and answer section Apple said: “Years of use, which are based on first owners, are assumed to be four years for OS X and tvOS devices and three years for iOS and watchOS devices.”

That assessment doesn’t take into account the recycling of devices, their reconditioning and their resale, of course, but when you buy a new iPhone 6S for £539, Apple only expects it to last three years, something many suspected. Apple has been accused of intentionally slowing down iPhones every time a new one is released, although there is little evidence to support the theory.

Until recently the company only provided software support for an iPhone or iPad for around three years, typically providing two major iOS version updates from the moment they were released. The launch of iOS 8 and then iOS 9, which still supports the iPhone 4S released in October 2011, changed that.

Mac computers, however, have much longer software support lives. The latest version of Apple’s computer software OS X 10.11 El Capitan still supports computers from 2007, despite Apple only expecting Mac computers to last four years.

Apple also slipped up, indicating that it could rebrand its computer operating system OS X as MacOS. The clause talking about the life expectancy of Apple computers originally said it was “assumed to be four years for MacOS and tvOS devices”, but was later changed back into line with current branding to “assumed to be four years for OS X and tvOS devices”.

The MacOS brand ceased to be used after version 9.2 in 2001, replaced by OS X 10.0 Cheetah later that year. Whether the slip up and correction indicates that Apple will switch back to its MacOS branding is unknown. The company could be running into issues with its naming, as OS X – pronounced OS 10 – is currently at version 10.11. Will it continue to use decimal places to describe its new OS versions, or will it revert back to MacOS and release an eleventh version? And will anyone care what it’s called beyond technology enthusiasts?

Great News for iPhone Users

Apple has said sorry to iPhone customers whose phones were disabled after third-party repairs, and issued a fix for the problem.

Some users found that their iPhone stopped working following servicing by a non-Apple technician and saw an “error 53” message in iTunes.

Previously, Apple had said the error was a “security measure” taken to prevent fraudulent transactions.

Now, the company has released a software update to fix the error.

In a statement, Apple said that “error 53” occurs when a device fails a standard security test designed to ensure that the Touch ID fingerprint scanner is working correctly.

However, the company added: “We apologise for any inconvenience, this was designed to be a factory test and was not intended to affect customers.

“Customers who paid for an out-of-warranty replacement of their device based on this issue should contact AppleCare about a reimbursement.”

A software update has now been released so that iPhone customers with disabled phones may restore their device via iTunes on a PC or Mac.

Apple ‘prodded’

“To me, there was a lot of logic in what they said around the ‘error 53’ element,” said mobile analyst Ben Wood at CCS Insight.

“If you’re using your fingerprint to unlock sensitive data or make payments and there was the ability for someone to replace the screen and modify the module to take control of your phone – that’s not a good thing at all.”

Mr Wood added that Apple faced something of a backlash over the error after it appeared “retrospectively” on repaired phones following a software update, and was not something iPhone users had expected. Apple had even faced a class action lawsuit led by a Seattle-based firm over error 53-disabled phones. “I think it’s a sensible decision by Apple, If they’ve found a way to allow people to do repairs to the phone without that error occurring, that’s great news.”

Researchers have discovered a bug that could affect hundreds of thousands of internet-connected devices, apps and software.

The flaw makes it possible for an attacker to  remotely take control of hardware such as computers, internet routers and smartphones. Found in one of the building blocks of the internet, it could also affect websites and apps.

A patch has now been released to fix the vulnerability, but it still needs to be widely adopted.

What devices are affected?

The vulnerability affects devices that run the Linux operating system. While exact figures for how many devices may be affected are not available, they could include surveillance cameras, wireless routers, servers and internet of things devices, such as smart washing machines.

“Sometimes baby cameras run Linux as well, and they’re sometimes connected to the internet,” said Steven Murdoch, a security researcher at UCL. “There has been concern that these had security vulnerabilities that would allow people to access them. This is another example of those vulnerabilities.”

The bug could also affect Linux computers, Bitcoin software and anything built using the Python, PHP and Ruby on Rails programming languages. Examples of services that use these languages include Dropbox, Facebook and Twitter.

Google’s Android runs on Linux, but “most Android phones will not be affected because they use a different version,” said Murdoch. But some Android apps could be affected. Major systems like Windows and Apple’s OS X are not affected.

What is the bug?

The bug was discovered by Google security researchers. It was found in glibc, an open source library of code that is used in web development and internet-connected devices. “Glibc is one of the core parts of the Linux operating system,” said Murdoch.

There is a flaw in the code, which could be exploited let an attacker remotely access a device that uses the operating system. Google discovered that the flaw has been in the code since 2008.

The Google researchers said that “to our surprise” the people who maintain glibc were alerted of the bug in July 2015.

“We couldn’t immediately tell whether the bug fix was underway, so we worked hard to make sure we understood the issue and then reached out to the glibc maintainers,” said the Google security researchers.

A separate team of security researchers at Red Hat were already studying the bug’s impact.

What can you do to protect yourself?

“The main thing to do is regularly download the security updates for connected devices,” said Murdoch.

Companies have been known to stop releasing security updates when they stop selling a product. Murdoch urges customers to complain in this instance.

“If they’re not getting updates then they should complain,” he said. “Manufacturers are responsible for providing updates, as connected devices are inevitably going to have vulnerabilities like this at some point.”

Google has released a security patch for developers that have used the system. And it has created what is known as a “proof of concept” attack, which developers and manufacturers can use to test their software for the flaw.

Reported from the Daily Telegraph

It is the message of certain doom and will render your Apple iPhone completely useless and worthless and there is no fix or warning.

Thousands of iPhone 6 users claim they have been left holding almost worthless phones because Apple’s latest operating system permanently disables the handset if it detects that a repair has been carried out by a non-Apple technician.

The issue appears to affect handsets where the home button, which has touch ID fingerprint recognition built-in, has been repaired by a “non-official” company or individual. It has also reportedly affected customers whose phone has been damaged but who have been able to carry on using it without the need for a repair.

But the problem only comes to light when the latest version of Apple’s iPhone software, iOS 9, is installed. Indeed, the phone may have been working perfectly for weeks or months since a repair or being damaged.

After installation a growing number of people have watched in horror as their phone, which may well have cost them £500-plus, is rendered useless. Any photos or other data held on the handset is lost – and irretrievable.

Tech experts claim Apple knows all about the problem but has done nothing to warn users that their phone will be “bricked” (ie, rendered as technologically useful as a brick) if they install the iOS upgrade.

Apple say – “When an iPhone is serviced by an unauthorized repair provider, faulty screens or other invalid components that affect the Touch ID sensor could cause the check to fail if the pairing cannot be validated. With a subsequent update or restore, additional security checks result in an ‘error 53’ being displayed … If a customer encounters an unrecoverable error 53, we recommend contacting Apple support.” – in other words pay us what we want to fix your phone or else!

So if you have had your iPhone repaired by an unauthorised Apple Tech (and therefore a lot cheaper) do not run the upgrade

It was announced at the weekend that  a County Council (Lincolnshire) had been hit by a Ransomware demand for a £1 Million ransom to unscramble their data. Ransomware encrypts data on infected machines and only unscrambles it if victims pay a fee.

Presently, the attack appears to have been distributed via email, so once again users are advised to exercise great caution over what they run on their computers – especially if it arrives via unsolicited email.

So how can you prevent an attack:-

  1. Have a good anti-virus package that is updated regularly and sweeps your computers on a frequent basis.
  2. Ensure that your anti-virus software links into your e-mail program and removes any viruses that are sent to you.
  3. If you see an e-mail from somebody you don’t know – don’t open it.
  4. If you get an e-mail from somebody you do know but it looks strange (just a website address for instance) – don’t open it. They might have the infection it is trying to spread itself.
  5. Regularly back-up all your important data.
  6. Use common sense and err on the side of caution – if it doesn’t look or feel right then it probably isn’t.

If you are caught don’t pay – your computer may have to be wiped and start again, but if your back-ups are up to date this will be an annoyance more than anything but it is better than paying a ransom.

We are now exactly 6 months into the offer from Microsoft to upgrade your Operating System to Windows 10.  Anybody who knows me would say have you upgraded your own computers as you always claim never to upgrade to a new OS until Service Pack 1 has been issued to fix the major errors.

Well in this case I have upgraded just about all of my PC’s and Laptops – except those which are used for specific tasks – and I must say I like Windows 10.  There are still some bits I find annoying, but on the whole I think it is an improvement. Boot times are much faster, and things just seem to work. So I recommend that you upgrade without delay and start getting used to the new system.

One or two caveats though:-

  1. Before you run the upgrade Back up everything important like documents, emails, etc. The process shouldn’t lose anything but you never can tell.
  2. During the upgrade process you will be asked if you want to do an Automatic (recommended) update or manually configure. I recommend the manual configuration as this allows you to select what information your system will send to Microsoft about your system on a regular basis.
  3. The process can take a few hours depending on your PC and Internet Connection (If you are on a Monthly Download Limit take care) but for most of the time you can just leave it alone and it will upgrade away on its own.

If you need any help or advice, please do not hesitate to call

Engineer phone scams

A scammer will call and tell you that you have got a virus on your computer, and that only they can help you remove it. They’ll pretend to be from Microsoft or some other big name, and talk you into downloading some form of software that allows the caller to access your computer, so that they can ‘remove the virus’.

Once you give them access, they will put an actual virus on your computer and demand a huge fee to remove it. However, they have also got access to your financial details so the scam doesn’t end when they’ve removed the virus.

They will almost certainly try to empty your bank account or spend on your credit card too. They have even called me on this one but I confused them by asking which of the many computers I was on had the virus (well I am a techie after all) and he couldn’t answer so I hung up. But I know of one person who lost £4,000 because of this very scam and i had to clean their computer.

What is end of support?

Starting from 12 January 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical supports and security updates. Internet Explorer 11 is the last version of Internet Explorer, and will continue to receive security updates, compatibility fixes and technical support on Windows 7, Windows 8.1 and Windows 10.

Internet Explorer 11 offers improved security, increased performance, better backward compatibility and support for the web standards that power today’s websites and services. Microsoft encourages customers to upgrade and stay up-to-date on the latest browser for a faster, more secure browsing experience.

What does this mean?

It means that you should take action. After 12 January 2016, Microsoft will no longer provide security updates or technical support for older versions of Internet Explorer. Security updates patch vulnerabilities that may be exploited by malware, helping to keep users and their data safer. Regular security updates help protect computers from malicious attacks, so upgrading and staying current is important.

Many of you will have heard by now that Support for Windows XP Ends on April 8, 2014. Since then, many of the Business Customers I have talked to have moved, or are in the process of moving, their organizations from Windows XP to modern operating systems like Windows 7 or Windows 8.  In fact, I have been helping two large organisations; Legal & General and Brighton & Hove Council do just that.

There is a sense of urgency because after April 8, Windows XP Service Pack 3 (SP3) customers will no longer receive new security updates, non-security hotfixes, or online technical content updates.  This means that any new vulnerabilities discovered in Windows XP after its “end of life” will not be addressed by new security updates from Microsoft.  Still, I have talked to some customers who, for one reason or another, will not have completely migrated from Windows XP before April 8.  I have even talked to some customers that say they won’t migrate from Windows XP until the hardware it’s running on fails.

This of course is a major issue as the newer versions of Windows will mean in a large number of cases for Home Users a New PC as their old one just won’t be powerful enough to run Windows 7 or 8.  For the majority of my Home Users and Small business Customers this is a valid argument, especially in the current financial climate.  One important thing to note is that your computer will not stop working and providing you take all your usual precautions then your computer will continue working into the future.

But what is the risk of continuing to run Windows XP after its end of support date?  One risk is that attackers will have the advantage over defenders who choose to run Windows XP because attackers will likely have more information about vulnerabilities in Windows XP than defenders. Let me explain why this will be the case.

When Microsoft releases a security update, security researchers and criminals will often times reverse engineer the security update in short order in an effort to identify the specific section of code that contains the vulnerability addressed by the update. Once they identify this vulnerability, they attempt to develop code that will allow them to exploit it on systems that do not have the security update installed on them. They also try to identify whether the vulnerability exists in other products with the same or similar functionality. For example, if a vulnerability is addressed in one version of Windows, researchers investigate whether other versions of Windows have the same vulnerability.

But after April 8, 2014, people that continue to run Windows XP won’t have this advantage over attackers any longer.  The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse engineer those updates, find the vulnerabilities and test Windows XP to see if it shares those vulnerabilities.  If it does, attackers will attempt to develop exploit code that can take advantage of those vulnerabilities on Windows XP.  Since a security update will never become available for Windows XP to address these vulnerabilities, Windows XP will essentially have a “zero day” vulnerability forever.  How often could this scenario occur?  Between July 2012 and July 2013 Windows XP was an affected product in 45 Microsoft security bulletins, of which 30 also affected Windows 7 and Windows 8.

Some of the people I have discussed this scenario with are quick to point out that there are security mitigations built into Windows XP that can make it harder for such exploits to be successful.  There is also anti-virus software that can help block attacks and clean up infections if they occur.  The challenge here is that you’ll never know, with any confidence, if the protection you have can actually be trusted because attackers will be armed with public knowledge of zero day exploits in Windows XP that could enable them to compromise the system and possibly run the code of their choice. Furthermore, can the system’s APIs that anti-virus software uses be trusted under these circumstances? For some customers, and to be honest most home users, this level of confidence in the integrity of their systems might be okay, but for Business Users this might not be acceptable.

As for the security mitigations that Windows XP Service Pack 3 has, they were state of the art when they were developed many years ago.  But we can see from data published in the Microsoft Security Intelligence Report that the security mitigations built into Windows XP are no longer sufficient to blunt many of the modern day attacks we currently see.  The data available on malware infection rates for Windows operating systems indicates that the infection rate for Windows XP is significantly higher than those for modern day operating systems like Windows 7 and Windows 8.

This new data shows us that the predominate threats that individuals and organizations face are now much different than they were when Windows XP Service Pack 3 was released. Turning on the Windows Firewall in Windows XP Service Pack 2 and later operating systems forced attackers to evolve their attacks.  Rather than actively targeting remote services, attackers now primarily focus on exploiting vulnerabilities in client applications such as web browsers and document readers. If these are kept up to date then this will lessen the areas that are vulnerable.

 

In addition, attackers have refined their tools and techniques over the past decade to make them more effective at exploiting vulnerabilities. As a result, the security features that are built into Windows XP are no longer sufficient to defend against modern threats. It’s a bit like having a burglar alarm and going away for a few days and you have that nagging doubt that you might have left a window unlocked and until you get home you will never know if you are safe.

So you might ask am I updating my own systems and the answer is that yes, over the coming months I will be upgrading all my own systems to Windows 7.  I have chosen this version of Windows over Version 8, because in my opinion it is far superior.  Windows 8 is great if you have a Tablet PC or a Touch Screen but for most people who don’t they will find it unwieldy and somewhat annoying.  Windows 8 can be reset to be more like Windows 7 – with a start button for instance, by using Windows 8.1 – but I don’t like it personally.  If you want some personal advice relating to your own systems then please contact me either by telephone, e-mail, or send me a message through my contact page.

Best wishes

David

The Vobfus virus is good at infecting all the machines on the same network, say researchers

Two computer viruses that collaborate are proving hard to clean from infected PCs, Microsoft research suggests.

The pair of viruses foil removal by regularly downloading updated versions of their malware partner.

The novel versions are usually unknown to anti-virus programs which let the malicious programs persist.

Once present on a PC, the viruses let thieves take over a machine so it can be mined for saleable data or used to send spam or to attack other machines.

The close relationship between the two viruses was revealed in a blogpost by Microsoft malware research Hyun Choi.

Mr Choi said that the two Windows viruses, known as Vobfus and Beebone, were regularly found together. Vobfus was typically the first to arrive on a machine, he said, and used different tactics to infect victims. Vobfus could be installed via booby-trapped links on websites, travel via network links to other machines or lurk on USB drives and infect machines they are plugged into.

Once installed, Vobfus downloaded Beebone which enrolled the machine into a botnet – a large network of infected machines.

After this, said Mr Choi, the two start to work together to regularly download new versions of their partner in cybercrime.

This, he said, was a powerful mechanism that helped it keep a foothold on infected machines.

“In the case with Vobfus, even if it is detected and remediated, it could have downloaded an undetected Beebone which can in turn download an undetected variant of Vobfus,” he said.

“The two threat families are intrinsically related,” wrote Mr Choi, adding that the “cyclical relationship” had helped Vobfus become a persistent problem since 2009 when it first appeared.

Defeating the two viruses was tricky, he said, because Vobfus was so good at travelling via networks. As well as keeping software up to date he recommended disabling the “autorun” feature on Windows machines as Vobfus exploits this when it arrives via USB drives. In addition, he said, people should be wary of clicking links on external websites to avoid falling victim to booby-trapped URLs.

 

From the BBC Website Click Here for Full Story

Copyright Inatos Networks Ltd © 2016. All Rights Reserved.


Inatos Networks Ltd., Company Number 04727552 Registered in England.

Registered Office: 93 Bohemia Road, st Leonard's-on-Sea East Sussex. TN37 6RJ