What is an SSD?

What is an SSD? – Solid State Drives

Old Hard Drives (HDD)

In simple terms, old HDD’s had platters, similar to a CD or DVD. The platter spun around in the HDD case. There would then be a head that read the data from the surface of the platter, similar to the laser in a CD player. Although the platters in a HDD are magnetic.

The problem with these HDD’s is that if the head, arm, platter is damaged then the data could be lost for good. (Data recovery can cost thousands this is why we suggest a backup and then backup that backup!) Think of driving a car along the road, the wheel is in motion and then you hit a curb, you could damage any number of suspension components. If you drop your laptop, while it’s on especially and the hard drive head goes into the platter and damages the platter. That part of the disk could be faulty.
Also, because of the constant moving parts this can slow down over time.

This is a video I posted to show what the inside of a HDD looks like

New SSD (Solid State Drives)

Think of a USB memory stick, it has no moving parts and has simply a chip inside that holds your data. This is the same premise for SSD’s they are just chips, working on similar tech to that in a USB memory stick. Because they have no moving parts the memory can be accessed very, very quickly as there is no spinning platter to take 1 read from. Just a memory address.

Inside the SSD

To the right is a SSD with the cover taken off, as you can see, very different from that of a mechanical drive. This drive has a load of microchips which store the data.

SSD’s take less power than their mechanical brothers as there is no moving parts so I have seen operations on battery being longer in laptops being increased when upgrading customers. It really depends on the laptop to how much an extent, but I’ve seen a 20 minute battery operation improvement and also double improvement.

 

If you’re in or around Newcastle upon Tyne we can perform a SSD upgrade for you. Give us a call or email to discuss 0191 500 8640 or sales(@)thecomputersaint.com (take the ( and ) out of the email address to send us an email)

“Ransomware” makes it into the Oxford English Dictionary

The Oxford English Dictionary has taken note of some IT related words.

For 1, Ransomware is defined now as:

A type of malicious software designed to block access to a computer system until a sum of money is paid.

Another new word is “esc”, that is coined by Apple devices. Instead of “Esc” which would be for the PC’s (Dell, HP, etc)

Also “Selfie” and something sounding like someones grandad would use “e-shopping” got into the OED

CPU Kernel Bug: Security issue for millions

You may have heard of a bug in computers that could cause a problem with security. I have gathered some information below to help you understand the problem.

So what is the problem?

The processors kernel is providing a way for memory to be read, by a malicious entity. It could be a hacker or app that reads the memory.

Intel have reported: “these exploits do not have the potential to corrupt, modify or delete data,” However, the act of reading memory could give a route for hackers to read passwords, login details, ciphers and a lot more sensitive data (basically that goes through the processor).

What or who is affected?

At the moment, everyone with a X86 CPU, made by Intel, in the past decade is at risk.

Do you have AMD, ARM or another CPU? You might still be at risk as the instruction sets for x86 are shared between manufacturers, but for AMD, certainly the other big player in the market, they are only slightly affected (https://www.amd.com/en/corporate/speculative-execution)

For ARM, 64 bit processors, there is a Linux kernel patch being developed https://lwn.net/Articles/740393/

I’ll be OK, I have a Mac

You’re wrong this time I’m afraid. Macs also use x86 technology and they’ll need patching, although if you’re up to date with macOS (10.13.2) then you’ll be OK. That patch was released Dec 6th. Further updates will be made in 10.13.3.

Is there anything I can do?

Only make sure your PC is up to date with all OS updates, especially security updates.

Microsoft plan dropping an update on us around the 9th Jan, so look for updates then as well as now!

Don’t install dodgy apps, be careful on what websites you click on, don’t click on click bait. If someone sends you a link that you’re not expecting then ask them if it was them who actually sent the email!

What is a CPU?

Central Processing Unit – Made up of lots of transistors, LOTS, approximately 700million for modern CPUs they control logic and calculate the commands from the kernel.

What is a kernel?

A Kernel is inside a microchip that controls instructions going into your CPU as well as what comes out of it. It’s basically in control of your entire system.

 

Curse of the Bad Rabbit – Ransomware

BadRabbit Ransomware

A new Ransomware threat has infected PC’s in Russia and multiple other countries stretching to the other side of the globe. Corporate systems at Interfax as well as two other Russian media companies seem to be first affected. But has been seen in Poland and South Korea.

In Ukraine, Odessa airport, the Kiev metro, and the Ministry of Infrastructure were also infected. It is the usual sign of a ransom for encrypted files.

The team at ESET. Antivirus have said this is a strain of the Diskcoder.

Screen shot of the BadRabbit ransomware (Source: Group-IB)

The software will pose as a false adobe flash update to seduce victims to installing the malware, the software would be installed by people visiting these websites according to IB-Group. There may be other websites that are infected.

https://twitter.com/GroupIB_GIB/status/922972032098291718

Once installed on a Windows PC, the malware will actually use a legit open-source tool: Mimikatz to seek out file server login details from the memory on the computer. The software will then spread via SMB shares on the same network.

There is some news to show that it has used a leaked CIA hacking tool as WannaCry did a few months back.

The Master Boot Record will be changed and this will display a start-up screen and not allow progress via this screen. The BadRabbit ransomware will also have a countdown till the price actually goes up. This will force companies and individuals to make a quick decision and possibly more likely to pay. Remember if you pay you are more likely to get attacked more often as the attackers know who pays.

The payment required is 0.05BTC which is just a little over £200.

Signs of infiltration

If you’ve had network connections to caforssztxqzf2nm.onion, or downloads from the following sites:

hxxp://1dnscontrol.com/flash_install.php

hxxp://1dnscontrol.com/install_flash_player.exe

are obvious signs of infiltration.

But the software might pop-up with a sign asking you to disable or stop current AV or malware protection. Some AV packages have spotted it already.

According to Kaspersky Lab, if you prevent these files from executing you should be able to disable BadRabbit from starting to run.

C:\Windows\infpub.dat

C:\Windows\cscc.dat

But you should check the Flash update you’re installing is legit even if you have Flash enabled.

Backing up and having a system image backed up regularly is one way to have a small amount of post-malware protection. But anti-malware software is one of the best remedies to protect yourselves. But checking updates are legit is the best way and not clicking on dodgy links!

iPad, iPhone, Mac Book and Apple Watch devices are locked for ransom!

It has come to light from middle of September that there has been attacks on apple devices.

The attack manifests itself as a malicious person getting through the security of users’ icloud account using the “Find My Device” feature.

The malicious person will set a specific device to “lock”, this will enable the iPad, Apple Watch, Mac Book or iPhone to be locked, in theory so a thief can’t access the data and make the device unusable and once you have the device back in the correct persons hand you’ll then input the code to make it all work again.
Except in this circumstance people are seeing a message along the lines for “pay me X.XBTC to address XYZ and I’ll send you a code to unlock”.

The hacked accounts are often users who use the same passwords for different sites, where those sites might have been compromised. It is advisable to change your icloud login details to something else if you are a person who uses the same logins for different sites.

 

Some people and sites are advising to disable the “find my” device service, but that rather defeats the object of the service. However as some have also pointed out Mat Honan (Journalist) was hacked after a successful attack after someone called the Apple support to change his password with his billing address and his last 4 digits of his credit card. You can read about that below.

How Apple and Amazon Security Flaws Led to My Epic Hacking

Bad emails. Spotting and dealing with them

Bad emails / Malware emails / Scam email

Emails fly about between servers and computers all day, thousands every second around the world are sent. Most of the emails are legitimate. But the email system is open to abuse. There are holes in it.

I categorise bad emails in 2 sections, those with attachments and those who try and get you to download attachments. The 2 examples below are the latter.

Bad emails

How do you know a legitimate email?

Above is an image of what I call a bad email. It’s an email that looks perfectly good, from Dropbox, it even has a no reply email from dropbox. But clicking on the “view file” link will take you off to a website that is unknown. It might be a site that looks like Dropbox, but even by clicking that link the sender of the email will know they have a live email address. This could be the start of a series of targeted emails to gain personal information / money / trust etc.

 

So how do you tell this is a bad email?

First, think who is this person, Nathaniel Walsh? If you know him, great, but DO NOT assume the file is safe.
Are you expecting an email from him with a statement? If you’re not, give him a call and ask him, it takes 2 minutes! If he has not sent you an email then it could be a scam, his computer or email system could have been breached and you and other people from his address book might have been targets by scammers/hackers.

Also check the links in emails, don’t click on them! But hover your mouse over the link and see where it will take you. If it is a place that isn’t that of the email that has been sent, then it is likely a fraudulent email.

Another example

Bad emails efax

Take a look at this image of an email. You think someone has tried to use 20th century technology in a 21st Century way. You might wonder what it is. But first, do you recognise the caller ID? It is 0151, a quick google shows it is from Liverpool. Are you expecting anything from a company in Liverpool? Do you do business with a company in Liverpool? If you look at what is sent via fax, really only legal documents are faxed these days. There will be the odd occasion when faxes are used, but it is rare and it has been felled by email and pdf documents.

You will also notice the domain the link sends you to is about truck hire Australia, have you hired a truck in Australia from a company in Liverpool?! This is obvious that it is spam or a scam as those 2 situations for myself are untrue.

Again, if you have hired a truck in Australia from a company in Liverpool, give them a call and ask, “have you sent me an efax message?” If they say no, it’s a scam! Maybe it is a coincidence or maybe it’s a specific attack.
If you suspect it is a specific attack attempt then you engage with our security consultation service and we can advise. Contact sales@thecomputersaint.com to consult with us.

 

If you find yourself with an email and an attachment from either a known person or unknown person then follow the rule of call that person up. Ask them if they’ve sent you an email with an attachment. If they haven’t tell them you have received something from them, they should investigate this and you might need to send the email to their IT team. It’s unlikely to do any damage sitting in your inbox. If you click links or download the file then that is when the damage is done.

Even with files that attached and from a trusted source, that you are expecting you should download the file to a directory (or folder) on your computer and then with modern antivirus software you can run a scan on the file and tell if it is safe. Don’t run the file, even if it is a .docx (document) file or something you’ve trusted in the past.

 

Emails with attachments

Emails often come to us with an attachment; most modern antivirus software will allow us to scan as the attachment is downloaded. This method is good if you’re using a laptop to download an email. I’ve sometimes been emailed by family members, colleagues or customers who have had some malware infect their computer, only to find I get an email from them with a strange attachment that I was not expecting.

If you have an email like this, the advice is the same as above: call the person and ask them if they’ve actually sent you an email as they might not know they have a problem. If they have then it should be OK, but you should download the email and scan it first with Antivirus anyway!

 

To summarise:

Identify emails.

Call the person you’ve got the email from.

If you get a bad email:

Don’t click the links, see where the link goes.
Tell the company in question, some of the larger companies especially have teams of people (IT team normally) who deal with SPAM & Bad emails. The company might ask for the email to be forwarded to them.

Scan any downloads with a virus program. I like Avast or AVG (free versions are good)

 

Google Glass to make a comeback in Glass 2.0

Google Glass, as a consumer product never really worked or took off. Now with some hard work it is to return, targeted this time at the enterprise business. The large businesses who carry out manufacturing or are a large logistic workforce.

It claims it can reduce time scale for a production line according to their website: http://www.x.company/glass/

You’ll be able to get in contact with a partner of Google to learn more about Glass: https://x.company/glass/partners/

It’ll have better battery life, better MegaPixel count (from 5MP to 8MP), a more powerful processor, better wifi connectivity and also the camera button now doubles as a method to detach the electronics from their frame, making it easier to attach them to prescription or safety glasses

Security warning over data.gov.uk – time to change your password!

Have a data.uk.gov account? You should probably change your password.

The site that people can search for data published by the government has discovered, after a data security review, that some usernames and passwords were placed on a publicly accessible resource.

Following quote is taken from the BBC site: (http://www.bbc.co.uk/news/technology-40443601)

A GDS spokeswoman told the BBC that the breach had affected only data.gov.uk accounts, and people with separate accounts for other government websites were not affected.

She said only email addresses, usernames and hashed passwords were implicated, rather than personal information such as names and addresses.

Hashed passwords are not massively secure, but certainly more secure than clear text passwords. It all depends on the algorithm that is used. But the BBC site also reports that users will need to change their passwords next time they login.

The Computer Saint would also advise changing your password, if the same, on any other services. So if you login with the same details to Yahoo, Google, Hotmail, etc then you should change your password.

You should also keep an eye for fraudulent emails, if you suspect an email is fraudulent then you should contact the website in question and not via the email you’ve just got. Go to the actual website via a browser.

Aquila Drone: 2nd test flight a success!

Facebook Drone: Aquila has successfully completed it’s 2nd test flight. Where as the 1st drone broke up on landing the 2nd incarnation was all good at landing and stayed in the air for 1hr 46minutes.

When complete the drone is pencilled to be able to stay in flight for around 2 months.

It is solar powered and will be designed to bring Internet to remote areas.

It is a good idea, however some remote areas might have a poor weather, so if the drone cannot handle winds and rain and other weather patterns I could see this being good for all areas. But there are lots of places that could certainly benefit from this technology

Read more about it on Facebook site

https://code.facebook.com/posts/200887800439084/aquila-s-successful-second-flight-another-step-forward-in-bringing-the-world-closer-together/