Hackers launch millions of Java exploits, says Microsoft

By Gregg Keizer, Computerworld
November 29, 2011 03:05 PM ET

Hackers launch millions of Java exploits, says Microsoft

Cryin' shame: 60% of Windows PCs lack 18-month-old Java update, adds expert

Hackers continue to launch attacks exploiting vulnerabilities in Oracle's Java software in record numbers, Microsoft said Monday.

Citing research from a recent report, Tim Rains, a director in the company's Trustworthy Computing group, said that up to half of all attacks detected and blocked by Microsoft's security software over a 12-month period were Java exploits.

Altogether, Microsoft stopped more than 27 million Java exploits from mid-2010 through mid-2011.

Computer infected? Blame yourself, Microsoft report concludes

Most of those exploits targeted long-ago-patched vulnerabilities, said Rains.

The most commonly-blocked Java attacks — to the tune of over 2.5 million of them — in the first half of 2011 exploited a bug disclosed in March 2010 and patched by Oracle the same month. Second on the popularity chart for the full 12-month stretch was an exploit of a bug patched in early December 2008, nearly three years ago.

Other bugs that made the actively-exploited list were quashed in November 2009 and March 2010.

Rain's comments followed a similar message from Microsoft in October 2010, when the company said an "unprecedented wave" of attacks were exploiting Java flaws.

Microsoft's findings were no surprise to outside security researchers.

"Most [Windows] machines are just not up-to-date with Java," said Wolfgang Kandek, chief technology officer at Qualys, a California developer of security risk and compliance management software and services.

Qualys regularly mines data from the customers' machines it protects to get a feel for updating practices. And for Java, those practices are pathetic.

"Java updates lag behind seriously," said Kandek, like Rains reiterating a 2010 take . "Eighty-four percent of the machines we see don't have the June 2011 Java update installed, 81% don't have the February 2011 update and 60% don't have the March 2010 update."

Qualys doesn't have enough scanning data yet to measure the patch rate for the October 2011 update , Oracle's latest, but Kandek estimated that as many as 90% of Windows PCs hadn't deployed those fixes.

Enterprises typically patch vulnerabilities in Microsoft's Windows much faster, Kandek continued, citing a "half-life" — meaning that half of all machines are patched — of 29 days for run-of-the-mill Windows bugs. Critical patches are deployed even quicker: Their half-life is about 15 days.

The pervasiveness of Java is one explanation for the high volume of attacks exploiting its bugs, said Andrew Storms, director of security operations for nCircle Security, in an interview conducted via instant message.

But its virtual invisibility to users is another.

"Java is not something [most users] interact with … similar to how Adobe Flash or Reader became the big, but silent, target," said Storms. "It's on everyone's computer, but rarely do you interact with it. [So] from the attackers' perspective, using Java as the silent killer is a smart move. If people don't know what it is or know what it does, they are less likely to update it. As such, you have to imagine there are tons and tons of old vulnerable installs out there."

Some of Qualys' enterprise customers are among those running out-of-date editions, said Kandek. "One issue is internal applications that require older versions of Java," he said.

Qualys' recommendation to companies in that boat: Block Java's use outside the network perimeter.

Criminal developers who craft exploit kits are constantly adding new Java exploits to their wares, Kandek continued, to supplement the older-but-still-effective exploits of older bugs. Those kits already have been equipped with exploits of the bugs Oracle patched in October.

Qualys provides its clients with an exploit mapper that shows which vulnerabilities are being leveraged in such kits. "If they cannot patch every vulnerability, this gives them a list of those that we know are being used in the wild right now," Kandek said.

Others have taken a much more aggressive line on Java.

Noted security blogger Brian Krebs , a former Washington Post reporter, has repeatedly urged consumers to uninstall Java from their Windows machines.

On Monday, echoing Kandek's claim that exploit kits are now armed with attack code that targets Java vulnerabilities Oracle patched in October, Krebs again advised users to scrub the Java plug-in from their browsers.

Microsoft's Rains didn't go that far, instead telling users that they should update Java, and keep it up to date.

"There is just too little focus, even now, on Java and its updates," said Kandek. "It's being exploited … right now."

Incoming search terms:

java exploit 2012
java vulnerability 2012
java exploits 2012
java vulnerabilities 2012
exploit java 2012
java exploit virus 2012
java exploits
2012 java exploits
virus java exploit 2012
java exploits March 2012

Filed Under: InTheNews, SecurityUpdates

Managed IT Services

Rob's PC Solutions acts as your internal IT department to provide routine computer system maintenance for your existing equipment and includes remote technical support.

Call Now for a FREE quote 810-656-2771

With Managed Services, you are provided with a single point of contact and accountability for all hardware, software and computer-related services. Every aspect of your company network can be managed through our office. If at any time you are not completely satisfied you can exit the program with no strings attached.

Why do you need Managed Services?

It has been found that by proactively maintaining your computer systems we can save your business money. Proactive maintenance combined with industry best practices minimizes cost, downtime and keeps employees productive. Managed Services also gives your company direct access to our support center where our technicians solve up to 70% of all technical support issues remotely! Our quick response coupled with a comprehensive maintenance plan will dramatically improve the reliability of your computer systems and reduce your overall investment in computer-related services.

A study by the Gartner Group revealed that by having a managed computer service can save up to 37% over a 3 year period.

If you have 20 computers with Microsoft Windows. Managed Services can offers a savings of up to $40,000 over 3 years.

Managed Services was designed with Small and Mid Size Businesses in mind:

Proactive Maintenance – Managed Services utilizes industry-recognized best practices to keep your computers secure and operating at maximum efficiently.
Quality IT Support – We help small and mid size businesses experience the benefits of computer system automation and proactive maintenance.
Weekly and Monthly Reports – You have the option to receive scheduled reports via email with confirmation of all maintenance performed, problems resolved and recommended actions to help prevent future issues.

Filed Under:

Troubleshooting and Repair

Call us now to speak to a technician who can help you with all your Computer Repair needs. 810-656-2771

Most home office users don't have time to hassle with bringing a computer to a retail repair shop. Why make customers go through the process of unplugging all the wires, packing the PC up in the car, dropping it off for several days, going back to pick up the PC and attempting to set it all back up again. Rob's PC Solutions offers to make it easy by going directly to the customer's home or office to handle their computer troubleshooting and repair needs. Rob's PC Solutions makes it convenient for customers to get their problems solved quickly. In extreme circumstances Rob's PC Solutions will pick up the PC, repair it in-house and deliver it back to the customer ready to plug and play. Rob's PC Solutions also offers drop off services. If you would rather bring your computer into our repair center we will be happy to accept your machine and work swiftly to get you back and running quickly.

Repair services include:

Data Backup and Recovery
Virus and Spyware Removal
Maintainance or upgrades of software and hardware.

Incoming search terms:

troubleshooting and repair

Filed Under:

Computer Services

Sign up for our Newsletter by clicking HERE!

With Rob's PC Solutions acting as your IT department we are able to provide your company with routine computer system maintenance for your existing equipment and any future equipment you may acquire. Services from Rob's PC Solutions provide a single point of contact and accountability for all hardware, software and computer-related services. We're confident that you will be delighted with our service. If you are not satisfied just let our tech know. We will make it right or you don't pay!

Some of the services we offer to businesses are as follows:

Residential Services

Rob's PC Solutions provides fast, affordable solutions to our residential clients. Our technicians can normally provide service direct to your home on the same day you call. Let us take care of all of your computer repair and service needs!

Call us now to speak to a technician who can help you with all your home technology needs. 810-656-2771

Some of the Services we Offer our Residential Customers below:

Spyware, Anti-virus and Internet Security Solutions
Wired and Wireless Networking
Data Backup and Recovery
High-Speed Cable DSL Modem Setup – Information coming soon
Troubleshoot and Repair
Software Training
Shared Internet Solutions
Additional Services

Incoming search terms:

robs pc solutions
computer repair lapeer mi
robs pc solutions lapeer mi
robspcsolutions com
PC SOLUTIONS
computer repair signs
www robspcsolutions com
computer repair
ROBS PC LAPEER MI
robs pc repair

Filed Under:

Home

Today computers are in everything from your automobile to your phone and kids toys. Rob's PC Solutions understands how much of a necessity computers have become in our culture. Rob's PC Solutions has been in business since 1999. Combined with these years of experience Rob also has 9 years of college education in Information Technology.

For Your Computer Service Call 810-656-2771

Business Services

Some of the services we offer to businesses are as follows:

Residential Services

Call us now to speak to a technician who can help you with all your home technology needs. 810-656-2771

Some of the Services we Offer our Residential Customers below:

Filed Under:

About Us

Located in Lapeer, Michigan, we're taking care of technology so that you can take care of business. We are conveniently located at 380 North Saginaw, Lapeer MI, 48446.

Rob's PC Solutions is the only business you need for computer sales and services. Our computer repair service is the most extensive and affordable around. Whether you need virus removal or computer upgrades, we'll get your PC computer running at its optimum performance.

Rob's PC Solutions is also your website designer. Get your business online with website design from Rob's PC Solutions. Our websites are attractive, easy to navigate and will spread the word about your business or event.

When you need to purchase a new computer, don't settle for buying a computer at one of those faceless store chains that offer no computer service. Rob's PC Solutions computer sales are the affordable, smart way to bring home a new computer.

For more information on all our computer services, including computer sales, computer repair service, virus removal and website design, call today at (810) 656-2771 or (248) 210-4672.

Incoming search terms:

computer repair sign
boost mobile 48446
pclapeer
computer repair in lapeer MI
web site designers in lapeer mi
us computer services n
website design lapeer michigan
robs pc repair lapeer mi
robs computer repaur
robert lapeer in mi

Filed Under:

Service Rates

Systems Maintenance and Tune-Up	$60.00
Installation of Windows OS*	$70.00
Analysis and Diagnostics	FREE **
Data Restore	$25.00 First 1Gb / $10 Per Additional Gb
Pick Up or Delivery	$10 + $1.50 / Mile one-way
In Home Computer Setup	$75.00
Networking (Wired or Wireless)	Please Call
On-Site Repairs	$60 / Hour + Service Call
Service Call	$1.00 / Mile One-Way ($5.00 min)
Drop-Off Hourly	$40.00 / Hour
Drive Installation	$15.00 Plus Parts
Hard Drive Data Transfer	$35.00+
RAM Install	FREE with Purchase
Software Install*	$10.00 / Title
Laptop DC Jack Repair	$100.00 Including Part
Web Site Design	Please Call

^{* Rob's PC Solutions can only install software that can be verified by the customer to be legit.}^{Customers must provide all required Software Media and Product Keys / Serial Numbers.

** Free Analysis and Diagnostics are valid for drop-off services only.}

Definitions of Services:

Systems Maintenance and Tune-Up:
Your system will be scanned for Viruses, Spy-Ware, Mal-Ware, Ad-Ware and any other bloat ware. The Windows registry will be scanned for errors. Disk Drives will be tested for proper operation. System Drives will be scanned for file system structure and stability. Computer RAM will be tested. System will be optimized to allow for faster boot times and overall operation. Windows Updates will also be applied unless otherwise specified by the customer.

Installation of Windows:
Windows will either be installed in a new (clean) installation or a repair installation method depending upon situation at hand. Windows will be updated with all current updates unless otherwise specified by the customer. All device drivers will be installed. Software installation is NOT included with the installation of Windows.

Analysis and Diagnostics:
Your system will be looked over and tested to determine the root cause of the issue you are experiencing. You will receive an estimate for repairs upon completion.

Data Restore:
We all value our family photos. In the event that your system drive fails or becomes corrupt we will attempt to recover files from your hard drive. Due to the nature of this process we cannot guarantee any specific results. Rob's PC Solutions will not be held liable for loss of data on any computer device. Please make backup copies.

Pick-Up or Delivery:
We will arrange for your computer to be picked up and/or delivered at your convenience. This service is a per trip charge (1 for pick, 1 for delivery).

In-Home Computer Setup:
We will physically setup your new system in your home and test for proper operations, activate windows, and configure the initial startup. This service includes the installation of up to 2 software titles and 1 printer or other external device.

Networking:
We will run all the cables or install wireless adapters to provide file, printer, multimedia, and internet sharing. Advanced services are also available.

On-Site Services:
To tired at the end of the day, to busy, or worried about all of the wires that hook to your computer. We can provide most of our services at your home or business. Please call to set an appointment for a technician to come to your home or office.

Drop-Off Hourly Services:
Some services cannot be completed within our On-Site Services program. These services and any other services without explicit pricing will be billed at the Drop-Off rate. Pick-up/Delivery Service items fall into this category of billing.

Drive Installation:
We will physically install, test, and configure your new drive. No software or operating system installations are included in this service.

Hard Drive Transfer:
If you upgrade your hard drive but want to keep your existing settings and configurations this is the option for you. We will create a duplicate copy of your old hard drive onto your new drive. Price depends on overall size of data transfer.

RAM Installation:
You just purchased that RAM upgrade now you need to install it. If you are not comfortable putting your hands into your computer we will install it for you. This process is very quick and is FREE with your purchase from Rob's PC Solutions.

Software Installation:
If you need that new program installed let us help. We can install any program you have for you. You must provide the original installation media and any original required key codes (photocopies not accepted).

Laptop DC Jack Repair:
Many laptops are being dropped now days. If your laptop power blinks or does not work at all let us help. We will completely dis-assemble your laptop, remove/repair your existing DC Jack and install your new/repaired DC Jack, and finally re-assemble your laptop.

Web Site Design:
Do you need to get your business on-line. Increase your overall sales and your known image with a new web site. We can create anything from basic business card sites to full blown e-commerce with content management systems. Call for an appointment to determine your needs.

Filed Under:

Hours of Operation

Rob's PC Solutions is proud to serve our clients Monday thru Friday from 9AM – 6PM, after hours and weekends available with a phone call.

Hours of Operation

Due to the nature of our On Site services we are often out of the office. We are still available to assist in your computer repair needs. Just give us a call on either of our phone numbers (810) 656-2771 or (248) 210-4672. **No need to call both as they both get to the same extension**

Incoming search terms:

hours of operation
Hours of Operations images

Filed Under:

Should I Change My Password

Should I change my password?

It seems that the first half of 2011 has been jam packed with report after report of this or that major online service falling prey to damaging security breaches, e.g. Sony, Epsilon, Sega, Nintendo, Fox, Washington Post, Gannett, Distribute.IT, Groupon etc. Groups like LulzSec and Anonymous have been triumphantly publicising their successful penetrations. Of course we hope that the information gathered by those claiming to be ‘white hat’ hackers will never fall into the hands of the bad guys. But can we be sure?

Then there are the succesful penetrations that are made by cyber criminals. Of course these often go unreported by the online services hacked.

So just how can we know if the bad guys have our details? Well of course, a definitive answer is elusive. You’ll probably really only know for sure should the services that are hacked fess up and tell you, or you become the victim of identity theft.

Well as a public service a Sydney, Australia based information security technology professional, Daniel Grzelak, has put together a web site “Should I Change My Password?” –https://shouldichangemypassword.com/, where you can check if you have compromised online accounts by checking your e-mail address.

Daniel has gathered together a number of databases that have been released by hackers into the public domain. He’s then securely stored a hash of the e-mail address, the date of last compromise, and the number of times compromised in an online database that you can easily search. As of 25th June 2011 there were just over 1 million records in the database.

You can now just visit the web site and type in your e-mail address. Daniel promises that he will not capture or store your e-mail address. If there is a match, you will be told how many times and get tips for creating strong passwords and using them safely.

Please remember, just because Daniel’s web site gives you the green light, it’s only saying your account usernames and passwords may be safe. We’d still recommend that you work your way through the various online services you use and make sure you are using different passwords on different services. And of course weak passwords like ’123456′ and ‘password’ simply won’t do. You need to ensure all of your passwords are strong ones.

Steps To Strong Password Perfection:

Don’t:

Use cardinal numbers in order, i.e. ’123456′ is not clever.
Base a password on personal data, e.g. dog’s name, car registration, your name. Never use your mother’s maiden name or any password that your bank might use.
Choose a word found in a dictionary in any language – password dictionaries make these particularly easy to crack in a ‘dictionary attack’.
Use simple transformation or substitution, e.g. Pa$$w0rd.
Use fewer than 8 characters and solely alpha- or numeric characters.
Tick the ‘remember this password’ box.

Do:

Use a mixture of four keyboard character types – lower case letters, upper case letters, numbers and other special characters such as #, $, -, +, @, ! etc. Unfortunately, some older systems restrict the special characters your can use.
Use long paswords of 8 characters or more – the longer the password, the harder it is for hackers to use brute force attacks. However, some older systems don’t allow this and have limits of 8 or 14 characters.
Use different passwords of different accounts and change them at least twice per year.
Always change default passwords from ‘password’ or ‘admin’.
Think illogically; computers rely on logic to operate.
Be obtuse, think outside the box, invent new words!

The Australian government’s “Stay Smart Online” tips recommend your passwords have a minimum of 8 characters. However, security researchers last year reported that using easily available fast processing power, they were able to crack a 12 character password in just 5 seconds. So my critical strong passwords are more than 20 characters long – and I’m not saying how much more than 20 characters long.

Lloyd Borrett, AVG Security Evangelist

Source: http://twitter.blog.avg.com/2011/07/should-i-change-my-password.html

Filed Under: ComputerTips