May 14, 2019

White label SOS panic buttons can be hacked via SMS

By John E Dunn

A widely used panic alarm handed out to at least 10,000 thousand elderly people in the UK can be remotely controlled by sending it simple SMS commands, researchers at Fidus Information Security have discovered.

The alarm – a small plastic pendant device with an SOS button in the middle – connects to 2G/GPRS cellular networks, which means it can be used anywhere without the need for an intermediary base station and provides a live status feed.

As well as being able to locate the wearer via GPS, it can also detect whether the wearer has taken a fall and comes with a microphone and speaker for two-way communication should an emergency be detected.

On the face of it, a potentially life-saving device, but also one whose unnamed maker doesn’t appear to have factored in even basic security.


Windows 10 brings password-free access another step closer

By Danny Bradbury

Microsoft hammered another nail in the password’s coffin by winning a certification for Windows Hello that will make it easier for people to log into Windows machines. 

Windows Hello is the authentication system in Windows 10, and Microsoft introduced it to wean us off password-based access. It enables machines with the right hardware reader or camera to scan your fingerprint or face to access Windows 10 and your Microsoft account. You can also use it to access third-party services.

This month, the company earned FIDO2 certification for Windows Hello. By becoming a FIDO2 certified authenticator, Microsoft has just enabled 800million Windows 10 users to use a hardware security key with Windows Hello’s password-free system.

FIDO aims to make logins easier and more secure

To understand why this is important, we need to dig into FIDO, which stands for Fast IDentity Online. The FIDO Alliance is an industry group backed by large tech players that aims to make logins easier and more secure. 

Since the FIDO Alliance started in 2013, it has released three specifications. The first, announced in 2014, was the Universal Authentication Framework (UAF). That standard focused on using biometrics like your fingerprint for password-free authentication.

The second standard was Universal Second Factor (U2F). This let people authenticate themselves using hardware devices like USB keys that you could plug into your computer, or near-field communication (NFC) devices that you could tap on a hardware-based reader. Google and Yubico developed this technology for two-factor authentication, meaning you’d use it as an extra layer of protection on top of your regular password.


Feds hook ELECTRICFISH, new Windows malware from North Korea

By Danny Bradbury

The FBI and Department of Homeland Security have identified (Malware Analysis Report AR19-129A) a new strain of malware from North Korea, the latest in a long line of cyber attacks from the country.

The Windows malware, dubbed ELECTRICFISH, sets up a tunnel between a machine on the victim’s network and the attacker’s system, enabling the attacker to receive network traffic from the victim.

Once it has a foothold, it then tries to connect to a source IP address within the victim’s network, and a destination address owned by the attacker. The attacker can also configure a proxy to act as an intermediary between the infected computer and the destination IP, avoiding the need for authentication to get outside the victim’s network. The US CERT advisory says:

If a connection is made to both the source and destination IPs, this malicious utility will implement a custom protocol, which will allow traffic to rapidly and efficiently be funneled between two machines.



Advanced Computer Services of Central Florida

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.

Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC.  We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.

No trip charges within Polk County

No after-hours or weekend fees

$45.00/hr Residential

$65.00/hr Commercial - free system evaluation