Your HP Laptop may have a Keylogger installed

marandof Security No Comments

I am more than a little worried about cybersecurity after patching all my servers over the weekend as a precaution against the WannaCry Ransomware that rocketed around the world last week. That computer exploit was based on a previously unknown security hole on Windows systems. So, you could imagine how shocked I was when I learned that my HP laptop may have keylogger software pre-installed from the factory!

A keylogger is a piece of software that logs every key you press on your keyboard. It can capture personal messages, passwords, credit card numbers, anything you type. Sometimes malware installs keyloggers, but it is sold in stores for folks who wish to spy on their kids, spouse or employees. Depending on how they are used they are perfectly legal.

Here is what happened.

Many HP laptops come with audio driver provided by Conexant Systems.  Conexant’s MicTray64.exe is installed with the Conexant audio driver package and registered as a Microsoft Scheduled Task to run after each user login. The program monitors all keystrokes made by the user to capture and react to functions such as microphone mute/unmute keys/hotkeys. This is normal behavior for such a device driver.  However, in addition to the handling of key strokes, all key information is written into a logfile in an unprotected path (C:\Users\Public\MicTray.log).  If the logfile does not exist or the setting is not yet available in the Windows registry, all keystrokes are passed to debugger API. In either case, malicious code can read the file or tap into the debugger information without looking suspicious to security software. I should also note that this flaw has existed since the year 2015!

I immediately checked my HP Spectre laptop and there it was C:\Users\Public\MicTray.log. Fortunately, the file was empty with a file creation date of 11/21/2015. All users of HP computers should check whether the program C:\Windows\System32\MicTray64.exe or C:\Windows\System32\MicTray.exe is installed. It should be deleted or renamed if it exists. The program was not found on my system.

HP announced last Friday that it had fixed the problem. However, I have not been able to find it on their web site. HP says it has no access to this data, and the keylogger does not appear to be malicious. There is no evidence that the keylogger does anything with the keystrokes it captures. But there is still cause for concern. The WannaCry attack was based on a security flaw uncovered by US intelligence agencies and subsequently released on the internet by WikiLeaks last December. Last week malicious hackers exploited that flaw to launch the WannaCry Ransomware around the world.  It is more common for these criminals to use known security flaws rather than undisclosed vulnerabilities known as zero-day vulnerabilities. Now that it has been disclosed, you can bet someone will attempt to exploit the Conexant audio driver keylogger soon.

 

Let’s all Party like it’s the year 2007

marandof Office 365 No Comments

2007 doesn’t seem so long ago. But looking back at the last decade does reveal some startling events. The financial crisis in 2008 setback more than a few 401k’s. The BP Oil spill in 2010 was a disaster. Facebook when public in 2012 (a boon or bust depending on your perspective). The 2015 terrorist attacks in Paris were unnerving. And the political landscape has become too course for many of us.

But hey it’s not the end of the world, is it?

Well it might be if you are still using Office 2007. And that may be more than a few of you out there.  If you’re like many small businesses the Microsoft office suite is your standard productivity office suite. Such customers don’t rush out to buy the latest version of office every 3 years or so. They buy it when they get a new computer for a new employee or have to replace one that has bitten the dust. They don’t see the value of being on the latest version. All is right with the world If they can write that letter to their customer using Word and can get to their email with Outlook.

If you’re like many of these businesses you might be get your email from the cloud. Perhaps you have an exchange online subscription or you have Office 365 Business Essentials. Well the world will end on October 31st if you use Outlook 2017 to get to that subscription. That’s when RPC/HTTP protocol will be deprecated and you will no longer be able to connect to Exchange Online using Outlook 2007. You can check out this support article “RPC over HTTP deprecated in Office 365 on October 31, 2017” if you want to read some of the techie details. Additionally, customers may need to ensure their Outlook clients are not using a registry key to block MAPI/HTTP. Details about this registry key can be found in this KB article.

The bottom line is Exchange Online (the email component of the Office 365 subscription) will only be supporting the new MAPI over HTTP protocol. It’s more secure and more reliable. Outlook 2007 is at end of life for support and Microsoft is not going to fix it.

Now is the time to consider switching to the subscription model of updating your Microsoft Office software by moving to Office 365 Business Premium. This service gives you the latest online version of Outlook and the other suite of Office applications like Word, Excel, PowerPoint and Skype for business and the desktop version for Windows or Mac for up to 5 devices for each user.   Each employee can install Office on their office PC, their home PC and their iPad and still have two installations to spare! The subscription also includes free updates. So, you don’t have to worry about out dated software again. All for $12.50 per month per user.

Contact us here at Pi3 Consulting Group to learn more and get started.

 

Microsoft is Killing MS Access

marandof Office 365, SharePoint

Yes, IMHO Microsoft is killing it’s Microsoft Access product. For those who are not familiar with Access, it’s included in the suite of Office desktop applications and used by businesses of all sizes to create simple database applications. It’s been a favorite of small businesses with no IT staff for years. I see it used by larger Enterprise customers in cases where a department needed a simply database application  but had no budget.

The ability to create a relational database application contained in a single file,  deployed to and run on a standard desktop computer is it’s greatest strength. It is also its greatest weakness.  That single file meant only one user at a time, was prone to corruption and a slave to the performance and health of it’s desktop host. I thought Microsoft had thrown out the lifeline when they added support for Microsoft Access on SharePoint and later SharePoint Online. Starting with SharePoint 2013 you could take one of the many existing Access database solutions and migrate it to SharePoint. Instantly the application becomes a web enabled multi user application with a Microsoft SQL server back end database. SWEET!

This was a godsend for Joe IT running the one man IT department of a small business. They are moving to the cloud anyway to cut server equipment costs. A solution for that niche app the business cannot live without (but doesn’t want to spend money for) is a big win!

My first clue was when Microsoft Access was not included in the Office Pro Plus suite of applications in the Office 365 Business Premium subscription last fall. Microsoft later admitted it was a mistake and dutifully announced Microsoft Access now included in Office 365 Business and Business Premium with new enhancements. But a I happened to notice the following while administering a customer’s SharePoint Online portal this week.

I had not noticed this before and I don’t recall seeing a bulletin regarding it. Following up I found this March 27th blog post Updating the Access Services in SharePoint Roadmap in the Office Retirement blog. Apparently where you post when you want to quietly convey bad news.  The post acknowledges the customer need to create simply applications with little programing experience, but argues that Access no longer meets today’s needs. Most notably mobile applications and enhanced data connections. “This feature will be retired from Office 365. We will stop creation of new Access-based apps in SharePoint Online starting June 2017 and shut down any remaining apps by April 2018.”

So there you have it. The patient is clinically dead but has not yet been formerly advised of their demise. I no longer recommend Access Apps for low end customer applications. So where does that leave Joe IT? Microsoft is suggesting PowerApps as the alternative. It’s a promising technology, but not as mature as the technology it portends to replace. Nor does it have the vast support ecosystem that Access has. In the interim, Joe IT and I are on the clock to learn PowerApps. Let’s hope we both can learn it and the product matures over the next year.

 

 

Cyber Crime Strikes Close to Home

marandof Uncategorized

I was genuinely surprised when reading this article in Sundays Inquirer “Be on Alert at work for Cyber-Scammer“.  It wasn’t because there’s an increase of cyber scams and phishing targeting small businesses. It was because it is happening so close to home. It quoted a member of the cyber criminal squad for the FBI’s Philadelphia office. Incidents noted where right here in the Delaware Valley. The article reported that “hackers crack these small companies’ email systems, monitor the lingo between employees and customers, then pose as the boss or a supplier”.

Guarding against social engineering hacks is more about training and awareness than technology. However, there are some technology areas where a small bushiness can improve and the cloud model can help. Online backups can be a cost effective way for a business to ensure it can recovery if data is compromised.  Cloud e-mail services like Microsoft’s Exchange Online have spam and anti-virus detection software scanning your email and a dedicated staff of professionals tasked with keeping your email servers running, updated and secure. Maybe your business is not a giant enterprise conglomerate, but there’s no reason you can’t handle your email like one.

Working Like a Network

marandof Architecture

Here is an interesting discussion about the nature of work in today’s business environment.

https://youtube.com/watch?v=2zbsIn4sZZs

Constant change and a distributed workforce challenge traditional organization models. The Producer & creative team archetype is better suited for these challenges.

Terms of Use

marandof Site Guides

Introduction

By accessing Pi3ConGroup.com, you are agreeing to be bound by the following Terms, all applicable laws and regulations, and agree that you are responsible for compliance with any applicable local laws. If you do not agree with any of these terms, you are prohibited from using or accessing this site. The materials contained in this web site are protected by applicable copyright and trade mark law.

Privacy Policy

Please refer to our Privacy Policy for information about how we collect, use and disclose information about you.