Tag Archives: security

The Samsung screw-up that was heard round the world part 2

Posted on by Posted in Customer Service Train Wrecks Leave a comment

So yesterday we warned our readers of a security flaw in Samsung’s Galaxy phones series 4-6. That same evening it was clarified that the flaw was in the way the Swype technology software was installed into the Samsung phones and that the danger of being hacked existed when, “the device reboots, and when the keyboard software automatically updates at any random time”. Samsung has stepped up and issued this statement on the situation:

Information Regarding the Keyboard Security Issue and Our Device Policy Update.

What does this mean for Samsung users? Nothing has really changed. I recommend you keep your wifi off until they issue the patch. The phone will not alert you when the language update is being performed on your phone, hence, because of the large amount of public wifi signals around us 24/7, it could happen at any moment.

And when will the patch be issued? Hopefully soon.

Yesterday we also promised to explain why the carriers – T-Mobile, Verizon, AT&T, etc, are at fault for this pathetic mess. We drew your attention to the fact that the carriers knew about this “at the start of 2015” when they were warned and patches were issued by Samsung, who had been informed by NowSecure in December 2014. NowSecure also informed the United States Computer Emergency Readiness Team (CERT) and Google’s Android security team about the problem. So everyone knew in a timely manner, issued the patches and said, “Okay carriers, the ball’s in your court. Issue the patch and fix this”.

They dropped the ball, kicked it into the neighbor’s yard and claimed it never even existed.

Doesn’t it make you feel good that this is what you pay upwards of $100s of dollars a month for?

The Samsung screw-up that was heard round the world

Posted on by Posted in Customer Service Train Wrecks, Nerd Girl Tech Toys Leave a comment

Samsung Phones 4-6 at Civic Site DesignI usually ignore most announced Samsung security flaws. They rarely are enough of a threat to get my attention or that of my networkers. Today that drastically changed when a mobile security researcher with NowSecure blew the whistle on a flaw noticed by Samsung itself way back in December 2014 AND NOTHING HAS BEEN DONE ABOUT IT.

I’ll just quote ABC7.com’s opening line on their online article to get you all up to speed. “A security flaw discovered in Samsung smartphones has left as many as 600 MILLION Galaxy phones at risk of being hacked.”

Don’t have your attention yet? Don’t care because you don’t HAVE a Samsung Galaxy phone? Maybe you don’t have that model and you are breathing a sigh of relief.

One tiny word of advice. DON’T!

I have a Samsung Galaxy Note IV – which, by the way is NOT affected by the security flaw, BUT I am plenty worried for my networkers, my clients, my customers…my HUSBAND who just got his brand new Samsung 5 corporate work phone a month ago.

Six hundred million is a helluva big number, and to put it in even tighter perspective for you – in my smallest networking venue (at which about 15-20 people show up each week) FOUR OF THEM HAVE AN AFFECTED PHONE!

That’s 20-27% of the room in that tiny little group. ONE QUARTER of the room I had to pull aside and give copies of the article and direct how to patch this train-wreck of a customer service disaster the carriers have on their hands.

309 million is THE POPULATION OF THE UNITED STATES, by the way. So it is the equivalent to TWO UNITED STATES worth of people that are scrabbling ’round the globe to deal with this mess.

Or, well, it WOULD be if the word got out as fast as the carriers lack of attention to the problem THEY KNEW ABOUT LAST YEAR!

So, enough torch-handling and pitchfork wielding. Right now you need to know what to do if you have a Samsung Galaxy 4, 5 or 6 phone and how to stay safe until your service provider gets off its collective butt and decides to let the world know if they issued the patch yet.

What to do if you or anyone you know is affected:
1. Turn OFF your wi-fi in your settings. The hackers get in through open wifi ports. The carriers say to avoid wifi areas, but that’s like trying to avoid the entire planet. EVERY major chain restaurant, Starbucks, government building, school, company that has a network-run computer system has open wifi broadcasting round the clock – even when they are not open!

2. Disable language updates. This is harder to locate and the best thing to do is take your phone to your carrier and have them do it and/or walk you through it so you know they did it correctly.

3. Call your carrier and find out the status of the update. Don’t be meek. THIS IS YOUR FINANCES AND PERSONAL SECURITY THEY ARE ENDANGERING BY STALLING IMPLEMENTATION OF THIS UPDATE! I cannot emphasize this enough! If they give excuses, claim they never heard of this security breach, promise to get back to you – DON’T BELIEVE THEM AND DO NOT let them blow you off.  Ask for their supervisor, email them DAILY – do what it takes to get them to get you off their back and give you an estimated patch implementation date.

These are simple steps that can save your contact list, your bank account access information, your credit card numbers from being taken without your knowledge and consent.

Tomorrow I will detail why this was NOT Swype Key’s or even Samsung’s fault, but the CARRIERS…ALL OF THEM. And I apologize in advance, but you are not going to like the answer. They need to take responsibility for this mess, and believe me, if they know what’s good for them, they will fix this flaw like, YESTERDAY.

WordPress Questions – How do I do an update?

Posted on by Posted in Website Design Leave a comment

please-update-now

Have you ever seen this banner at the top of your WordPress dashboard? It means the folks at WordPress have a brand new, shiny update to the software they want you to install.

You? Yeah, their laying the responsibility of doing this on you. And they do it A LOT, if you’ve noticed. So, before you panic because you’ve never done this before, or don’t know how or don’t have time to, here’s a few options you can fall back on.

1. You can follow the instructions below for doing it yourself, or,

2. You can ignore it, or,

3. I’ll be happy to do it for you.

First, let’s look at Option #2 – ignoring it. This is the one everyone who doesn’t have time, forgets or procrastinates, falls back on. What happens when you ignore updates?

It used to be very little would happen. If you ran across a cool new plugin you wanted to use and it wasn’t compatible, no big deal. You felt you could live without it.

Unfortunately, WordPress blogging has become SO POPULAR in 2013 that many hackers are now targeting them as one of the easiest targets to hit and do major damage. Updates fix security issues and they know that many people are lazy or ignorant of the need for updates, so they can lay a very widespread path of virtual destruction by focusing on the popular blogging platform.

And you get to pay the consequences.

Option #1 – do it yourself, is really easy and quick. Just click on the “Please Update Now” link and it practically does the work for you. But if you don’t have time or patience for it doing it, or keep forgetting, there’s the third option…

We’ll do it for you.

For a one-time, once a year charge, we will keep track of these pesky updates and do them for you so you can pay and forget it, safe in the knowledge that it will  get done and you will have less of a chance of getting clobbered by those stupid hackers. How’s that?

And it isn’t even expensive. You can pay for a year’s worth of worry free updating for less than your kid’s allowance. What do you say?

If you are interested, please contact us at kristine@civicsitedesign.com, put the words “WordPress updates” in the subject line, and your contact information in the email. We’ll save you those few extra hours a year and take care of the worry for you.