From Blackberry to Pixel – time for a change


All wrapped up and ready to start

All wrapped up and ready to start

So I made the switch. It was with a heavy heart that I gave up my Blackberry Z30 on the overlooked and underrated BB10 OS. Three weeks ago, I upgraded to a Google Pixel 128GB Android 7.1 powered smartphone and have been immersing myself in the world of Android.  Many of our clients have been asking our advice about where to go in a world where Blackberry has lost out, while others just want to know if the Pixel is any good. So I took the plunge and here’s my look at not just the Pixel, but what to expect when you make the change.

(note, I will get into the “why I gave up on BB” in another post…that’s a long story).

Short take on the Pixel? It’s simply an amazing piece of hardware. Look, you can find reviews of the specs and comparisons of the Pixel to the Galaxy S7 or the LG V20, just about anywhere. It’s hard to choose between any of those phones and you really can’t go wrong. So forget the specs.

I’ll be honest, as a messaging phone, the base install, with Gmail as the email tool…well…it sucks. Gmail is great if you use Gmail. Beyond that, I found it to be clunky when dealing with multiple email accounts and especially with my work based Office 365 host exchange account. I already knew that native android mail apps weren’t the best with its integration, so I went on the hunt through the many email apps available for Android.

And the winner is?

Blackberry hub for Android!!! Yay! Sorta…kinda…

Look I admit to being biased. Having the BB hub gives me at least some of the functionality that I thought BB10 was great for when it came to messaging. I actually just subscribed to it for its monthly fee ($1.50 CDN per month to be ad free), and the hub does come with their version of calendar, contact, password keeper and a few other apps I barely used on BB10. That being said, I’m not totally sold on it yet (the subscription can be cancelled any time). It lacks the swipe gestures that really made the Hub so useful (swipe right to peek) and again, it’s a bit clunky switching between account views. The one thing it doesn’t include is the amazing BB keyboard, the one thing I really wished it did have. Seriously, swipe typing is neat and I’m learning to use it, but why can’t any android keyboard include the simple “long press to capitalize” function. How hard is that??

So while I’ve settled on the Hub right now, I am testing a few others alongside it, including Nine and the Alto app (made by AOL of all people) as I research good Office 365 Android apps. Notice I am not using Outlook for Android or OWA for Android. These are…adequate, but I found they surprisingly had issues with how I use my work email, with a lot of subfolders I need to sync as I use rules to sort mail into them automatically. If you have a simpler setup they can work and are easily familiar.

So what about the rest of the phone? I won’t even get into finally having access to up to date apps. I always said I was not an apps person, that’s not why I use a smartphone but…damn once you have access there is a ton of stuff out there to try. Have fun with it, just beware to use only the Google Play (or Amazon) and watch those reviews, as they can be manipulated.

As for the rest of the phone, I’ve bullet pointed some features, tips and tricks to be aware of for those new to Android and the Pixel alike:

Pros:

  • The Pixel comes with Android 7.1 Nougat (they name versions after candy). This is significant as only the Pixel comes with 7.1 and most importantly, it’s pure stock Android. That’s a bit complex to explain why that matters, but the key is you get all security upgrades on the day of release and feature upgrades as fast as your carrier can release them (unless you buy it unlocked, then you aren’t limited by your carrier). Telus in Canada has been VERY quick with the releases, far faster than you’d find with competing Android phones. I had November security update in my first week and an OS update that Canada got first just last week. This is VERY good.
  • Quick charging and battery life: so far the battery life is good, not spectacular but good. What is amazing is the quick charging. I really can get about a 50% charge in 15-20 minutes. The battery does really depend on how you are using it. Turn off Facebook and don’t play any games and you can easily go a day plus on one charge (seriously what is with the drain from the FB android app).
  • Fantastic camera. I say this as I am actually a good test of cameras not due to any skill but because I have shakey hands (not due to my SCI, I’ve always had those). If I can take a decent picture with it, then anyone should do just as well. The Pixel does not include Optical Image Stabilization for its camera, but still handles pics with a sleight shake with ease. The video uses a steadying technique that looks better than a lot of the competition (see Samsung phones that don’t explode). That said it doesn’t come with as many tricks and gadgets as the Samsung phones do.
    • One quick note about the camera. The Pixel comes with a special offer from Google for unlimited storage of your ultra high-resolution pics and vids on Google Photo. Great offer, but there is a trick to this. It only covers pictures and videos uploaded from your phone. If you browse to your google photos account, you’ll find it shows only 15GB of storage. You can’t just plunk all your pictures into it because you bought a Pixel. However, all pics you take with the phone are stored for free no matter how much, FOREVER (or until you delete them).
      • One more note: I’m experimenting to see if Google detects pictures and videos taken from your phone or uploaded from your phone. It might be possible to load picture to your phone and then have them upload for free, but not sure on that yet.
  • If you are new to Android, remember you must setup a gmail account. You don’t need to use this for any purpose other than logging into your phone and making purchases in the Play Store. It will automatically be setup and you can create a new gmail account when you setup the phone. I have a private account I barely use (no you can’t have it). **Edit Dec 2 4pm: A reader updated me that you can use any account to register with Google Play. The Pixel did not make this apparent during setup, but good to know. I already had a gmail account, so just used that. So no extra step needed, you can use a primary email address.**
  • If you buy it soon (no timeline for this) the rep at Telus let me trade in my old phone and gave me over $200 in accessories that I normally wouldn’t have even thought about. What you get and how generous the rep is will vary, but if you are with Telus, Peter at Yorkdale Telus store spoiled me for items.
  • Finally (that I can think of for now), you get full 24/7 live support from Google for the lifetime of the phone. I’ve already had to use it once (when I somehow deleted some settings from the settings window…too much playing in the first day) and it was a breeze. They can remote into your phone and walk you through almost anything, so don’t be afraid to use it if you get lost.

Cons:

  • Environmental protection – not a lot. It’s rated as splash proof, not water proof, which was one that gave me second thoughts during my research (the Galaxy S7 is completely submersible for instance). How a phone can’t have that in this day and age for the price is odd.
  • The price. It’s a premium phone with premium price. Buying it outright will set you back $1000 CDN (approx) for the base model. I went on a two-year contract, and splurged a bit for the more storage…why? See next
  • No SD card expansion. If you get the 32GB version you are stuck, and keep in mind that just the OS and preloaded apps bring you down to about 23GB free to start. You’ll be clearing space in no time…so I recommend spending the extra on the 128GB version if you can.
  • The body materials of this thing are slippery as hell. The top part of the back is actually a glass window, so I can’t recommend a good case high enough. I am still looking for something that doesn’t add as much weight as an Otterbox (waiting on a case from urbanarmorgear.com), so beware of drops!
  • No wireless charging. Not a big deal to me, but it is something to consider.
  • Other than that, my only nitpick is the odd choice of the power button on the right side of the phone, just above the volume buttons. Why not the more natural top? Small nitpick.

I admit, I still miss how tight my BB10 was…but it was time for the change and with a few weeks in I am really enjoying the phone. Why didn’t I choose a Priv or Dtek60 from Blackberry is for another article and expect a followup to this one. For now, if you are ready to make the switch full-bore and put your BB (or are tired of Apple’s closed ecosystem), the Pixel is the top end for this holiday period.

Until the Galaxy S8 arrives in February/March…assuming it doesn’t burn up🙂

Please feel free to comment or ask questions and if you have tips from more knowledgeable Android users, I’m all ears.

Posted in Uncategorized | Leave a comment

Poison Tap – How $5 can hack your password locked computer.


So the world of computer security once again gets flipped on its ear.

There you are at your workstation, you need to go get a coffee or have a bathroom break and as per company policy you “lock” your computer (mac or pc) so that it requires your password to get back in and take you back to where you were.

Upon your return you find that your computer is still locked but as your get back to your work, you find small things different in your browsing experience. Nothing major at first but over the next few days you find that you suspect somebody remotely using your computer or accessing your password protected assets (banking, websites etc). What’s happened?

The new threat is the ease of which somebody now can walk by your station, insert a small usb device that hacks your pc and inserts hijack software into your computer. A few minutes later, after the usb device has been removed, you are still hacked and are still at the mercy of the hacker.

How can this be?

PoisonTap is the latest creation of Samy Kamkar, the tech behind a series of hacking devices and technologies that are super cheap and easy to implement. He provides this information in a whitehat capacity to show what is possible and then educate. He has since released the code and the specifications so that engineers and developers can learn from the vulnerability.

Kamkar was interview by ARS Technica ( a leading online news outlet) and said ” The primary motivation is to demonstrate that even on a password-protected computer running off of a WPA2 Wi-Fi, your system and network can still be attacked quickly and easily. Existing non-HTTPS website credentials can be stolen, and, in fact, cookies from HTTPS sites that did not properly set the ‘secure’ flag on the cookie can also be siphoned. ”

What this means is that this system hacks your browsers behind your password without needing your password due to the level of security the browsers use to store information. Macs are more vulnerable in that their browsing integration is more significant than on PCs whereby closing your browser BEFORE you lock your computer is more effective against this type of attack.

Kamkar explains further: ” Once the device is inserted in a locked Mac or PC (Kamkar said he hasn’t tested PoisonTap on a Linux machine), it surreptitiously poisons the browser cache with malicious code that lives on well after the tool is removed. That makes the hack ideal for infecting computers while they are only briefly unattended. ”

Obviously this type of attack requires a short and quick physical connection and wouldn’t apply to home environments but in large corporate spaces, public shared work places or public hotspots, this can be an extremely critical vulnerability.

The best way to defend against this type of hack in a public space, other than to take  your computer with you, is to shut it down completely before you leave even for a short break. Make sure your password is as complex as you can handle and prior to locking or leaving your computer unattended, shut down all browsers and apps so nothing is running in the background.

As always, if you have any questions or want to have a double-check of your own processes, contact us at Fixmycomputernow.com.

Original article: http://arstechnica.com/security/2016/11/meet-poisontap-the-5-tool-that-ransacks-password-protected-computers/

Posted in News Release, Reboot Articles, Uncategorized | Tagged , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

The 5 Stages of Data Loss


” @!#$&!!! It’s all gone!” is a common phrase we hear when clients call with a horror story of losing information from one or more of their systems. Over the years, we have a had a pretty good track record on recovering lost data for our clients and we have found a common set of emotions that everybody goes through when critical information takes a hike. Let’s review…


1) DenialOtherwise known as “How could this happen?”

Yup, someone deleted something, emptied the trash where they keep all their important documents, spilt a drink on their keyboard because it was the only place to put the cup, dropped it into the lake because they had to move the Muskoka chair on the dock. We have heard them all. The Top 3:
a) The fire department used chemical foam to put the fire out, and my desk was no exception.
b) My dog has a weak bladder.
c) I didn’t know mice could eat through cables.

Data can get lost so easily. With “cloud” technology you would think less data loss would occur, but in our experience people are taking things for granted and there is actually MORE data loss happening.

2) Panic“Who can help me right now!”

So depending on the user’s technology level this can range from googling some answers from another unit, to asking a relative, neighbour, associate, doctor, dog walker, stranger delivering food etc. You need to resist the urge to grab the first “techie” person and get their advice. Find the right person for the job. Generally, we get the call from new clients after they have exhausted all other options until they ask somebody “Who else do you know who can get this recovered?”

3) Anger “Why me????”

“HOW MUCH??? But I only need my accounting data… it’s not a lot of data but it’s important!” Depending on data recovery methods that need to be implemented, it can range from inexpensive, in the couple of hundred dollars range, if we can do it in house or all the way up to the complicated lab work which can be in the thousands of dollars. How much depends on what happened to the technology and how fast you want it. It is NOT dependent on the volume of data to be recovered.


4) Bargaining “If I can just get my son’s irreplaceable grad photos back, I will be happy…”

This is the waiting game. Calling every 2 hours, sending emails and texts every 30 minutes does not help speed up the process. Recoveries generally take time and sometimes it can be a few hours, sometimes it can be days. It all depends on the recovery method and complexity of the damage.


5) Salvation “OMG, you got it back!? It’s finally over!”

Yes, in most cases we can get the data back if you are okay with the fees. Sometimes, the fees are too high for the value of the data and so the process never happens but you have the choice. There are always certain cases that are unrecoverable but we usually know this up front. If a harddrive has melted down into liquid metal due to a fire, there is nothing we can do for that drive.

SO WHAT IS THE SOLUTIONS TO PREVENTING THIS TYPE OF SITUATION?

http://www.backupmycomputernow.com
A proper backup solutions can prevent the need for recovery – eliminating the stress, delay and drain on your wallet.

For more articles on backup:

https://fixmycomputernow.wordpress.com/2015/11/06/cryptowall-returns-for-another-round-with-cryptowall-4-0/

or

 

 

Posted in Opinion, Reboot Articles | Tagged , , , , , , , , , , , , , , , , , , , | Leave a comment

Bing and Google improving search spam security


This took long enough by both of the major search providers. As the article below shows, Bing is finally blocking the promoted ads for companies claiming to provide tech support, but are nine time out of ten a scam. At the same time, Google has started blocking advertising for payday loans (Facebook has done this as well).

Keeping up with the scam artists is a full time job, but I sometimes think the search engine providers drag their heels a bit too long in trying to address these issues. This one is a win for us all.

Bing Bans Tech Support Ads – their mostly scams

Posted in Uncategorized | Leave a comment

FMCN Webinar: How to identify and protect against Crypto Crapware and other threats. May 9th, 2016 @ 2pm EST


For those who missed it last time, we are bringing back our latest webinar in November.

With the rash of Crypto related ransomware attacks out there, we have decided to put on a few webinars to help educate users on how to identify, protect against, remove and recover from these critical infections especially the Crypto family of ransomware.

We recommend all those responsible for the following roles in your business attend:

  • Internet access
  • General Data Security
  • Client Information Management
  • Backup operations
  • Remote access
  • User Content and control policy enforcement

This presentation will be at a beginner level and will have some technical information but will be geared towards end user understanding. Feel free to send this invitation to other business owners or associates who may need a better understanding of the threats out there which includes both Mac and PC users.

Topics we will cover include:

  • Identify sources of infection
  • Identify fake notices and popups
  • Understand the difference between a firewall, router and UTM(unified threat management)
  • Understand what can be affected and what cannot
  • Backup/Archiving
  • Disaster Recovery Planning

These webinars are approximately 45-60m long, will have notes and a review for you to take away and will have a Q&A afterwards for a more detailed discussion.

The 1st webinar this year is scheduled for Monday the 9th of May at 2pm EST. This is a free event and open to the public but registration is required as there are limited connections available on a first come first serve basis. Should registration exceed the number of connections, additional dates will be added.

 

Posted in News Release | Tagged , , , , , , , , , , , , , | 1 Comment

Google Is Partially Dangerous—According to Google


People are always surprised when we tell them that even legitimate websites can be compromised and/or provide false links to malware, ransomware and crapware.

 

The current Google Transparency Report on the Safe Browsing status for Google.com doesn’t give the site a perfect grade.

Source: Google Is Partially Dangerous—According to Google

See our previous Post – Spear Phishing

See our post on – Malvertising – do your backups!

 

Posted in News Release, Opinion | Tagged , , , , , , , , , , | Leave a comment

Another level of malware – spear phishing


It is getting harder and harder to keep up with malware these days. By the time we attempt to write an article warning about a new campaign in the wild (like the new ransomware that encrypts entire hard drives), something else comes out that is an even worse threat. As an example, have you heard of spear phishing? If not, then read on, as it’s the latest threat that is going to make your online life that much more difficult.

Phishing is a term that has been around for ages now, but it is most commonly used to refer to spam campaigns that send out emails looking like they are coming from a legitimate company (be it Apple or a bank), prompting the reader to click a link and enter in some personal information. They are “phishing” for your details, with the only contact point they have for you being an email address. Even that contact point is most likely just a generated name that came from a program that sent the spam to millions of people, most of which don’t exist, in the hope of having just a few respond. It’s dangerous trick and we’ve had to help many users who have fallen into the trap. Sometimes it’s led to simple infections on a PC, but sometimes it’s required the cancellation of credit cards and tracking of financial records. It’s one of the most common means of spreading malware on the internet.

Spear phishing is a rather frightening evolution of this, which uses programs that seek out information on potential victims, using algorithms that search social networking links, web pages, blog posts, anything that might glean real data on people. It then sends out a tricky email, usually something that sounds urgent, threatening or an emergency, with that data in it, to trick the person into clicking the link and there begins to the issues. We’ve gone from phishing trying to get you to give them your information, to directed attacks where they are using your own information to trick you into something much worse.

Ars Technica has a great write-up on one form of this attack that generates a ransomware hit on someone who clicks through the link: Crypto-ransomware targets called by name in spear-phishing blast.

This is the kind of attack that your antivirus program will have a very hard time protecting against (if at all). While this is primarily targeting PC users, we have no seen Cryptoware attacks in the wild that will hit Mac’s and there are reports of others capable of hitting android devices. So far, we haven’t seen any that can hit Blackberry’s or iOS devices, but we believe it’s just a matter of time before a vulnerability is found there as well. So how do you defend yourself?

We repeat this to all our clients and drill it into them. Their best defence comes from their own habits. Question every email that comes in, even if it is from someone you know. What is the link? Are you expecting it? Is there anyway to confirm it is real before you click-through. Don’t download any software without being sure of what you are receiving. Beware of downloading anything (even media files) from illegal sites, such as bitTorrent (they are being hammered with fake files). On today’s Internet you are your own best protection. The technology on your computer should always be considered your second line of protection only and not relied on to catch everything.

Beyond that, we cannot stress enough how important backups are for all users, whether it’s just a home PC or a major work server. You must maintain and test your backups and try to keep at least two redundant backups running at all times (we usually recommend an onsite local image backup and some “in the cloud” off site backup). While the backups can’t protect you from every threat (ie. identity theft) they can help you quickly get back up and running from some of the most common attacks out there today.

As always, if you have any questions or want to have a double-check of your own processes, contact us at Fixmycomputernow.com.

Posted in Reboot Articles | Tagged , , | 1 Comment

New ransomware installs in boot record, encrypts hard disk | Ars Technica


If Crypto infections didn’t scare you before, now you can be absolutely paranoid! Now Crypto doesn’t just encrypt and lock out your files, it does the WHOLE hard drive.

 

Petya performs fake CHKDSK, and instead encrypts the master file table on disk.

Source: New ransomware installs in boot record, encrypts hard disk | Ars Technica

Posted in News Release | Tagged , , , , , , , , , , , , , , , , | Leave a comment

New wave of “Malvertising” hitting – do your backups!


Get ready for a bumpy ride, because here we go again. Reports are coming in of a massive wave of malware laced ads that are hitting mainstream website and infecting people with Cryptolocking viruses just from browsing a website.

You can find the details on Ars Technica here: Big-name sites hit by rash of malicious ads

The key to remember here is that most of these attacks cannot be prevented by your antivirus. They often use exploits found in Flash or Silverlight (two common and far too buggy ways of delivering ads) to bypass protections. The real problem is that you can be infected by a tiny ad on a page that begins playing without any interaction from you. This happens when the ad provider gets compromised and the sites generally have nothing to do with that interaction.

We’ve said this many times, but make sure your backups are current! Whether you are a business or home user, check them and make sure they are running. And yes, this applies to Mac users too, as a new crypto attack on Mac systems was recently uncovered.

As always, if you have questions, contact us and we’ll discuss options with you and how you can protect yourself, including whether it is a good idea to remove Flash and run adblocking software.

Posted in Uncategorized | 1 Comment

Windows 10 creeps even closer to landing on your PC – CNET


Microsoft makes a status change that has implications for all you Windows 7 and 8.1 users.

Source: Windows 10 creeps even closer to landing on your PC – CNET

Posted in News Release | Tagged , , , , , , , , , , , , , , , , , , , | Leave a comment