MSP Blog Logo

BDR

Business Growth

Cybersecurity

Help Desk

MDM

RMM

Sales & Marketing

Subscribe

Empowering Your MSP Business to Grow and Prosper—One Post at a Time

5 Ways to Improve Your MSP Service Level Agreement (SLA)

Featured Post

5 Ways to Improve Your MSP Service Level Agreements (SLAs)

SLAs are the foundation of your MSP business. They are essential to building strong client relationships and must be clear, reasonable and well-constructed.

Read Now

VIDEO: Flaw in Antivirus Program Allowed Hackers to Steal Passwords: IT Rewind Episode 63

Posted January 15, 2016by Ben Barker

 

VIDEO-_Flaw_in_Antivirus_Program_Allowed_Hackers_to_Steal_Passwords-_IT_Rewind_Episode_63.jpg

Flaws in Trend Micro's antivirus program left user login names and passwords extremely vulnerable. Meanwhile, eBay has patched a security vulnerability that was leaving customer credentials exposed. To hear more, just click play!

IT Rewind Featured Stories:

Did our short segment leave you wanting more? Check out the original articles of stories we covered!

Trend Micro Flaw Could Have Allowed Attackers to Steal All Passwords

InfoWorld, @infoworld, Jeremy Kirk, @Jeremy_Kirk

eBay Patches Security Vulnerability That Could Have Exposed Customer Credentials

The WHIR, @theWHIR, Chris Burt, @AFakeChrisBurt


Continuum's Must-Read Blog Post This Week

Reasons for Managed Services in 2016

Reasons_for_Managed_Services_in_2016-1.jpg

As cited in CompTIA's 4th Annual Trends in Managed Services report, "the global managed-services market is predicted to grow to $193B by 2019, at a Compound Annual Growth Rate (CAGR) of 12.5%." What is fueling this impressive level of adoption? Why are so many business owners fans of your business model? We dug into the report to examine the top reasons small-to-medium-sized businesses (SMBs) list for working with MSPs and IT solutions providers. As you build your 2016 sales strategy, pay attention to these main market drivers. Keep reading » 

 

What Else Is New in the IT Channel?

Now that you've seen our top picks for this week, here are some more stories that made the headlines. Have a suggestion for a story that we should cover next week? Let us know by commenting below or tweeting @FollowContinuum or @BenDBarker!

Android malware:

         Android Malware Steals One-Time Passcodes
         ComputerWorld@CompworldIndiaJeremy Kirk, @Jeremy_Kirk

Think like a criminal:

       Why Thinking Like a Criminal Is Good for Security
       Network World, @NetworkWorld, Kacy Zurkus, @KSZ714

Cisco patches software, devices:

         Cisco Patches Hardcoded Password, DoS Vulnerabilities in Software, Devices
         Threatpost, @threatpost, Chris Brook


Transcription

Hey everyone welcome back for another episode of IT Rewind. This week, a Google researcher discovered that flaws in Trend Micro’s antivirus product allowed for remote code execution by any website which left user passwords vulnerable. You’ll hear about this story and more right now on IT Rewind!

When you think of antivirus programs, you think of protecting your systems, right? Well, recently Tavis Ormandy, a well-known Google security researcher found that bugs in Trend Micro’s antivirus software was leaving users passwords extremely vulnerable. Since the discovery, Trend Micro has released an automatic update that fixes the issue. Still, in the emails that Ormandy exchanged with the security firm, it was clear that Trend Micro wasn’t moving fast enough to fix the issue. In one of the released emails, Ormany said quote, “…This means anyone on the internet can steal all of your passwords completely silently, as well as execute arbitrary code with zero user interaction. I really hope the gravity of this is clear to you, because I’m astonished about this.” End quote. The issue was in the password manager of the antivirus product, which was written in java script and opened up HTTP remote procedure call ports to handle API’s. Users could elect to export their passwords to it. Ormandy quickly found an API that allowed him to access passwords stored in the manager.

eBay has patched a vulnerability that could have exposed customer credentials. The cross-site scripting vulnerability left millions of users open to the threat of spear phishing attacks, which would have allowed cybercriminals to access credentials and potentially steal funds. The vulnerability involved the main domain and has been described as farily basic. The researcher who discovered the vulnerability was able to mirror eBay’s login page, which gave users an error when they tried to log in. However, it also revealed the username and password that the user attempted to enter. The researcher claims that eBay only fixed the issue after the media contacted them about it, even though he had brought it to their attention a month earlier.

Before we go I’m excited to announce that registration for Navigate 2016 is now officially open. Make sure to book your tickets to this years user conference right here in Boston, Mass! Head over to www.continuum.net/nav16 to register.

That’s all the time that we have for this week’s episode of IT Rewind, As always, read the full stories that we covered today and other tech stories by clicking on the links below.

Of course, you can always find us on Twitter, Instagram and Vine at FollowContinuum. We’re also on Facebook, LinkedIn, Spiceworks, YouTube and Periscope 

Take it easy.

 

Don't let your office get sick!

  download-fight-off-infection-at-the-office-quick-tips-to-share-with-clients-illustrated  

Ben is a graduate of Emerson College and a huge Boston sports fan.

RMM 101: Must-haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus