Archive for Security

TLS 1.3 Approved…. Here’s Why You Should Care

Posted in Commentary with tags on August 14, 2018 by itnerd

If you’re worried about privacy on the Internet, then the final approval TLS 1.3 should matter to you. TLS 1.3 will make it much harder for eavesdroppers to decrypt intercepted traffic. But at the same time it’s a drop-in replacement for TLS 1.2 as it uses the same keys and certificates and clients and servers can automatically negotiate TLS 1.3 when they both support it. So that means that getting TLS 1.3 into the world should be quick. In fact both Firefox and Chrome already support a draft version of TLS 1.3 if you’re on the latest and greatest from either browser maker. TLS 1.3 is also less resource hungry and more efficient, meaning you should be able to both reduce latency and benefit from lower CPU usage. Or put another way, surfing the net will become a touch faster.

One of the big drivers behind the creation of TLS 1.3 is all the NSA revelations from a few years ago. Thus the big losers in this are spies and those who want to do evil things on the Internet – at least until they figure out a way to crack this new protocol. At which point the IETF will start on TLS 1.4.

Advertisements

aLTEr LTE Based Attack Is In The Wild And Is Unpatchable

Posted in Commentary with tags on July 3, 2018 by itnerd

If you use a smartphone on an LTE network, which means that I’m talking about everyone who is reading this, there is an upatchable flaw in the LTE standard that can allow an attacker to snoop on your browsing habits and redirect you to spoofing sites that could snatch your login credentials among other things.

The attack is called aLTEr and it was discovered by David Rupprecht, Katharina Kohls, Thorsten Holz and Christina Pöpper from Ruhr-Universität Bochum and New York University Abu Dhabi. Rather than explain this attack to you, you should watch this video instead:

The attack may be out there. But it isn’t likely to be widespread for the following reasons:

  1. You need about $4000 worth of gear to build yourself a fake cell tower to pull this off. That means the average 12 won’t be doing this. But an intelligence agency would try this.
  2. You have to be within a mile of the intended victim. Again an intelligence agency targeting a specific victim would try something like this.

There’s no way to stop it because fixing it requires the LTE standard to be overhauled. Which isn’t going to happen with 5G networks on the horizon which apparently protect one from this sort of attack. The best you might be able to do is to only surf to https encrypted sites. But that may not be a guarantee. Thus you might want to double check and triple check what you’re surfing on LTE to so that you stay safe.

#PSA: All-Radio 4.27 Portable Is Malware That You Really Want To Steer Clear Of

Posted in Commentary with tags on June 29, 2018 by itnerd

I often get called in to do malware removal. Sometimes, I am able to remove the malware in question. Sometimes, I can’t. Based on what I am reading here, All-Radio 4.27 Portable is going to be one of those ones that I can’t remove. At least not easily. Here’s why:

If your computer is suddenly displaying the above program, then your computer is infected with malware that installs rootkits, miners, information-stealing Trojans, and a program that is using your computer to send send out spam.

Unfortunately, while some security programs are able to remove parts of the infection, the rootkit component needs manual removal help at this time. Due to this and the amount of malware installed, if you are infected I suggest that you reinstall Windows from scratch if possible.

That’s not good to say the least. Thus you need to protect yourself from being a victim. Fortunately, that seems to be easy as it appears that this malware shows up on your computer if you install game cracks and Windows activation tools. Thus you should avoid those as this is a textbook example of what happens to you if you don’t. Beyond that, you should have an up to date antivirus installed. Not to mention having a backup strategy in case the worst happens.

VPNFilter: The Pwnage Is Worse Than Previously Thought

Posted in Commentary with tags on June 7, 2018 by itnerd

I have some bad news for you.

The VPNFilter malware that infected over 500,000 routers and NAS devices across a number of countries is much worse than previously thought. According to new research by the Cisco Talos security team, the malware which was initially thought to be able to infect devices from Linksys, MikroTik, Netgear, TP-Link, and QNAP can also infect routers made by ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. I would take a look at the list that Cisco Talos has come up with and see if your networking hardware is on the list.

Now if it is on that list, the plan of action that you should take to protect yourself is to update to the absolute latest firmware for your device. But you should also factory reset your router, turn off remote administration, and make sure you have it using a strong non-default password.

One other thing, you should consider the list above to be incomplete. It is highly likely that many other devices are affected by VPNFilter. Thus out of an abundance of caution, you may want to perform those steps on your router even if it isn’t on that list. I know I did.

 

Guest Post: 3 Ways Failing To Secure Your Business Data Can Prove Costly

Posted in Commentary with tags on May 26, 2018 by itnerd

By Penny Garbus

Every day, businesses across the country hum along efficiently, their operations supported by enormous reams of data that most employees – and bosses – take for granted.

Need to check inventory? Want to make sure a customer paid a bill? That information and much more is stored somewhere in a computer, always at the ready in time of need.

Except when it’s not.

Sometimes things go awry – a hacker, a system crash – that cause a business to lose critical data, and that can be devastating to the bottom line. Worst-case scenario: The business goes out of business.

“If you’re a business owner and you’ve not thought of data in relation to your financial well-being, don’t feel bad; you’re not alone,” says Penny Garbus, co-founder of Soaring Eagle Consulting Inc. (www.SoaringEagle.guru) and co-author of Mining New Gold – Managing your Business Data.

“Sometimes people are so busy running their businesses that they don’t have time to worry about the bits and bytes of their data and how relevant it is to longevity of their business.”

But they should, she says. Without data protection processes and procedures in place, the business could face serious consequences.

Garbus says data is like gold: It can be traded, it’s the base for creation of products, and if you lose it, you lose money.

Here are just three ways in which a failure to secure data can prove costly to a business:

  • Impact on sales. A sales team may be so dependent on data to do its job that a breach could mean sales goals aren’t met. That in turn affects the bottom line of the company. The longer it takes to reconstruct the data, the more money is lost.
  • Lawsuits and fines. Sometimes regulatory agencies require that certain records be kept. If a business loses that information, it could face potential fines or lawsuits. “Lawsuits and regulatory agencies can make your life a nightmare if you fail to understand, develop and follow processes that protected regulated data,” Garbus says. Customers also could sue if a system malfunction causes a business to fail to live up to a contract.
  • Ransomware. On occasion, malicious hackers infect your computers with software that blocks access to everything until you pay a ransom. “The ransoms are usually $1,000 and most companies pay the money,” Garbus says. Unfortunately, even paying a ransom is no guarantee a company’s data will be freed because on occasion the perpetrators demand even more money, she says. The situation can get even worse. “Sometimes the attacker has so completely destroyed data files and infected hard drives that they are unable to get the data back,” Garbus says. “The cost can run into thousands or even millions of dollars to get the company up and running again.”

“Any business that hasn’t already done so should begin a self-analysis to design data protection processes and procedures,” Garbus says. “You need to define your needs and then talk with your IT staff to ensure that the data recovery and protection strategies match those needs.

“But remember that this is not an insurmountable problem. If you take the right steps you can save yourself a lot of costs and headaches down the road.”

 

About Penny Garbus

Penny Garbus, co-founder of Soaring Eagle Consulting Inc. (www.SoaringEagle.guru), is co-author of Mining New Gold – Managing Your Business Data. She has been working in the data-management field since leaving college when she worked as a data entry clerk for Pitney Bowes Credit. She later ran the training and marketing department of Northern Lights Software.

Buy A Low Cost Android Phone, And Get Pwned For Free

Posted in Commentary with tags , on May 25, 2018 by itnerd

More than 100 different low-cost Android models from manufacturers such as ZTE, Archos, and myPhone ship with malware pre-installed, researchers at Avast Threat Labs reported on Thursday. Users in more than 90 countries, including the U.S., are affected by this, the researchers said:

The malware, called called Cosiloon, overlays advertisements over the operating system in order to promote apps or even trick users into downloading apps. The app consists of a dropper and a payload. “The dropper is a small application with no obfuscation, located on the /system partition of affected devices. The app is completely passive, only visible to the user in the list of system applications under ‘settings.’ We have seen the dropper with two different names, ‘CrashService’ and ‘ImeMess,'” wrote Avast.

The dropper then connects with a website to grab the payloads that the hackers wish to install on the phone. “The XML manifest contains information about what to download, which services to start and contains a whitelist programmed to potentially exclude specific countries and devices from infection. However, we’ve never seen the country whitelist used, and just a few devices were whitelisted in early versions. Currently, no countries or devices are whitelisted. The entire Cosiloon URL is hardcoded in the APK.”

Well. That’s not cool. These companies need to explain why their phones ship with this stuff. Or better yet, I say that governments should say that if this stuff is on phones when they ship, then they can’t be sold. But I suspect that neither is going to happen and consumers will have to fend for themselves by sticking to iOS or the Samsungs or LGs of the world and avoiding this low end market entirely.

500K Routers Worldwide Pwned By VPNFilter Malware

Posted in Commentary with tags on May 23, 2018 by itnerd

Cisco’s Talos Intelligence Group is sounding the alarm about a new type of malware called VPNFilter. The malware contains a killswitch for routers, can steal logins and passwords and can monitor industrial control systems. And an attack would have the potential to cut off internet access for all the devices connected to the router. Ukraine seems to be particularly hard hit, which combined with what has been discovered about the malware, implies that this is Russian in origin.

Routers from Linksys, MikroTik, Netgear and TP-Link are affected. Netgear has suggested to users everywhere to upgrade the firmware on their routers. Nobody else seems to have any specific advice for users of their products. Which is of course bad.

In terms of protecting yourself, here’s the best that from Cisco’s Talos Intelligence group:

  • Users of SOHO routers and/or NAS devices reset them to factory defaults and reboot them in order to remove the potentially destructive, non-persistent stage 2 and stage 3 malware.

And that’s pretty much all the average end user can do. Hopefully more robust advice comes in the days ahead as this is far from trivial.