The IT Nerd

There’s a report on ZDNet that flags the fact that several popular password managers apparently have flaws in them that can lead to password theft:

Independent Security Evaluators (ISE) published an assessment on Tuesday with the results of testing with several popular password managers, including LastPass and KeePass. The team said that each password management solution “failed to provide the security to safeguard a user’s passwords as advertised” and “fundamental flaws” were found that “exposed the data they are designed to protect.”

The vulnerabilities were found in software operating on Windows 10 systems. In one example, the master password which users need to use to access their cache of credentials was stored in PC RAM in a plaintext, readable format. ISE was able to extract these passwords and other login credentials from memory while the password manager in question was locked. It may be possible that malicious programs downloaded to the same machine by threat actors could do the same.

This report only covers a handful of password managers. So if you use a password manager that is not listed here, you might want to reach out to the company that makes it to see where they stand on this issue. However, you should also consider the following. To exploit what’s written in this report, you have to have hardware level access to a PC to the point where you can read RAM in order to get someone’s master password from their password manager. Or put another way, you would have to have physical control of the computer in question. That’s way too much effort. It would be much more efficient to install a keylogger and capture everything. But maybe I’m looking at this wrong?

A report from a security researcher is claiming that a vulnerability affecting the firmware of a popular WiFi chipset deployed in a wide range of devices, such as laptops, smartphones, gaming rigs, routers, and Internet of Things (IoT) devices.

Denis Selianin says that vulnerability impacts the firmware of Marvell Avastar 88W8897, one of the most popular WiFi chipsets on the market. You can find it in devices like the Sony PlayStation 4, Xbox One, Microsoft Surface laptops, Samsung Chromebooks, Samsung Galaxy J1 smartphones, and Valve SteamLink cast devices, just to name a few.

Selianin described how someone could exploit the Avastar firmware (based on a custom implementation of the ThreadX real-time operating system) to execute malicious code without any user interaction. The report contains the technical details on exploiting the vulnerability and a demo video which is below.

Proof-of-concept code has not been released at this time. But patches are in the works. Check for updates shortly on your device.

You might recall that I posted a story on a 773 million record breach that seemed to come out of nowhere. Well, Brian Krebs dug in and discovered that this breach is not new and didn’t come out of the blue:

KrebsOnSecurity sought perspective on this discovery from Alex Holden, CTO of Hold Security, a company that specializes in trawling underground spaces for intelligence about malicious actors and their stolen data dumps. Holden said the data appears to have first been posted to underground forums in October 2018, and that it is just a subset of a much larger tranche of passwords being peddled by a shadowy seller online.

There’s more. Krebs found the hacker behind this who goes by the name “Sanixer ” who said this:

Sanixer said Collection#1 consists of data pulled from a huge number of hacked sites, and was not exactly his “freshest” offering. Rather, he sort of steered me away from that archive, suggesting that — unlike most of his other wares — Collection #1 was at least 2-3 years old. His other password packages, which he said are not all pictured in the above screen shot and total more than 4 terabytes in size, are less than a year old, Sanixer explained.

Collection one is the breach that “appeared” the other day. And it’s 2-3 years old which implies that miscreants could have been exploiting that data for about that long. And he has more of these. Lovely.

The rest of Kreb’s article details why these sorts of collections of usernames and passwords are valuable, as well as what you can do to protect yourself. It’s a very interesting read and something that you should devote some time to. Seriously.

If you’re worried about privacy on the Internet, then the final approval TLS 1.3 should matter to you. TLS 1.3 will make it much harder for eavesdroppers to decrypt intercepted traffic. But at the same time it’s a drop-in replacement for TLS 1.2 as it uses the same keys and certificates and clients and servers can automatically negotiate TLS 1.3 when they both support it. So that means that getting TLS 1.3 into the world should be quick. In fact both Firefox and Chrome already support a draft version of TLS 1.3 if you’re on the latest and greatest from either browser maker. TLS 1.3 is also less resource hungry and more efficient, meaning you should be able to both reduce latency and benefit from lower CPU usage. Or put another way, surfing the net will become a touch faster.

One of the big drivers behind the creation of TLS 1.3 is all the NSA revelations from a few years ago. Thus the big losers in this are spies and those who want to do evil things on the Internet – at least until they figure out a way to crack this new protocol. At which point the IETF will start on TLS 1.4.

If you use a smartphone on an LTE network, which means that I’m talking about everyone who is reading this, there is an upatchable flaw in the LTE standard that can allow an attacker to snoop on your browsing habits and redirect you to spoofing sites that could snatch your login credentials among other things.

The attack is called aLTEr and it was discovered by David Rupprecht, Katharina Kohls, Thorsten Holz and Christina Pöpper from Ruhr-Universität Bochum and New York University Abu Dhabi. Rather than explain this attack to you, you should watch this video instead:

The attack may be out there. But it isn’t likely to be widespread for the following reasons:

1. You need about $4000 worth of gear to build yourself a fake cell tower to pull this off. That means the average 12 won’t be doing this. But an intelligence agency would try this.
2. You have to be within a mile of the intended victim. Again an intelligence agency targeting a specific victim would try something like this.

There’s no way to stop it because fixing it requires the LTE standard to be overhauled. Which isn’t going to happen with 5G networks on the horizon which apparently protect one from this sort of attack. The best you might be able to do is to only surf to https encrypted sites. But that may not be a guarantee. Thus you might want to double check and triple check what you’re surfing on LTE to so that you stay safe.

I often get called in to do malware removal. Sometimes, I am able to remove the malware in question. Sometimes, I can’t. Based on what I am reading here, All-Radio 4.27 Portable is going to be one of those ones that I can’t remove. At least not easily. Here’s why:

If your computer is suddenly displaying the above program, then your computer is infected with malware that installs rootkits, miners, information-stealing Trojans, and a program that is using your computer to send send out spam.

Unfortunately, while some security programs are able to remove parts of the infection, the rootkit component needs manual removal help at this time. Due to this and the amount of malware installed, if you are infected I suggest that you reinstall Windows from scratch if possible.

That’s not good to say the least. Thus you need to protect yourself from being a victim. Fortunately, that seems to be easy as it appears that this malware shows up on your computer if you install game cracks and Windows activation tools. Thus you should avoid those as this is a textbook example of what happens to you if you don’t. Beyond that, you should have an up to date antivirus installed. Not to mention having a backup strategy in case the worst happens.