Archive for Security

Here’s Why You NEVER Pay Up If You’re Infected With Ransomware….. 50% Of People Who Did Never Got Their Files Back

Posted in Commentary with tags on March 9, 2018 by itnerd

If you get infected with ransomware, you may be tempted to pay the ransom. I can understand why that would be your first instinct. But this study should make you think twice about that and take steps to protect yourself:

A massive survey of nearly 1,200 IT security practitioners and decision makers across 17 countries reveals that half the people who fell victim to ransomware infections last year were able to recover their files after paying the ransom demand. The survey, carried out by research and marketing firm CyberEdge Group, reveals that paying the ransom demand, even if for desperate reasons, does not guarantee that victims will regain access to their files. Timely backups are still the most efficient defense against possible ransomware infections, as it allows easy recovery. The survey reveals that 55% of all responders suffered a ransomware infection in 2017, compared to the previous year’s study, when 61% experienced similar incidents. Of all the victims who suffered ransomware infections, CyberEdge discovered that 61.3% opted not to pay the ransom at all. Some lost files for good (8%), while the rest (53.3%) managed to recover files, either from backups or by using ransomware decrypter applications. Of the 38.7% who opted to pay the ransom, a little less than half (19.1%) recovered their files using the tools provided by the ransomware authors.

So, it’s a coin flip as to if you get your data back once you pay the ransom. Which means that you shouldn’t pay the ransom. Instead you need to take steps to ensure that you can deal with a ransomware attack without having to go to the scumbags who did it.

  1. Back up your data. This is something I keep saying and this is why you should do it. With a back up you simply wipe the computer clean, restore the data and go back to work. For bonus points, you should keep a copy of your data off-site as in the cloud or in a safety deposit box.
  2. Keep your OS and other software up to date. The reason being that ransomware is often spread through exploits that have not been patched. Thus keeping your OS and software up to date is a great defense mechanism.
  3. Run antivirus software. While that comes from the file marked “duh”, you’d be surprised how often I see PC users in this day and age who don’t. And there are Mac users who still think that they aren’t affected by viruses. The fact is that everyone needs antivirus software. And I do mean EVERYONE.

So what happens if you do none of this and you get pwned by ransomware? Well, the first thing you shouldn’t do is pay up. Instead the first thing to do is disconnect your computer from the network so it does not infect other computers on your local network or on the Internet. Then report the crime to law enforcement. Finally, seek help from a technology professional who specializes in data recovery to see what your options might be in terms of recovering those files. Antivirus companies will often release file decryption software to recover files. And there are other ways of getting your files back if the ransomware in question is well known and well studied. But the best deference to ransomware is to do the three steps above. Then you don’t have to worry if you get hit by it.


Flaws In The LTE Protocol Can Lead To Epic Pwnage

Posted in Commentary with tags , on March 5, 2018 by itnerd

Researchers at at the University of Iowa and Purdue University have uncovered 10 different attack vectors that exploit flaws in three critical protocol operations of the LTE mobile network that we humans have come to depend upon to keep us connected to Facebook and Instagram.

All the attacks fall under one bucket which is called the authentication relay attack. These attacks allow hackers to connect to an LTE network without credentials, as well as to masquerade as a target’s device. Plus they can eavesdrop on phone calls and text messages, knock devices offline, and even spoof emergency alerts. In other words they can do some bad stuff and get away without getting caught. Here’s what researcher Syed Rafiul Hussain told ZDNet:

Among the 10 newly detected attacks, we have verified eight of them in a real testbed with SIM cards from four major US carriers.


The root cause of most of these attacks are the lacks of proper authentication, encryption, and replay protection in the important protocol messages.

This sounds similar to something that I wrote about that centered around Canadian carriers getting a failing grade when it came to security last year. Now one of the US carriers named has already implemented a fix. But I wonder if those carriers in Canada who didn’t measure up when it came to protecting their customers from stuff like this have done so. Never mind the other US carriers or carriers elsewhere. It would be really reassuring if they call came out and spoke to this so that we didn’t have to assume that they weren’t taking the security of their networks seriously.

Thousands Of FedEx Customers Had Their Data Exposed On A Wide Open Server

Posted in Commentary with tags on February 16, 2018 by itnerd

You have to wonder when will companies learn that securing customer data isn’t optional. I say that because Kromtech Security Center which is the parent company of MacKeeper Security has found that thousands of FedEx customers have had their private information exposed after one of the courier’s Amazon S3 servers was left open without a password. FedEx got the server as part of buying a company called Bongo International a few years ago. Now here’s the really bad part, after Kromtech reached out to FedEx to tell them about the security screw up, the server was then yanked from pubic view. Which implies that they had no clue that this server was sitting out there wide open for anyone to find.

So, what data are we talking about here? Nothing significant really. Just passport information, driver’s licenses and other high profile security info that would allow any miscreant to steal your identity. And the data comes from customers around the world.


Bob Diachenko, head of communications, Kromtech Security Center had this to say:

“Technically, anybody who used Bongo International services back in 2009-2012 is at risk of having his/her documents scanned and available online for so many years. Seems like bucket has been available for public access for many years in a row. Applications are dated within 2009-2012 range, and it is unknown whether FedEx was aware of that “heritage” when it bought Bongo International back in 2014″

For it’s part, FedEx had this to say:

“After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure. The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated and will continue our investigation.”

Seeing as this S3 server was available for who knows how long, nobody knows if data was swiped. If I were FedEx, I’d assume that data was swiped by the forces of evil and then start reaching out to those who had info on this server and give them the heads up. Because these days you can’t be too careful.

Government Websites Pwned To Mine Cryptocurrency

Posted in Commentary with tags on February 12, 2018 by itnerd

It seems that with Cryptocurrency being the big thing at the moment, there are new exploits and attacks to help some people mine this currency. I’ve written about cryptojacking in the past and this report from the BBC shows a real life example of why this is a threat:

The Information Commissioner’s Office (ICO) took down its website after a warning that hackers were taking control of visitors’ computers to mine cryptocurrency.

Security researcher Scott Helme said more than 4,000 websites, including many government ones, were affected.

He said the affected code had now been disabled and visitors were no longer at risk.

The ICO said: “We are aware of the issue and are working to resolve it.”

Mr Helme said he was alerted by a friend who had received a malware warning when he visited the ICO website.

It’s clear from this that website operators need to take this threat more seriously. Besides doing audits on what should be running on their site, anything that isn’t needed such as Javascript should be pulled from the site. After all, while users should be protecting themselves, website operators need to ensure that they aren’t serving up anything that’s bad to their users.

Why The Wireless Speaker Hack Story Is A Non Story

Posted in Commentary with tags , , on December 28, 2017 by itnerd

There’s a story that is making the rounds from Wired that will be of interest to those who own Bose or Sonos wireless speakers:

Researchers at Trend Micro have found that some models of Sonos and Bose speakers—including the Sonos Play:1, the newer Sonos One, and Bose SoundTouch systems—can be pinpointed online with simple internet scans, accessed remotely, and then commandeered with straightforward tricks to play any audio file that a hacker chooses. Only a small fraction of the total number of Bose and Sonos speakers were found to be accessible in their scans. But the researchers warn that anyone with a compromised device on their home network, or who has opened up their network to provide direct access to a server they’re running to the external internet—say, to host a game server or share files—has potentially left their fancy speakers vulnerable to an epic aural prank.

While this isn’t epic pwnage on the scale of an Equifax or someting, this sounds pretty dire. Speakers that can be pwned from the Internet? Scary right?

Actually no.

The problem with this story is this. The key point is in red:

But the researchers warn that anyone with a compromised device on their home network, or who has opened up their network to provide direct access to a server they’re running to the external internet—say, to host a game server or share files—has potentially left their fancy speakers vulnerable to an epic aural prank.

So, part of the way to pull off this hack is to have your network in whole (which would be dumb) or in part (which would be a questionable idea at best) to be exposed to the Internet. While there are likely things that both Sonos and Bose can do to tighten things up when it comes to their wireless speakers, they are not the problem here. Besides, having a network that is open in whole or in part to the outside world potentially exposes everything on that network to pwnage. Thus this isn’t a story about a vulnerability in wireless speakers. It’s a story about people doing dumb things when it comes to network security. That’s why this story is a non story.

Bottom line: Nothing to see here. Move along.

Alteryx Data Found On Amazon S3 Bucket Unsecured…. Data On 123 Million US Households Exposed

Posted in Commentary with tags on December 20, 2017 by itnerd

The latest company to be a victim of not properly securing customer data is Alteryx which is an analytics company. A database containing information on more than 123 million American households was sitting unsecured on the internet in an Amazon S3 bucket. Security company UpGuard made the discovery in October.


The data set included 248 different data fields covering a wide variety of specific personal information, including address, age, gender, education, occupation and marital status. Other fields included mortgage and financial information, phone numbers and the number of children in the household. If you wanted to get some data to steal an identity or two, this is a great place to start.


But it gets worse. The database contained data sets belonging to Alteryx partner Experian which is a consumer credit reporting agency that competes with now famous for being pwned Equifax. It also contained data from the US Census Bureau. Alteryx apparently purchased the data from Experian’s ConsumerView marketing database, a product sold to other companies that contains a combination of publicly available information and more personal data.


You have to wonder what it will take for companies to properly secure customer data. Stuff like this is completely unacceptable and clearly there is a need for swift and severe punishments for this level of stupidity. Otherwise the pwnage and leaks will continue and we will all suffer as a result.

2017’s List Of Worst Passwords Released….. No Wonder People Get Pwned

Posted in Commentary with tags on December 20, 2017 by itnerd

Splash Data has come out with the list of 100 worst passwords for 2017 and it illustrates while pwnage is epic at the moment. The worst password is “123456” along with “password” being next on the list, followed by “12345678”. Of note, there’s also “Starwars” and a bunch of swear words on this list as well.

Folks, if you use any password on this list, you deserve to get pwned and I will have no sympathy for you. However, if you want to make yourself secure, here’s some tips from Intel Security on how to create a strong password. I suggest you follow their advice as you can bet that miscreants will be pwning people right left and center by trying passwords that are on this list. If they’re aren’t already.