Archive for Security

That Mega Breach From The Other Day IS NOT NEW!

Posted in Commentary with tags on January 18, 2019 by itnerd

You might recall that I posted a story on a 773 million record breach that seemed to come out of nowhere. Well, Brian Krebs dug in and discovered that this breach is not new and didn’t come out of the blue:

KrebsOnSecurity sought perspective on this discovery from Alex Holden, CTO of Hold Security, a company that specializes in trawling underground spaces for intelligence about malicious actors and their stolen data dumps. Holden said the data appears to have first been posted to underground forums in October 2018, and that it is just a subset of a much larger tranche of passwords being peddled by a shadowy seller online.

There’s more. Krebs found the hacker behind this who goes by the name “Sanixer ” who said this:

Sanixer said Collection#1 consists of data pulled from a huge number of hacked sites, and was not exactly his “freshest” offering. Rather, he sort of steered me away from that archive, suggesting that — unlike most of his other wares — Collection #1 was at least 2-3 years old. His other password packages, which he said are not all pictured in the above screen shot and total more than 4 terabytes in size, are less than a year old, Sanixer explained.

Collection one is the breach that “appeared” the other day. And it’s 2-3 years old which implies that miscreants could have been exploiting that data for about that long. And he has more of these. Lovely.

The rest of Kreb’s article details why these sorts of collections of usernames and passwords are valuable, as well as what you can do to protect yourself. It’s a very interesting read and something that you should devote some time to. Seriously.

Advertisements

Android Phone Owners With Skype Installed Are Vulnerable To A Passcode Bypass Exploit

Posted in Commentary with tags , , on January 4, 2019 by itnerd

If you use Skype for Android, you should pay attention. Someone who is in possession of an Android phone with Skype installed on it simply has to to receive a Skype call and answer it without unlocking the handset. They can then view photos, look up contacts, send a message, and open the browser by tapping links in a sent message, all without ever unlocking the phone. The Register first reported this and I have a video below that demonstrates the exploit:

The vulnerability was reported to Microsoft and a fix is already out there via updating to the latest version of Skype. By doing so, you will ensure that you do not get pwned.

TLS 1.3 Approved…. Here’s Why You Should Care

Posted in Commentary with tags on August 14, 2018 by itnerd

If you’re worried about privacy on the Internet, then the final approval TLS 1.3 should matter to you. TLS 1.3 will make it much harder for eavesdroppers to decrypt intercepted traffic. But at the same time it’s a drop-in replacement for TLS 1.2 as it uses the same keys and certificates and clients and servers can automatically negotiate TLS 1.3 when they both support it. So that means that getting TLS 1.3 into the world should be quick. In fact both Firefox and Chrome already support a draft version of TLS 1.3 if you’re on the latest and greatest from either browser maker. TLS 1.3 is also less resource hungry and more efficient, meaning you should be able to both reduce latency and benefit from lower CPU usage. Or put another way, surfing the net will become a touch faster.

One of the big drivers behind the creation of TLS 1.3 is all the NSA revelations from a few years ago. Thus the big losers in this are spies and those who want to do evil things on the Internet – at least until they figure out a way to crack this new protocol. At which point the IETF will start on TLS 1.4.

aLTEr LTE Based Attack Is In The Wild And Is Unpatchable

Posted in Commentary with tags on July 3, 2018 by itnerd

If you use a smartphone on an LTE network, which means that I’m talking about everyone who is reading this, there is an upatchable flaw in the LTE standard that can allow an attacker to snoop on your browsing habits and redirect you to spoofing sites that could snatch your login credentials among other things.

The attack is called aLTEr and it was discovered by David Rupprecht, Katharina Kohls, Thorsten Holz and Christina Pöpper from Ruhr-Universität Bochum and New York University Abu Dhabi. Rather than explain this attack to you, you should watch this video instead:

The attack may be out there. But it isn’t likely to be widespread for the following reasons:

  1. You need about $4000 worth of gear to build yourself a fake cell tower to pull this off. That means the average 12 won’t be doing this. But an intelligence agency would try this.
  2. You have to be within a mile of the intended victim. Again an intelligence agency targeting a specific victim would try something like this.

There’s no way to stop it because fixing it requires the LTE standard to be overhauled. Which isn’t going to happen with 5G networks on the horizon which apparently protect one from this sort of attack. The best you might be able to do is to only surf to https encrypted sites. But that may not be a guarantee. Thus you might want to double check and triple check what you’re surfing on LTE to so that you stay safe.

#PSA: All-Radio 4.27 Portable Is Malware That You Really Want To Steer Clear Of

Posted in Commentary with tags on June 29, 2018 by itnerd

I often get called in to do malware removal. Sometimes, I am able to remove the malware in question. Sometimes, I can’t. Based on what I am reading here, All-Radio 4.27 Portable is going to be one of those ones that I can’t remove. At least not easily. Here’s why:

If your computer is suddenly displaying the above program, then your computer is infected with malware that installs rootkits, miners, information-stealing Trojans, and a program that is using your computer to send send out spam.

Unfortunately, while some security programs are able to remove parts of the infection, the rootkit component needs manual removal help at this time. Due to this and the amount of malware installed, if you are infected I suggest that you reinstall Windows from scratch if possible.

That’s not good to say the least. Thus you need to protect yourself from being a victim. Fortunately, that seems to be easy as it appears that this malware shows up on your computer if you install game cracks and Windows activation tools. Thus you should avoid those as this is a textbook example of what happens to you if you don’t. Beyond that, you should have an up to date antivirus installed. Not to mention having a backup strategy in case the worst happens.

VPNFilter: The Pwnage Is Worse Than Previously Thought

Posted in Commentary with tags on June 7, 2018 by itnerd

I have some bad news for you.

The VPNFilter malware that infected over 500,000 routers and NAS devices across a number of countries is much worse than previously thought. According to new research by the Cisco Talos security team, the malware which was initially thought to be able to infect devices from Linksys, MikroTik, Netgear, TP-Link, and QNAP can also infect routers made by ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. I would take a look at the list that Cisco Talos has come up with and see if your networking hardware is on the list.

Now if it is on that list, the plan of action that you should take to protect yourself is to update to the absolute latest firmware for your device. But you should also factory reset your router, turn off remote administration, and make sure you have it using a strong non-default password.

One other thing, you should consider the list above to be incomplete. It is highly likely that many other devices are affected by VPNFilter. Thus out of an abundance of caution, you may want to perform those steps on your router even if it isn’t on that list. I know I did.

 

Guest Post: 3 Ways Failing To Secure Your Business Data Can Prove Costly

Posted in Commentary with tags on May 26, 2018 by itnerd

By Penny Garbus

Every day, businesses across the country hum along efficiently, their operations supported by enormous reams of data that most employees – and bosses – take for granted.

Need to check inventory? Want to make sure a customer paid a bill? That information and much more is stored somewhere in a computer, always at the ready in time of need.

Except when it’s not.

Sometimes things go awry – a hacker, a system crash – that cause a business to lose critical data, and that can be devastating to the bottom line. Worst-case scenario: The business goes out of business.

“If you’re a business owner and you’ve not thought of data in relation to your financial well-being, don’t feel bad; you’re not alone,” says Penny Garbus, co-founder of Soaring Eagle Consulting Inc. (www.SoaringEagle.guru) and co-author of Mining New Gold – Managing your Business Data.

“Sometimes people are so busy running their businesses that they don’t have time to worry about the bits and bytes of their data and how relevant it is to longevity of their business.”

But they should, she says. Without data protection processes and procedures in place, the business could face serious consequences.

Garbus says data is like gold: It can be traded, it’s the base for creation of products, and if you lose it, you lose money.

Here are just three ways in which a failure to secure data can prove costly to a business:

  • Impact on sales. A sales team may be so dependent on data to do its job that a breach could mean sales goals aren’t met. That in turn affects the bottom line of the company. The longer it takes to reconstruct the data, the more money is lost.
  • Lawsuits and fines. Sometimes regulatory agencies require that certain records be kept. If a business loses that information, it could face potential fines or lawsuits. “Lawsuits and regulatory agencies can make your life a nightmare if you fail to understand, develop and follow processes that protected regulated data,” Garbus says. Customers also could sue if a system malfunction causes a business to fail to live up to a contract.
  • Ransomware. On occasion, malicious hackers infect your computers with software that blocks access to everything until you pay a ransom. “The ransoms are usually $1,000 and most companies pay the money,” Garbus says. Unfortunately, even paying a ransom is no guarantee a company’s data will be freed because on occasion the perpetrators demand even more money, she says. The situation can get even worse. “Sometimes the attacker has so completely destroyed data files and infected hard drives that they are unable to get the data back,” Garbus says. “The cost can run into thousands or even millions of dollars to get the company up and running again.”

“Any business that hasn’t already done so should begin a self-analysis to design data protection processes and procedures,” Garbus says. “You need to define your needs and then talk with your IT staff to ensure that the data recovery and protection strategies match those needs.

“But remember that this is not an insurmountable problem. If you take the right steps you can save yourself a lot of costs and headaches down the road.”

 

About Penny Garbus

Penny Garbus, co-founder of Soaring Eagle Consulting Inc. (www.SoaringEagle.guru), is co-author of Mining New Gold – Managing Your Business Data. She has been working in the data-management field since leaving college when she worked as a data entry clerk for Pitney Bowes Credit. She later ran the training and marketing department of Northern Lights Software.