Security Corner


January 26, 2014  4:57 PM

Bogus funeral announcement points to malware

Ken Harthun Ken Harthun Profile: Ken Harthun
Source: FortBendNow.com

Source: FortBendNow.com

One of the latest tricks in the cyber-criminals’ bags is an email with the subject (it varies), “Death and Funeral Announcement.” Now, what normal person would see that and NOT open it? I know I did. What I DIDN’T do, of course was click the link which pointed to a site <domain name>.be. Here’s the text:

For this unprecedented event, we offer our deepest prayers of condolence and invite
to you to be present at the celebration of your friends [sic] life service on
Thursday, January 22, 2014 that will take place at Eubank Funeral Home at 11:00 a.m.

Please find invitation and more detailed information about the farewell ceremony  here .

Best wishes and prayers,

Funeral home receptionist,
William Mccarty

After a few seconds of oh-my-god-who-died, I re-read the email and spotted the obvious bad grammar and realized this was a scan. Researching led me to discover that the link target delivers a Trojan. I also looked at the headers and found the originator was at IP address 89.108.70.217 (lookup tool) which has these attributes:

IP : 89.108.70.217     Neighborhood
Host : vm1351.vps.agava.net    OK
Country : Russian Federation  

And that is enough to confirm that I certainly don’t want whatever they have!

January 20, 2014  8:53 PM

How to stay (relatively) secure with XP at the end of support – Part 2

Ken Harthun Ken Harthun Profile: Ken Harthun

In How to stay (relatively) secure with XP at the end of support – Part 1, I recommended that you ditch IE 8 for Chrome or Firefox for web surfing and promised to provide even more advice. In this post, I give you several more ways to operate with Windows XP in a relatively safe manner after the end of support.

Microsoft has extended its anti-malware protection for Windows XP until July 15, 2015: Anti-malware protection for Windows XP extended to July, 2015 and Malwarebytes Anti-malware is likely to support Windows XP for several years to come. So, the first thing to do is make sure you keep both of these programs updated. Windows Secrets has this to say:

Keeping your antivirus software up to date is always important, but even more so with Windows XP. My preferred AV setup is a combination of Microsoft Security Essentials (site) and Malwarebytes’ Anti-Malware (site)

It’s also a good idea to run periodic scans using an offline rescue disk such as Sophos’ Bootable Anti Virus to detect and remove rootkits and stealthy malware.

Naturally, you’ll want to make sure that your XP box is sitting behind a NAT router and make sure your Windows Firewall is active and properly configured.

While you’re at it, why not just disable web browsing entirely? You can still keep your XP box accessible to your local network and use it for file sharing and those special apps, it just won’t be able to reach the internet. Here’s how:

lanproxyProxy2And one more tip from Windows Secrets. OpenDNS blocks browsing to known malicious sites.:

Adding the OpenDNS settings to your router extends Web filtering to all devices on the local net. The process is relatively simple: open the router’s admin menu system and enter 208.67.222.222 and 208.67.220.220 (these are OpenDNS’s IP addresses) into the router’s DNS section.

And finally, keep any third party applications that continue to support XP up to date. Many vendors will probably move on, but there will be those who continue to support XP well into the future. Take advantage of their efforts by applying patches as they become available.


January 20, 2014  8:08 PM

Anti-malware protection for Windows XP extended to July, 2015

Ken Harthun Ken Harthun Profile: Ken Harthun

mseWith the Windows XP end of support date of April 8, 2014 looming on the horizon, many of us have wondered what would happen with anti-malware software. The good news is that Microsoft recently announced they have extended their anti-malware protection for XP: “To help organizations complete their migrations, Microsoft will continue to provide updates to our antimalware signatures and engine for Windows XP users through July 14, 2015.”

What does this mean, exactly?

For enterprise customers, this applies to System Center Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection and Windows Intune running on Windows XP. For consumers, this applies to Microsoft Security Essentials.

So, despite no more security patches after April 8, we’ll still have some protection; we won’t be running naked. Still, that doesn’t mean we can just go on whistling past the graveyard. Microsoft warns:

Our research shows that the effectiveness of antimalware solutions on out-of-support operating systems is limited. Running a well-protected solution starts with using modern software and hardware designed to help protect against today’s threat landscape.

Microsoft recommends best practices to protect your PC such as:

  • Using modern software that has advanced security technologies and is supported with regular security updates,
  • Regularly applying security updates for all software installed,
  • Running up-to-date anti-virus software.

By the way, my other favorite product, Malwarebytes Anti-malware, will continue to support XP indefinitely: “MBAM 1.75 supports XP (obviously :P) and 2.0 which is currently in testing also supports XP. Our other tools and products like MBAR, MBAE etc. also support XP and we have no plans on changing that. We know that a lot of people will continue to use XP for some time so we’ll continue to offer products and tools to help secure those systems for as long as we can.”


January 1, 2014  7:02 PM

Happy New Year!

Ken Harthun Ken Harthun Profile: Ken Harthun

Thanks to everyone who read my ruminations here in 2013. May you Flourish and Prosper in 2014.

happy-new-year-ribbon


December 31, 2013  6:24 PM

How to stay (relatively) secure with XP at the end of support – Part 1

Ken Harthun Ken Harthun Profile: Ken Harthun

R_I_P_XP_gravestoneIt’s hard to believe that Windows XP is almost 13 years old. It seems like yesterday when it was first released. Microsoft will officially end support for Windows XP in less than four months (April 8, 2014) meaning — for one thing — that they will no longer release security updates for the operating system. Moreover, third-party vendors will likely stop development of XP-compatible drivers and whatnot. This will leave anyone still using XP with a machine stuck in time, forever doomed to insecurity and running stagnant software. To all intents and purposes, it’s time to upgrade to Windows 7 or Windows 8.

But what if you can’t (or won’t) upgrade? Some older hardware may not run Windows 7 or 8 properly or you may have a special application that won’t run on anything but XP. Perhaps you’ve kept your system finely tuned and, like me, see no need to invest in new equipment (I still run some some amateur radio software under FreeDOS on a 90′s vintage IBM ThinkPad and it works just fine).

Get used to the idea that you are not going to be able to maintain the level of security you enjoyed before and that you are going to have to upgrade eventually (or switch to Mac which is, in the main, what I am doing). For now, there are still some things you can do to maintain some relative security while running XP. I’ll cover the other points in Part 2. For now, the main thing you can do is switch away from Internet Explorer. Version 8 is as high as you can go on XP and version 8 is just not that secure. Most exploits happen via the web browser these days and you don’t want to help out the hackers by using one that’s easily exploited. Move to Chrome or Firefox. You must keep IE 8 installed and updated, just don’t use it for web browsing.

Now, go have a great New Year celebration and I’ll see you in 2014.


December 26, 2013  1:36 PM

Merry Christmas!

Ken Harthun Ken Harthun Profile: Ken Harthun

For both personal and technical reasons, I am posting this a few hours late. But, since the spirit of Christmas should be with us every day of the year, it’s never really too late. Merry Christmas to you and all your loved ones.

merry_christmas_card1

 


December 22, 2013  1:43 AM

Shhhh! Your PC is telling someone its secrets (keys, that is)

Ken Harthun Ken Harthun Profile: Ken Harthun
Source: mobyrebuttal.blogspot.com

Source: mobyrebuttal.blogspot.com

Your PC or laptop is a disloyal little traitor. She (or he, if you prefer) is happily sitting there chattering away, revealing your RSA keys to anyone who cares to listen. Yes, my friend, even RSA isn’t good enough anymore.

No, it’s not April first, and no, I’m not making this up. A Debian Security Advisory, DSA-2821-1, CVE ID, CVE-2013-4576, issued December 18, 2013, gives the scoop:

Genkin, Shamir and Tromer discovered that RSA key material could be extracted by using the sound generated by the computer during the decryption of some chosen ciphertexts.

The Shamir is Adi Shamir, the S in RSA.

Those of you who have been around for awhile will recall that “listening” to the emissions of CRT screens — known  as “Van Eck phreaking” — was once used as a way to eavesdrop. (The link points to a fascinating video. Check it out.) The researchers’ approach is similar, but exists in the acoustic rather than the electromagnetic realm.

I admit my lead is a bit over the top. For someone to pull off such an attack requires physical access to the equipment and a whole lot of tinkering as detailed in their report. But it works, and if the obstacles can be overcome, it’s a real threat. I highly recommend you study the paper. You’ll learn why data security isn’t as simple as you think.

For those of you who may be super paranoid about such things, here are some ways to interfere and, perhaps, thwart such an attack as presented in the Naked Security blog post:

1. Disabling auto-decryption of received emails.
2. Putting your mobile phone in your pocket or bag before reading encrypted emails.
3. The presence of background noise.
4. “Decoy processes” running on other CPU cores at the same time.


December 20, 2013  4:23 PM

Keeping your kids safe online

Ken Harthun Ken Harthun Profile: Ken Harthun

I don’t often write short posts that are mostly the content of others’ blogs, but this one is too good not to share with you. From Naked Security, “Five minute fix: Keeping your kids safe online with parental controls:”

We hear too often about predators targeting and grooming kids online. But the internet has also increased the potential dangers for kids in other ways too. The biggest of these, and perhaps most well publicised, comes in the form of cyber bullying.

. . .

By following our tips for some of the more popular platforms your kids are likely to be using, you can increase their chances of staying safe and emotionally secure online.

Hopefully the short summaries above should allow parents to implement a degree of control that they are happy with over the devices their children are likely to be using.


December 10, 2013  12:00 AM

Have you been pwned?

Ken Harthun Ken Harthun Profile: Ken Harthun

Data breaches have been big news over the past couple of years with some big players leaking huge numbers of online accounts and email addresses. These accounts are now “pwned,” being subject to illicit use by hackers. Here are some of the big players and the number of compromised accounts:

  • Adobe – 152,445,165 accounts
  • Statfor – 859,777 accounts
  • Gawker – 532,659 accounts
  • Yahoo – 453,427 accounts
  • Pixel Federation – 38,101 accounts
  • Sony – 37,103 accounts

The countermeasure is to make sure all of your accounts have strong passwords and that the passwords are not duplicated from one site to the next.

To find out if any of your accounts have been pwned, you can visit http://www.haveibeenpwned.com, enter your email address (you can check as many email addresses as you want) and click the “pwned?” button. You’ll get one of two responses as shown below:

nopwnage

The one above shows you’re OK. No need to fret about it. If you get the one below, you had better take action.

pwnage

Oh, oh! You’re pwned. Change your password immediately to something strong and be sure you’re not using the same passwords on multiple sites.


December 8, 2013  9:25 PM

The Internet Must Go

Ken Harthun Ken Harthun Profile: Ken Harthun

If you don’t understand Net Neutrality, perhaps this video will enlighten you. It shows what the ISPs want to do to kill the idea, and why. That’s all I’m going to say. Arrive at your own conclusion after viewing this informative (and refreshingly snarky) video.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: