Sunday, August 28, 2016

Hacking a home's smart appliances


Is it really a good idea to tie all your home appliances to a smart grid?

Webroot describes a proof-of-concept ransomware attack for a home thermostat here.

Where I would wonder about this is whether elaborate home security systems could be hacked, including devices to alert you by smart phone when anyone rings your doorbell or even appears at the door.  Of course, you can’t use these when driving or in a no-phones area.

In the worst scenarios, hacking could even start home fires.  Homeowners, especially those who live alone and travel for long periods, need to contemplate the safety of any devices inadvertently left on (including power strips or surge protectors).

Tuesday, August 23, 2016

DHL package service trademark misused in phishing email scam loading adware and spyware Trojan


Many users may get spam email purporting that the user has a package from DHL, and needs to enter a delivery address and other info.

Windows users can get infected with the Troy/Bredo-AGB Trojan Horse.  It seems to get passed by opening the attached zip file

Sophos has a story, here.

Spywareremoval has a “baby talk” removal guide here. The Trojam reportedly is hard to detect with some standard anti-virus packages.  It appears that it steals credit and bank card information for possible fraudulent charges or account drains later.

The operation almost certainly happens overseas (maybe Russia) otherswise DHL could have stopped it on trademark violations.  Countries like Russia don't have many legitimate jobs for teen and twenty-something male programmers.  This is part of Vladimir Putin's strategy to attack the West.

Monday, August 08, 2016

Tiny url link to "come-on" sensational news story leads to scareware; why don't Chrome and W10 block these on their own?


Today, I clicked on a Twitter tiny url about Steven Johnson's Syndrome (a catastrophic skin disease, rare, in some young children -- look it up in Wikipedia or on Mayo Clinic) leading to “Viralplanet”, which led to a series of frames for successive pages and pictures.

The site was not marked suspicious by Trend Micro, but generally sites that behave this way to serve more adware may be riskier.  Suddenly, I was sent to ‘njyde.com” and got one of these browser (Chrome) hacks that locks up the browser, sounds a beeper, and locks the machine and demands you call an 800 number to pay ransom.

I simply hit the power button in Windows 10 to bring up Windows 10.  Chrome came up clean.  I ran the quick scan, and then the full scan (about 30 minutes) on Trend, and both came up clean.   So this does not seem to load an executable, or constitute real “ransomware”.



This seems like a very transparent hack, that not many people would fall for.  It seems it is done out of desperation, from countries with bad economies and few jobs for programmers (Russia).

Security companies should investigate “njyde”, which may be a deliberate misspelling of a legitimate site.
 
But why can’t Google Chrome and Windows 10 just block this behavior?  Why is opening a web page “dangerous”?  Chrome's pop-up blocker blocks too much.  Why is it hard for them to intercept malicious javascript?

Thursday, August 04, 2016

Flaw could enable crooks to bypass debit card chips


New credit and debit card chips could be defeated by malware that causes the reader to believe the card has only the conventional old magnetic strip and not the chip. CNN has a report here.

Others say that back end retail systems would still reject any such transactions.
 
Most retail establishments now seem to have the new readers, which had been common in Europe previously.

Wednesday, August 03, 2016

New hack of https reported: are financial consumers safe (as per "Marathon Man"?)


Dan Goodin of Ars Technica has a disturbing article about a new way to intercept https secure transactions with no need for a “man in the middle”.  The link for the story is here.
 
The attack involves some intricate programming methods called HEIST, BREACH and CRIME.

A very determined hacker could seem to be able to raid almost any bank account.  Users should regularly monitor all their accounts during normal business hours and be prepared to contact their institutions quickly.


 
A good question is how this could affect the “https everywhere” debate.

Monday, July 25, 2016

Evidence mounts that Russian malware exposed the DNC's emails "overprotecting" Hillary Clinton


Numerous stories have erupted in the past few days about emails that leaked, after a hacking attempt, that seem to suggest that the DNC would go out of its way to help Hillary Clinton get the nomination instead of Bernie Sanders. The AP has a story in the NYTimes about the FBI investigation.  The emails were posted by Wikileaks .

But technical publications claim that the hack shows evidence of specific malware from Russia, going by monikers “Cozy Bear” and “Fancy Bear”.  There is a suggestion that Vladimir Putin would like to embarrass Hillary Clinton further to help Donald Trump get elected.  But Julian Assange denies that Wikileaks took advantage of malware.



There is also an important piece on Techcrunch about the unreliability of “digital signatures” and about how large organizations are using “predictive analysis” to buttress their security.  .

Brian Ross of ABC News reports that "beyond a reasonable doubt", it's shown that Russia was behind the hack.  "Cute" young intelligence analyst Michael Weiss on CNN had some fun with this on twitter.

Saturday, July 23, 2016

Forbes paid content loads ads that lock Google Chrome browser


Today, I went to a paid content article from Forbes (linked from CNN) on the “10 best states to make a living”.  OK, #10 was Minnesota, with a picture of Minneapolis – and when I clicked to see #9 I got a full screen ad from an email marketing company.  I was able to back out of it, but when I tried it again, Chrome would not let me back out, or get back to the computer.  I had to power off the machine and “quick start” Windows 10.  I restarted it fully, and ran a quick scan on Trend Micro, which found no problems.  I’ll restart one more time and run a full scan soon. (Done now.)

This may be a Chrome security vulnerability, that it allows an ad to take over the browser and not let you out (unless you sign up).  Google could fix this.

This is obviously a security problem Trend should catch, and that Chrome should not allow.  It does not appear to be ransomware.

I think this little incident gives pause to consider how difficult it is today for some people to make a living, that they are trying silly marketing schemes out of desperation. Make America great again???