Wednesday, August 26, 2015

Is wireless WiFi (compared to Ethernet) harmful to kids?

Can the switch from hardwired Internet to wireless expose people, especially children, to harmful “radiation”?  That’s the focus of a lawsuit in Massachusetts, which claims a schools change form Ethernet to WiFi made their son sick, ABC news story here.
Arguably, children’s skulls are thinner or their brains more vulnerable?
What about most homes and hotels with wireless routers, and children in them?  We’ve heard this question before with cell phones.  

Sunday, August 23, 2015

Is that cheesy "leave this page" pop-up harmful?

Some websites, especially those that try to sell financial planning or health-related services by introducing themselves with long-winded and leading videos or articles with many pages, come up with a javascript “leave this page” pop-up.  That may be appropriate when closing a page on which you had to complete a transaction that had already started, but it seems cheesy and manipulative, even intimidating, as a sales technique.  Is it harmful to your PC?
Apparently not.  Here are a few write-ups, on UK PCadvisor, Microsoft, and super user.
Picture: Real life "Traffic jam" at the Segamore Bridge to Cape Cod, weekend, early Aug. 2015. 


Thursday, August 20, 2015

"Reflective Denial of Service Attacks" explained by CERT

US-Cert in Pittsburgh has released a new warning about “UDP-Based Amplification Attacks”, also called “Distributed Reflective Denial of Service” (DRDoS) attacks.  These attacks are based on connection-less protocols that don’t validate source IP addresses.

CERT recommends that ISP’s not permit these kinds of connections or offer them.  But they may have become more common as ISP’s have started offering almost limitless bandwidth and disk space to small customers. 

These attacks could be a problem for smaller ISP’s (less common today than in the late 90s) or for those who run their own connections. 

Update: March 29, 2016

Any casual perusal of YouTube shows many videos on how to conduct DDOS.  Many of them require some scripting command language knowledge.  I'm a little surprised that their presence doesn't violate YouTube TOS, or maybe I'm not surprised.  There is mention of Anonymous and trying to attack ISIS on the Dark Web, too.  

Monday, August 17, 2015

EZPass phishing scam exposed; some customers can get legitimate emails from EZPass.

Security companies are warning of a phishing scam involving E-Zpass, claiming that you owe money and have allowed unpaid charges to accumulate on your transponder.

Consumer Reports has a story on the scam here

EZPass has an explanation of its own phishing policy here. EZPass can take legal action, including prosecution and civil action (trademark) if scammers are caught. 

However, EZPass will send a legitimate email when a credit card on file expires and it has trouble adding the next incremental credit (usually $35, after a balance falls below $7).  This happened with me in early July, and the email arrived early on a Sunday morning when I was going to drive to Philadelpha on toll roads.  The website did not work, but the transponder did OK.  On Monday I called to solve the problem, but had to call twice and wait through holds to get through to customer service to fix the problem.

It is true that unpaid tolls can cause fines.  This happened to me once with a rental in 2002 on the horrible Delaware turnpike.  More recently, car rental companies (in Florida, around Orlando) just generate another bill to the credit card on file when the bill comes in, so the system has gotten better.


Thursday, August 13, 2015

Enemies use crude techniques to build on-line target lists, but corporate and government database (and commercial software) vulnerabilities add to the problem

The media (especially CNN) today discussed a new “target list” of about 1400 people in the US (and probably including the UK and Australia), compiled by a well-known enemy (ISIS) determined to use social media to launch asymmetric and psychological warfare. (CNN has yet to post the news story, as of early Thursday evening; late in the evening it did, here.)  Troy Hunt has an interesting analysis of how these names and other identifiers could have been compiled from multiple sources, many of them government or corporate databases with employee or military personnel information, link here.

Hunt believes that the “hackers” paid very little attention to who the people are or what their jobs are.  Much of the data could come from publicly available sources (and there are numerous websites that sell culled public record information to subscribers).
But several techniques were used including “pastes”, and scrapes exploiting known Adobe vulnerabilities are presented.  There is also a new acronym, HIBP, “have I been pawned”.

Another newspaper, the Epoch Times, in a story by Joshua Phillipp, reports that much of the technical expertise for ISIS Internet activity is in the former Soviet bloc, some of it in Russia, link here.  This would seem consistent with what Troy Hunt presents in his article. 

Thursday, August 06, 2015

"Bitflipping" attacks on memory chips; are "telepathy" attacks next?

An article by Dan Goodin in Ars Technica  Aug. 4, 2015, describes an unusual hardware attack called “bitflipping.” The idea is to overload memory chips (in DDR3 chip modules) by deliberately attacking memory millions of times a second.  This kind of attack might be possible with usual malware distribution (by phishing or drive-by sites).  You could almost imagine this in a sci-fi context as a “telepathy attack”. Maybe Clive Barker was right about the role of magic when he wrote "Imajica" all the way back in 1991. 
You wonder about the wisdom of allowing modules to run with voice commands, maybe even thoughts. 

Wednesday, August 05, 2015

Zero-day vulnerability in recent Mac OS 10 versions (to adware) getting attention of security researchers

OS 10.10 now is reported to have a “zero-day vulnerability” that would allow hackers to install adware without needing owner’s password approval.  ArsTechnica has a story by Dan Goodin here. Some of this has to do with a “DYLD_PRINT_TO_FILE” exploit, a so-called “sudoers” hidden Unix or Linux file, blog post by Thomas Reed (and Adam Thomas).   

It’s also unclear that existing security products could pick up this exploit.  The vulnerability is said to live in 10.10.4 and in a beta version of 10.10.5.

It's interesting that more of these blog postings are showing snippets of deliberately "unsafe code". 

Apple (including personnel in stores) will have to start becoming more forthright on security vulnerabilities and on the expected security products and habits, as is already well known with PC’s.

Tuesday, August 04, 2015

Serious exploit possible on Linux servers doing DNS translation, could lead to DOS attacks

Dan Goodin of Ars Technica reports on a serious flaw in the way DNS translation is practiced on Linux servers for many websites, in a service called Bind, story link here. 
The flaw would appear to leave websites vulnerable to DOS attacks, or to redirection.  This may have happened sporadically in recent months with some small businesses.
The issue would seem to affect administrators at web hosting companies the most, or those who run their own servers. 
Sucuri has a blog post on “Bind9”, “denial of service exploit in the wild” here
In 2008, there was a major concern over the security of the DNS conversion system, enough to cause emergency international meetings to be hosted by Microsoft.  These problems had been detected by researchers in Finland.  I reported this on my “identity theft” blog on August 9, 2008 (probably not the best place).


Monday, August 03, 2015

Researchers show firmware hack of MacBook is possible

Jack Varcarel of Wired reports on a “proof of concept” firmware infection of the MacBook, in an article here.  He also notes that Dell and Lenovo, at least, have been more proactive in protecting firmware than Apple, so the idea that Macs are automatically safer isn’t always true.

A firmware infection would happen in two steps.  First, a phishing link or possibly infected site would load some introductory malware (which a virus scanner should detect). The malware could lead to firmware infection if a subsequent infected device (like an Ethernet adapter) were inserted.  Bad Ethernet adapters might be sold on e-commerce sites.  This sort of scenario is more likely with industrial or political espionage (even state-sponsored) than ordinary home users.
One particular vulnerability was called “Thunderstrike 2”.  Normal antivirus software won’t find firmware infections.

Darlene Storm has a similar story in "The Fix" in PCWorld here