Monday, July 25, 2016

Evidence mounts that Russian malware exposed the DNC's emails "overprotecting" Hillary Clinton

Numerous stories have erupted in the past few days about emails that leaked, after a hacking attempt, that seem to suggest that the DNC would go out of its way to help Hillary Clinton get the nomination instead of Bernie Sanders. The AP has a story in the NYTimes about the FBI investigation.  The emails were posted by Wikileaks .

But technical publications claim that the hack shows evidence of specific malware from Russia, going by monikers “Cozy Bear” and “Fancy Bear”.  There is a suggestion that Vladimir Putin would like to embarrass Hillary Clinton further to help Donald Trump get elected.  But Julian Assange denies that Wikileaks took advantage of malware.

There is also an important piece on Techcrunch about the unreliability of “digital signatures” and about how large organizations are using “predictive analysis” to buttress their security.  .

Brian Ross of ABC News reports that "beyond a reasonable doubt", it's shown that Russia was behind the hack.  "Cute" young intelligence analyst Michael Weiss on CNN had some fun with this on twitter.

Saturday, July 23, 2016

Forbes paid content loads ads that lock Google Chrome browser

Today, I went to a paid content article from Forbes (linked from CNN) on the “10 best states to make a living”.  OK, #10 was Minnesota, with a picture of Minneapolis – and when I clicked to see #9 I got a full screen ad from an email marketing company.  I was able to back out of it, but when I tried it again, Chrome would not let me back out, or get back to the computer.  I had to power off the machine and “quick start” Windows 10.  I restarted it fully, and ran a quick scan on Trend Micro, which found no problems.  I’ll restart one more time and run a full scan soon. (Done now.)

This may be a Chrome security vulnerability, that it allows an ad to take over the browser and not let you out (unless you sign up).  Google could fix this.

This is obviously a security problem Trend should catch, and that Chrome should not allow.  It does not appear to be ransomware.

I think this little incident gives pause to consider how difficult it is today for some people to make a living, that they are trying silly marketing schemes out of desperation. Make America great again???

Monday, July 18, 2016

A little bit of experience with SiteLock

I did see how SiteLock works last night.  I had put two major postings and made many small revisions to one of my Wordpress blogs yesterday.
Later, when I went to look at the blog I got interrupted by Sitelock and had to enter a captcha.  Then it let me back in. Subsequent accesses did not throw the captcha.

Friday, July 01, 2016

Spam emails threaten companies with DDOS attacks; security companies say, don't open them

Media sources and security companies have been advising people that they could get emails threatening DDOS attacks and “requesting” ransom in the headers.  The emails come from a group that calls itself the “Armada Collective”, but the email senders may be spoofed.  Webroot says that group is no longer active, and that other criminals are spoofing them.  The wording of the emails can be quite brazen, rather suggesting that “might is right” and revolutionary in tone. 

The Verge has a story on the matter here

Email providers should mark these as spam, and users should not open the emails, but mark them as spam if they show up.  There could be a risk that clicking on any embedded link would lead to more ransomware (and most security packages would probably block).
AOL particularly seems to have trouble marking emails with certain sender spoofing as spam. 
People with landline digital voice may sometimes find extortion-style messages in their missed-call queues.  Some of them, besides threatening tax liens, may mention “federal investigations”, knowledge of home and movements, or make other threats.  Such messages, when captured by providers (like Comcast) should be sent to the FTC or FBI as appropriate.