Tuesday, October 30, 2012

Reader posts a comprehensive resource for internet safety


A reader provided me with this resource on Internet safety, called “Internet Safety Tips: A  Comprehensive Resource”, link here

I’ll underline a few of the tips.  One is to log off sites before shutting off a computer. That’s especially true with public computers.  Another is to delete cookies before getting of public computers.  I don’t have much occasion to use them now, but there is a case for saying that hotels could really help travelers by providing much more “business center” capacity with much better security.  That’s particularly relevant if people go to hotels to stay connected after residential power losses due to storms like Sandy.

Another tip has to do with using the best encryption for a home wireless router.  We could see more cases in the future where the idea of legal liability for misuse by wardrivers is explored.

There are good tips about online reputation, which I’ve discussed extensively on my main (“BillBoushka”) blog.   One important tip is not to forward private emails.  On the other hand, Twitter encourages retweeting of posts, so on Twitter (as everywhere else) think about what you post and make sure you want the world to see it.  Don’t be overly confident about privacy settings or “concentric rings”.

Picture: look at what a customer found at a well-known restaurant recently in Arlington. 

Thursday, October 18, 2012

Malware could impact implanted medical devices


Today, Webroot tweeted a story of a “proof of concept” experiment  (from Australia) where a hacker could manipulate a heart pacemaker and electrocute someone, link here. 

This has happened in the movies before (I think it happens in one of the Bond 007 films), but I’ve never heard of murder being committed this way before in real life.

Apparently the medical device can receive a wireless signal that an attacker could generate.

Does this possibility explain why many hospitals say they don't allow cell phones or wireless devices in patient rooms?  Is there really a risk of hacking through them?
This could raise airline security questions, too.

Although my own mother died at 97 of congestive heart failure in late 2010, the idea of a pacemaker never came up.

Also, today, the Wall Street Journal is reporting on increased DOS attacks on US Banks from Iranian hackers, p. A11, link here

Friday, October 12, 2012

Shamoon virus outbreak in middle East prompts warnings to companies from Panetta; could it spread to home users?


A large number of computers in Saudi Arabia owned by Aramco, and in Qatar owned by Ras Gas, have been infected and rendered “inoperable” by a virus called Shamoon, as in this story Sept. 25 Summer Said of Dow Jones in the Gulf Times,  link.  

Leon Panetta has warned that similar attacks could compromise railroads or power companies in the US, as in this story on P A5 of the Oct. 12 Washington Post, link here

It still is hard to believe that components of critical infrastructure would be accessible through the public Internet.  Some infections might have been introduced by flash drives.

Panetta has called Shamoon the most destructive virus yet for the private sector, Reuters story here

It’s not immediately apparent whether it could impact ordinary users, or how a home user could encounter it.   It appears capable of acting as spyware and of destroying data, both. 

But Kaspersky’s Dmitri Tarakanov has a detailed technical discussion on how Shamoon works, here

So it’s fair to say that data signature files from major vendors (including Kaspersky) have been updated for this threat, and that Cloud-based services (Webroot Secure Anywhere) would recognize it. 

The virus is reported to have major bugs and appears to have come from a hactivist group rather than a state.  One of its payloads is a small piece of an image of flag-burning.  There is some mention of the idea that this virus or a similar one can affect both Windows and Unix based systems. 

There is some similarity between Shamoon and Wiper, which shut down some businesses in Iran last spring.
Effective cyberwarfare against the US and the west (not including the use of crude DOS attacks) assumes access to critical infrastructure from the public Internet in most cases, and this should be relatively easy to stop.  Much more grave threats could come from EMP weapons, which can be small and non-nuclear and can affect significant areas even from the ground.  The US Army has and uses these weapons in Afghanistan (and used them in Iraq) now, so conceivably they could fall into the wrong hands or be crudely duplicated.  

The New York Times is also reporting on Panetta's remarks big time Friday morning.

Thursday, October 11, 2012

EFF offers tips for travelers, particularly when crossing borders


Electronic Frontier Foundation has a detailed white paper, dated Dec. 2011,  on safety for your digital life (Internet accounts and physical data on your computers, both work and personal) when you travel, particularly across the border, link here

In some cases, international travelers could face delay, compromise of their data (if it is sensitive) or even damage if there are customs inspections of data as they cross borders.

EFF recommends that travelers consider carrying no data and retrieve data from the Cloud, if going to a country and location with good service.

The practical risk of misuse of much personal data, however, is often low, and many travelers may prefer to have backup copies of important files on their travel machines.

Users might consider using two-step verification and changing passwords on machines they will take with them.  But that strategy could backfire if a customs agent keeps the machine for a while.  I actually like the idea of handwritten sheets with critical information, as long as the traveler is very careful about what’s on his person.

I personally have not encountered any TSA-related problems yet with travel.  I have carried an iPad and small conventional laptop in a TSA-approved bag, along with accessories in a carry-on, without incident. 

Monday, October 08, 2012

Pete Townshend's story illustrates the risks of false accusations of c.p.


Pete Townshend appeared on ABC “The View” today (Oct. 8, 2012) and recounted his being accused of trying to access child pornography in Britain in 1999, and winding up on an offender’s registry for five years.

A posting on the UK Daily Mail by Peter Sears tells his story, here

Apparently, he paid seven pounds by credit card in 1999 to access a site with a conspicuous link to c.p.

The police also raided his home in 2003 after getting information from US authorities (customs or FBI) based on records of a site in the US hosting c.p.

But he says he never intentionally viewed any illegal content.

Townshed has an autobiography explaining the incident, “Who I Am, A Memoir” just published by Harper.
The incident shows how accusations of this crime can occur.  There has been concern that they can come about with virus infection. 

Friday, October 05, 2012

"MitB" malware can "missprocess" payments in real time


A news story by Kyle Wagner on Gizmodo reports that a new kind of malware can steal or modify payment info from an Internet browser in “real time”.  The item is called “Man in the Browser”, or “MitB” (not “Mitt’), which apparently got more sophisticated recently.   In the past, it had acted like a typical keylogger.  But now it can really process payments in real time to a fake institution.

The link for the story is here.

The story would tend to imply that it’s important to see the “verification” image when you log on to a bank’s browser so you know that you really reached the bank’s true site.   Always log in directly with the URL yourself, not from a link.

The article (and particularly the comments) recommends some new encryption products.  

Thursday, October 04, 2012

FTC fines person over $100 million for selling fake anti-virus software


The FTC is getting aggressive – not just against telemarketers, endorsers, and collectors of minors’ information (other blogs).  Information Week reports that a woman has been assessed a $163 million civil judgment for her participation in running a “scareware” ring (in six countries) that duped consumers into purchasing fake antivirus software, sometimes apparently by locking their computers until they paid ransoms. 

About five years ago, it was common to find sites that, if linked from a Windows XP system (before I had Vista and W7) would bring up a Microsoft application box (like what is generated typically by .NET) telling you your machine was infected  and encourage you to navigate to the fake virus software link. In my experience, you could close the box and “nothing would happen”.  Eventually the machine that this happened on became unbootable, but that could have been because of hard drive aging. 

Comments advertising these products with links were often spammed onto blogs, until Blogger and Wordpress began filtering them out, and in the meantime I (as did many other bloggers) implemented mandatory comment moderation.  

The Information Link story by Matthew J. Schwartz (tweeted today by Webroot) is here

Schwartz links there to another one of his valuable articles, about Malnets.  My own major ISP, Verio, at least used not to offer java on shared hosting because of what it said were security problems with server-side processing (it offered “only” php as a language).  I had another small site on another ISP which offered "java starter", for about four years, from 2002-2006, when it suddenly tanked on support.  I’ll tell that story later, because it’s important.  

Tuesday, October 02, 2012

Internet security companies discuss the "stolen accounts" business


Webroot is reporting (on its “Threat Blog”) on the increase in “do-it-yourself” (“DIY”) techniques that seem to encourage novice cybercriminals to try to enter the world of trafficking stolen Internet accounts (email, FTP, rootkits, shells).  There seems to be a “multi-level marketing” scheme which draws in novice cybercriminals, who are often deserted (as in legitimate MLM’s, the guy at the top makes most of the money and can often run). 

The latest post by Dancho Danchev is “A look inside a boutique cybercrime –friendly E shop”, in four parts, the last of which is here.  The link is here

Another party in the AMR (adaptive multi-rate audio) business writes about having hosting accounts “stolen” and then shut down, here on “Black Hat”, link

This seems to be related to the activity that Webroot is discussing in its Threat Blog.