Monday, February 24, 2014

Apple SSL/TLS bug not yet fixed from my own iPad, at least

Sunday I discussed the code related to the Apple SSL/TLS bug (in secure socket layer).

A typical source explain the security implications is on iMore, by Nick Arnett, link here. The bug is related to an extra stray line of code which an attacker could execute to get a false connection to your data at a financial institution, if you were working through the iPhone, iPad, or a Mac OS.

Media reports Monday indicated that the bug was only “partially” fixed with a release today. 
I tried the “” site (given by iMore) on my iPad, and did get a warning from the iPad that it was vulnerable.
The iPad did not prompt me to load a fix today.  The gotofail link did take me to another apple support link with more information, here.  
Curiously, if you to the “” as recommended by iMore in a windows environment with Webroot Secure Anywhere turned on, Webroot blocks it as potentially malicious!
There is a video which shows how to fix the bug without an upgrade. 

I don't know whether this works or not. 

Update: Feb 27

On Feb. 26, my iPad did indeed offer an update:

And then this:

Monday, February 17, 2014

Backchat and Snapchat: for security, they cut both ways

The Washington Post on Monday has an article by Cecilia Kang on the growth of apps that allow anonymous transmission of images, text, or both, that then disappears.  The link is here

I don't use these sites, because I don't communicate anonymously, and I don't have any use for content that won't be saved.  If you want to have a conversation, have a real one. 
One new example is “Backchat” in the Google store here. (Note that “” is just a parked domain for link revenue, not the right site.)  Of course, everybody has been talking about Snapchat. Some observers feel that these sites will make it even harder to control cyberbullying, and making taunts, whose audit trail disappears. 
Others feel that it improves safety, because the messages and images do disappear in a short time, making them invisible to employers or schools.  Perhaps keeping them away from police and the NSA won’t be as simple.  The government could object that it makes it easier for terrorists to hide instructions for attacks (much as with earlier fears about steganography right after 9/11). 

Sunday, February 16, 2014

Kickstarter crowdfuning site hacked; no financial data compromised but other PII possibly taken

The crowdfunding website Kickstarter was hacked recently, compromising the PII of contributors (like names and addresses) but no credit card information.  However, a hostile party could be more interested in knowing who had funded politically or socially sensitive media projects.  Imagine something like this in Russia or in some hostile circumstances. 
Reuters has a news story here
Kickstarter offers information about projects by geographic locality (which it senses when you go to the website), and has a “Projects We Love” page here
Although Kickstarter probably would not work as a way to fund the most eclectic of my own screenplays (into becoming films), it could be very useful for a couple of incomplete projects (more potentially popular) of others in my own cultural circle.  That could be good for me indirectly. 

Tuesday, February 11, 2014

Stories about Careto, the most sophisticated malware in the world, from Russia with Love; more on Target; Is Linux safer?

The Minneapolis Star Tribune has a detailed story, Jan. 30, explaining how cybercriminals store vendor credentials to get into a “backdoor” of Target’s point-of-sale software.  The story by Jennifer Bjrohus is here. I remember the Target building, just west of Minneapolis, on I-94, as I recall.  I had an interview there in 2003. 

That’s one thing.  It’s obvious that retailers are going to have to go to a new generation of security, with 2-step verification and piped encryption, and this may become less convenient for users online.  And there’s bound to be litigation over money lost from debit cards. 
This sort of widespread criminal activity seems to have implicit state support – probably Russia, which sees crime by its tech-savvy young adults as a way to get around economic problems.  But it really seems more targeted at the really big guys (mainly retailers and banks) than ordinary people.

Tim Lee has a piece on the Washington Post Switch Blog about malware called Careto, said to be the most sophisticated ever, but still based on “spear-phishing”, link here
 Lee’s report suggests that it was created with the help of a state, and that leaves three or four major countries (probably not even Syria).
Kaspersky Labs has a detailed report  on Careto (“Unveiling Careo, the Masked APT”), and it isn’t too much of a stretch to say that this development doesn’t help Putin cover his tracks by looking pretty in Sochi.
Lee and Fung have separate stories about the malware on the Switch Blog.  It is said to be able to attack almost any operating system, including Linux and Android.

Here’s one other piece I found, “Why Linux is better than Windows”
Well, that’s because it’s simpler.  (It's really behind Mac operating systems.)  Maybe that would be true for personal PC’s, as generally Mac’s and Linux machines are less vulnerable.  For shared hosted services are a different story; operating system complexity  (Windows hosting is more "complex" than Unix hosting) may turn out to be an advantage.      

Saturday, February 08, 2014

Windows 8 Action Center reports two copies of Webroot Secure Anywhere-- Is this a problem?

Following up on the Jan. 21 report of the McAfee "free" scan (offered by Adobe) showing duplicate anti-virus products, I notice, by looking in the Security section of the Windows 8 Action Center, that Microsoft reports two copies of Webroot Secure Anywhere installed.  I don't know if that is a problem or not. The Webroot Secure Anywhere box comes up and says everything is running normally, and that Firewall is on.

Action Center reports that Windows Firewall is running.  Webroot reports that its own firewall is running.  It does appear that the Windows Firewall does operate, for it interrupts whenever a new program tries to install something, in a normal way.

Action Center also reports that Windows Defender is available but turned off.  The malicious software tool gets updated automatically (and that particular update tends to take a long time to install).

I don't know if the two instances of Webroot in the Security listing in the Action Center is a problem.

Action Center update stops when the computer is in use.  Sometimes it warns me that "Action Maintenance was delayed".  Usually this warning eventually goes away, particularly if the computer is left idle for more than 15 minutes so it can finish something.  It seems to want to do defragging, which may not be necessary. 

Wednesday, February 05, 2014

Kaspersky labs and its tale on why Russia has become our cyber-enemy -- and watch out in Sochi

NBC News has offered a good perspective on why so much malware comes from Russia, and why so much of it is directed at exploiting retail point-of-sale and bank accounts. The story by Ben Kessler is here.

Russian companies don't pay computer engineers enough, so they turn to crime and the black market to make a living.  And Putin;s government prosecutes only when Russian domestic infrastructure is harmed.

And the problem is only exacerbated by the problems in US-Russian relations, over Edward Snowden, and now over the cultural implications over western and especially American progress in gay rights, which the Russians see as undermining their own birth rate more than ours or that of other western countries.

Russia, like China, is still essentially an authoritarian state with a group mind-set in public life.

NBC News also said that visitors to Sochi (or anywhere in Russia) will ordinary find their cell phones and computers hacked (at least keylogged) quickly when the go online.  The problem is that the same thing perhaps could happen here.

Kaspersky Labs has roots in Russia, and some of the company's infrastructure is in Moscow.

Tuesday, February 04, 2014

Cell phone scam connects user to "for pay" adult site without permission; also, note modem hijacking

NBC News is reporting a new phone scam.  A robocaller dials a cell phone and rings once, producing a missed call.  If the recipient dials back, he or she gets connected to an adult entertainment site overseas and winds up getting billed up to $19.95 for the connection.
The calls so far seem to come from area codes 268, 809, 876, 294 and 473. 
The Better Business Bureau suggests checking for these area codes or looking up the number on “Who Called Us”, link here

The story by Juliane Pepitone at NBC us here
The practice would seem to run the risk of being used to disseminate child pornography. 

Verizon warns about a scam that sounds similar, called modem hijacking, link