Saturday, March 28, 2015

Does a Webroot detection always add to the threat quarantine list?


Last night I left on a Dell XPS Windows 7 laptop, and early this morning I found it locked with a red mark over the Webroot Securet Anywhere notification icon.  I ran the scan (22 minutes) and it found no infection, so it must have cleared it.

  
But it did not identify any new items to quarantine (three were there) that weren’t already in its list (as explained here ).  That is, it did not find a new threat to add to the list.
  
Comcast XFinity hiccoughed over the night, and the router also had to be restarted.  I wonder if somehow Webroot interpreted that as a threat.  Is there such a thing as a DOS attack on a home router?  

Wednesday, March 25, 2015

Twitter will filter feeds for iOS users


Twitter is rolling out a “quality filter” to “verified” iOS smartphone and tablet (Apple) users, which may mean that some followers won’t see some tweets, even those that are legitimate.  Tech Crunch as a story here.  

As reported, threats and harassment (and misuse by overseas enemies) has become a real headache for Twitter. 

In practice, it’s hard to look at all the tweets more than an hour or so old unless you look all the time, because there is so much “quasi-spam”.  So I often look at the specific feeds of various parties directly, even some that I don’t “follow”.  I’m more interested in individuals than companies or organizations. 

Monday, March 23, 2015

Some Macro-infecting malware is set to "run on close" and escape sandboxes


Malware writers of viruses that execute in Office macro code have tried a new technique, waiting for the Office document to close (that is, listening for a close event), before executing, as a way to evade anti-virus software or more savvy users.  Security Week discusses this point with respect to “Dridex”, and especially Trojans implicated with attacks on bank accounts, article here

Webroot tweeted the story Monday morning.

Proofpoint has a story on "Run on close macros" and how they interact with "sandboxes" (like those on Judge Judy). 
   
But anti-malware software can be adjusted to listen for this kind of activity.  But a scheduled scan, common on many PC’s, might not detect it while running.  
  
It was also unclear if the malware is disabled when the computer is restarted, and if it limited to Windows environments.  

Thursday, March 19, 2015

Beware of "free WiFi" hotspots set up to steal personal information


NBC News tonight reported about the dangers of “Free WiFi” connections offered at various locations in many cities, especially NYC, by criminals to steal personal information.


It looks like another story, related on the Network Neutrality blog March 8, about “getting by on free wifi” would be related.
  
WiFi spots set up by restaurants, hotels and retailers are safer than the rogue connections.  In an experiment, a man set up about 300 spots in NYC and got thousands of takers.  

Wednesday, March 11, 2015

Apple fixes security flaw in iPhone IOS that could allow eavesdropping


Apple has fixed a supposed “freak” security flaw in IOS 8.2 update, which also added an update for Apple Watch 
  
I just applied it to my iPhone with no issues, taking about 7 minutes.
  
The flaw would allow the interception of encrypted communications by an attacker.  The flaw might not matter to a majority of users.  The link for ZDNET’s report on the fix is here.
  
Microsoft released 31 updates to Windows 8.1 today, including more security patches and probably some more firmware interface fixes.  But the updates took only a little longer than usual.
  

People who travel for work or who must stay well wired when on the road should make it a habit to update all devices as soon as possible, well before leaving for the airport, given TSA tightening of screening. We’re still wondering if bans on electronics in cabins could happen, especially overseas, and if some scheme to send devices safely and separately needs to be developed.  Right now, it would be just UPS and FedEx.   

Tuesday, March 10, 2015

Is cloud security now more reliable than in-house security? (home, office)


Monday Webroot tweeted a story by Ben Rossi in Information Age on the debate as to whether cloud security is better than in-house security.
  
That debate bifurcates.  Home computer security products are moving toward cloud protection (like Webroot Secure Anywhere) presuming an always-on quality (often wireless) Internet connection.  The days of having to update data signature files (very time consuming) may be over.  Remember how long this used to take with McAfee and Kaspersky, in older versions? 
  
  

The other trend is for companies to outsource their security, to Cloud services with large vendors. 
   
This goes along with the fact that very large IT companies (Facebook, Google, Apple and the like) are better at security than most retailers, law firms, manufacturers, and the like, can be at managing their own.  Banks and insurance companies are in the middle, but even they have had some problems (look at Anthem).  Large IT companies also seem better at security than a lot of web hosting companies.  

Sunday, March 08, 2015

As law enforcement becomes more careful tracing home routers, it find actual threats are harder to trace


There is some indication that police departments now generally realize that home routers can be hijacked, and are more careful about jumping to conclusions, as in cases where child pornography is detected by automated monitoring, despite a particular case regarding a “house sitter” in Indiana (see my COPA blog, Feb. 14, 2015).
  
This issue is discussed on a site called “Cracked Writers” (link), as police are finding that tracking IP addresses isn’t a reliable way to determine the source of Internet threats (or of recruiting efforts, as in the post March 6).    
  
That discussion comes up in conjunction with death threats or cyber staking, which (the article says) is very difficult for social media companies to police and stop, in practice. 
  
Of course, threatening emails are likely to be marked as spam and not be read, or recognized as suspect (that is, containing malware) by a human reading an inbox and therefore never be opened.  Messages on Facebook or Twitter may be more difficult to spot in advance than email.  Another possibility is actual hacking.  I’ve never received as a message on line (although I have been “flamed” and did get some angry emails in earlier days’ a file was hacked in 2002 with Russian jibberish); I did get such a land phone call in Dallas in 1987, probably because of publicity associated with me and AIDS activism at the time.  Again, this would be harder by phone today because of call screening software on both land and smart phones.  

Friday, March 06, 2015

P2P BitTorrent client installs unwanted Bitcoin miner; possible vulnerability in Mac OS Gatekeeper reported


Ernesto, on Webroot’s threat blog, reports that the popular P2P BitTorrent client uTorrent silently installs bloatware, specifically a bitcoin miner, called the “Epic Scale” tool.  I heard about this today on Twitter, from users in the music community, so they name of the tool threw me at first.  It has nothing to do with music composition software.  The Webroot story is here
 
The bloatware is said to be very hard to remove (demonstration here ). 

There is also an important article today being tweeted about Mac OS security.  It talks about OS Gatekeeper in OS Lion, and it is possible that Apple could have fixed the vulnerability with Yosemite, or will do so soon with an update.  I am not sure I understand the entire problem right now, as the local Apple store says not to worry.  But I will have to look at this story in more detail.  I’ll come back to it soon.  The link in Mac Observer to the story by Jeff Braun is here.  Maybe CERT in Pittsburgh will have a story on this one soon. 

Thursday, March 05, 2015

Prosecutions for aiding enemy shows dangers of being "recruited" on Internet


The arrest of a 17 year old boy in Woodbridge, VA yesterday illustrates a new danger on the Internet, not necessarily limited to minors: unwittingly becoming involved in supporting overseas terrorism, and being arrested for it.  Matt Zapotosky has the story in the Metro section of the Washington Post today, here.
  
The teen has been “hired” to write for a website covering digital currencies (presumably bitcoin),  But somehow he was persuaded to help another man (an adult, but barely) travel to Syria to fight for ISIL.

FBI and police said that stumbling into recruiting schemes online in social media, unbeknownst to parents, as an unprecedented risk online, and could trap people who think they are "well-meaning". 
      
The teen, whose name hasn’t been released, was said to be a good student in AP classes.  It was not disclosed if he had been raised Muslim.  Prosecutors are trying to charge him as an adult.