Friday, October 23, 2015

On a Wordpress site, comment spam related to gaming "digital currency" gets past security controls


Last night, when I navigated to my (Wordpress) “Do Ask, Do Tell Notes” site  it seemed that I got redirected to “clashofclanshackjack.blogspot.com”.  It may actually have been a pop-up (I haven’t turned on the blocker yet) from passing my cursor over the most recent comment, on the left side of the page (which shows up on a computer but not on mobile)  

That comment had gotten past Akismet’s spam comment control, somehow, and been entered earlier that evening.  Apparently it had html code that would cause the Blogger posting to pop up.  (One of my “subsponsors” on doaskdotell.com did this one time, and I removed the auto-pop code html manually from the embed.)  

I marked the comment as spam on my control panel, and the behavior went away.  But I don’t know how it got there in the first place.  Had it gotten past the spam comment control, it would have generated a comment moderation email. 

The scheme seems to be aimed at getting as many clicks and links as possible (“link farming”) and seemed oddly connected to a gamer’s earning “gems”, a kind of digital currency (like bitcoin, or like Second Life Linden Dollar) by generating links.  

The actual game  is quite legitimate and Wikipedia describes the currency here  The actual game board is interesting, and even looks a bit like the fantasy world in my own screenplay (on a space station), except that the levels within any one station in my world are vertical.   But the blog posting that I saw pop up looked like a typical “spam blog” post with many run-one lines of repeated content and no paragraphs.  That has been a controversy on Blogger for years, particularly around 2008 (less of an issue these days).  In at least one case in 2008, clues to a major (still) unsolved crime were left in one of these blogs.  
    
I ran the usual Kaspersky checks and everything was clean. 

Wednesday, October 21, 2015

Kaspersky seems less likely to rate amateur sites for reputation; more on Wordpress and security



I have noticed, since starting to use Kaspersky on the HP Envy, that Kaspersky seems to have rated fewer sites for reputation than had Webroot of McAfee.  In particular, Kaspersky has rated about half of my Blogspot blogs as green, but not rated the others, and it doesn’t seem to have rated any of my Wordpress domains or my legacy sites.  Kaspersky may generally be paying less attention to rating “amateur” sites than some other security vendors.  But it does seem to rate Google’s hosted blogs fairly quickly. 
  
Most blogging consultants (like “Blogtyrant” Ramsay on Twitter) consider Wordpress to be superior to Blogger, and I would generally agree.  Wordpress is set up to be hosted by other companies with formal contracts with customer users, which tends to mean support is likely to be more forthcoming (and can be obtained by phone as well as help forums).  Under BllueHost, I have 4.3.1, and Bluehost normally updates automatically. 
  
However, Wordpress (especially older versions) is known to have some vulnerabilities, as listed here.  A quick Google search does show a few scattered reports a few years back of some Blogger vulnerabilities, too. And the same holds for Tumblr.  
   
One idea that could improve security would be to make it easier to update blog content (on any major service platforms) on modern mobile devices.  People who run broadcast content should be able to maintain the content and respond to problems at all times, which makes going off the grid difficult. 

Sunday, October 18, 2015

Bizarre abuse of shortened URL's on Twitter



I had a bizarre Twitter-life experience late Saturday night on an HP Envy (oh, why was I home?)  There was a tweet about the use of vintage subway cars on the IRT to the Mets game. It somehow mentioned the New York Daily News.  But when I clicked on a shortened URL link, I got redirected to a domain called “forexdollar-euro.com” or “shorte.st” with the description “Make short links and make the biggest money” with further links.  I could not get the proper Daily News story to appear. I was on Google Chrome.

I don’t think it takes much common sense to be suspicious of unsolicited ads having to do with currency exchange rates.

Twitter says it carefully monitors the short-link or tiny-url use on its site. It is hard to say whether there could have been a hack on Twitter or instead on the New York Daly News.
Something like this has happened with other adware on my cell phone when trying to look at the “At Bat” feature of a “game in progress” on mlb.com during the playoffs.  Adware comes up and won’t go away until closing Safari and then opening it again.

I restarted the machine, and ran a full Kaspersky scan (takes about 80 minutes) during overnight sleep.

The scan revealed one item of “adware” which I quarantined (I could not tell if it had come from this incident), and two unwanted programs or “bloatware” not considered malware but possible targets for hacking, which I also quarantined.

I sent tweets to both Kaspersky and Webroot and asked them to check with Twitter and NYDN about the incident.

There is a revealing story in the New York Times Sunday by Nicole Perlrouth, “Hackers prove they can ‘pwn’ the lives of those not hyperconnected”, here. There was an example of a simple use of phishing and Facebook.


Thursday, October 15, 2015

Does cyber warfare threaten average users?


Robert Samuelson has an op-ed in the Washington Post today, “The coming cyber-wars”, link here.    Samuelson questions whether in the end the Internet will turn out to have been a good thing, if we could lose our power grid and wind up living out the scenario of NBC’s “Revolution”.

Now I’ve written repeatedly that there is something wrong if our power grid even had a topological connection to an Internet that enemy hackers can reach. But another way to attack is to get employees to connect infected thumb drives to their networks, and enemies are turning special attention to spying on off-Internet networks.

Samuelson refers to a WSJ story by Damian Paletta, Danny Yadron and Jennifer Valentino-Devries, here.

But it would be more likely that “average users” could be affected if whole networks (whether power grids or financial, or even telecommunications or social media services) were attacked and went down.

Tuesday, October 13, 2015

CERT warns on new botnet aimed at attacking bank accounts


US Cert is warning users (alert TA15-286A) about Dridex P2P-Malware botnet, which is designed to steal financial site credentials and possibly drain bank accounts.
  
The link from CERT is here  and was broadcast by email Tuesday morning.
  
The title of the malware mentions P2P, but it appears that the virus is also spread through ordinary phishing attacks.  The malware can apparently also hijack a machine to send DDOS attacks.

 

Sunday, October 11, 2015

Obama won't interfere with Silcon Valley encryption to protect users; more false warnings from Kaspersky on non-encrypted web pages; warning that hackers sell fake ID's to minors



The New York Times, in a story by Nicole Perlroth and David E. Sanger, is reporting that the Obama administration has promised not to seek routine access to encrypted user data, at least without valid warrants, link here.  Doing so could expose all the major US tech companies to foreign hackers (especially state sponsored) and could endanger the security of some individual users in sensitive situations. 

In a bizarre twist, Kaspersky gave me a security certificate warning in Windows 10 for this New York Times story, when the NYTimes does not seem to have implemented https for all its content yet (at leas not for this story).

In another matter, Fox News in Washington DC this evening warned that foreign hackers had become involved in the printing of fake ID cards and driver’s licenses (to get around age limits, as for bars). 

Saturday, October 10, 2015

Kaspersky, in Windows 10, blocks Fandango

 
A strange little experience today.

Kaspersky, in a Windows 10 environment, wouldn’t let me use Fandango to buy movie tickets on a credit card, at least in guest mode.  It claimed a propensity for phishing and based its conclusion on “heuristic analysis”.

It allowed an override, but then the Fandango site came up in when appeared to be an unusable format.

Fortunately, the movie wasn’t close to selling out.  The theater (Angelika) said it would look into this.

Wednesday, October 07, 2015

Https now allowed by Blogger; Kaspersky gets quite strict on security certificates


A couple more issues that have come up with my conversion to Windows 10 and Kaspersky on one machine (HP Envy).

I’ve noticed that Google now offers "https" for Blogger, for blogs with the blogspot domain without (for right now) a custom domain name.  I have just enabled that for this blog, so you can key in https if you life.  I’ll look at this soon for my other blogs. Google’s page on the capability is here.  You have to enter the “https”;  it does not automatically convert for you.

I’ve noticed also that Kaspersky, in Window 10, warns the user every time she inserts a drive through USB to scan.  Also, it warns on the security certificates of many sites, even some of Google.

Another feature I’ve noticed with Windows 10:  on some sites, you cannot click on embedded pictures in webpages to enlarge them, you get disconnected from the site.  Same site it’s permissible

Update: Oct. 8

I've noticed that when some images are imported by Blogger in a Windows 10 environment, and then fixed manually in html with respect to height and width, they view OK in ordinary browsers but may not be viewable in blogs enabled by https.  Also, the images are not viewable on the Blogger panel which is already under https.  It appears that Windows 10 is encrypting some images that algorithms tell it contain text and conceivably some PII.

Monday, October 05, 2015

Vigilante hacker attacks over 10000 routers to give benevolent warnings


A vigilante “ethical hacker” has apparently been hacking unprotected WiFi routers and warning owners.  His blog is here.
  
The news story appeared in “The Hacker News” here.  The exploit is written in Perl.
  
Most of the affected routers seem to be used to control appliances, home security, and “the Internet of Things”.
    
Again, an security encryption standard below WPA2 is considered inadequate.

 

Thursday, October 01, 2015

With Windows 10, confusion over use of Webroot, and facts are in dispute right now


I did pick up my HP Envy with Windows 10 (replacing Windows 8.1) yesterday from Geek Squad.
I was told that Webroot has an issue with Windows 10, and that freezes have been reported.  So Geek Squad loaded Kaspersky.  I must admit that I found a "missed call" and voicemail on this matter on my iPhone (and was slow checking it), so GS went ahead and decided to use Kaspersky. 
   
I sent a Twitter message to Webroot, which denies that there is a problem, and says it is investigating the source of the “rumor”.  When I get more details from Webroot or GS, I’ll report the facts here as they come in.

I had used Kaspersky on an older Toshiba travel laptop purchased at the beginning of 2011.  It is much easier to use now, with fast automatic updating.  It appears to be load-based rather than cloud-based (but I could be missing something).
  
Kaspersky flashes warnings when I go to a website whose security certificate doesn’t check out.  One of these sites was accuweather (which I am monitoring because Hurricane Joaquin is menacing the East Coast in a few days). Kaspersky also enables “secure keyboard input” when entering passwords. 

Kaspersky also rates websites found on search engines.  It grays out more sites than does Webroot (saying it has no information on the site).  My "doaskdotell" is grayed out on Kaspersky but green on Webroot.
 
Kaspersky says I need to enable "data protection" (which I will investigate) when I log on to a bank site.  It also offers "safe browser mode" and "Safe Money", which I will look into.