Saturday, May 28, 2016

Linked-in pw security breach; Microsoft account scam

Various sources report that Linked-In passwords were compromised by a security breach in 2012 which has affected many more users than first reported.  CNET has a detailed story from May 26 here. All passwords that have not been reset recently should be changed, and CNET recommends 2-step verification.

Furthermore, users should be concerned if they used this password on other sites, and consider changing them on those sites, too.

There is a telephone and phishing scam where the caller claims that your Microsoft account is disabled (it's not) and unbelievably leaves an 800 call back number.  These programmers in Russia are pretty desperate for $$ because of Putin's pro-natalist economy. 

Tuesday, May 24, 2016

Wordpress releases Securi report on website hacks

Wordpress has released a third-party security report by Securi on website infections, which has the disturbing conclusion that Wordpress was the most commonly hacked platform.  The company studied 8900 such attacks.  Most attacks seem to be related to plugin vulnerabilities and inadequate security maintenance by webmasters (many who self-host) or hosting companies.  The symptoms and vulnerabilities seem to vary widely.

Most of the attacks seem to be somewhat automated, probably motivated more my money than politics.

I am looking more into the question of expanding https and expanding services like SiteLock (which I already have).  The best practices for sites hosted by large companies still seem obscure, and I’ll look into this further.  The “https everywhere” issue is evolving quickly. EFF offers a browser plug-in to simulate it now. I’m still waiting to see more material by blogging gurus (like “Blogtyrant”) on security topics.

Thursday, May 19, 2016

Hospital medical equipment (as well as medical records) is vulnerable to malware from hackers

Kaspersky has a recent and detailed blog post on vulnerabilities that many medical devices that deliver treatment to patients (including chemotherapy and radiation, as well as vital electrolytes) can be hacked.
As with the power grid, there is a question as to why the devices would be accessible through the public Internet (a subject of Ted Koppel’s book “Lights Out”), but they could be hacked from the other side of the world.

And we’re talking about actual treatment devices, not “just” the medical records that have already been lost to ransomware at several hospitals.

A security business owner was interviewed by WJLA-7 in Washington. He inspects hospital devices for DHS, and finds serious vulnerabilities in most of them.  He opens them up and examines the firmware.  (Story aired tonight, not yet online).

Thursday, May 12, 2016

Microsoft's Malicious Software tool may be annoying slow to install, but seems important to security strategy

Last night, on a Toshiba Satellite recently converted to Windows 10 (from 8.1), it took over an hour for a “malicious software tool” to be installed, before the other operating system security updates installed, those taking a few minutes.  Closing all apps and windows seemed to help it finish.  It would help if Microsoft would provide a progress bar on this specific “install” because it takes so long.

But now Microsoft pops up an explanation that the tool will scan for computer for specific malware (probably including ransomware) with its own engine.  This may be what takes so much time (as an ordinary third party scan from Webroot, Trend or Kaspersky takes over an hour).  It says this does not replace the need for a third party product, but does give a second opinion.  So an extra malware scan does seem to come with periodic automatic updates (which happen usually the second and fourth Tuesdays of the month).

In the Mac environment, the need is not so clear, to supplement XProtect. 

Wednesday, May 04, 2016

Webroot describes the "service industry" behind malware, and the disturbing facts about people "employed" by writing it (blame Putin)

The Webroot threat blog discusses the concept of “Malware as a service: as easy as it gets” with a March 31 posting by Marcus Moreno, Webroot Threat Analyst .
What’s disturbing is the way rather talented people look at it as a way to make a living.  This may sound comparable to making a living growing marijuana, in the day before some states gradually started legalizing it.  But malware harms people (I’ll leave aside the debate on marijuana, alcohol, tobacco) and businesses (small ones especially).

Much of the activity by “elite” programmers probably occurs largely in non-democratic countries, especially Russia and China (and former Soviet republics), simply because of poorly managed economies and poor legitimate job markets.  In fact, Vladimir Putin seems to look at exporting malware as a way to humble western consumers and businesses. Having just written this, I do have to ponder how one of the leading security vendors (Kaspersky Labs) comes from Russia.
But some activity occurs in the west because legitimate employment is not
 as stable as it used to be, except for the most talented.