Thursday, October 27, 2016

Fed Ex spoofed in a phishing scam; other reputable sites have malvertising issues; Windows 10 update today causes a temporary crash in Trend Micro

Tonight, for the second time in two weeks, I got a phishing email on a failed delivery of a FedEx package.  The other one had come when I was expecting a package.  The giveaway is that it had a zip file attachment.

It's a good idea if you have a UPS store address to have it email or text you when it receives a package, so you know what is legitimate.

DHL has had similar issues.

Tonight, when going to a non-existent blog posting on a reputable site (tech republic) an ad (for a "for-profit university" was served, as well as a bizarre xyz domain registration page.  The trace showed loading of an ad service platform tnctrx (located in Loudoun County VA).  No harm was done, but the site seems to have a little "malvertising" resulting in adware that went bad when loading.  Trend Micro did not find any problems (processes or files) or flag anything.

Also, today, a Trend component coreServiceShell.exe was found to have crashed after finishing a routine full scan successfully (windows 10).  Trend worked normally upon restart of Windows 10, which had just done a scheduled update cycle today.  

Wednesday, October 26, 2016

How should home router owners protect themselves from potential downstream liability issues?

Parents, or people who take on roommates or housemates, or rent out rooms in a home, or who even may offer more radical services like housing asylum seekers, might be concerned about the possibility that others could misuse their routers for illegal purposes.  These could result, for example, in getting warnings from an ISP about copyright infringement or, in more extreme cases, child pornography, which can be detected automatically by places like NCMEC.

Most abuses, if they happen, are likely to have occurred through P2P file sharing or services like BitTorrent.

Can property owners protect themselves by monitoring router traffic?

This sounds like a topic about which there is mixed advice around.

ISP’s like Xfinity certainly have a record of all the IP addresses accessed by your router, but they don’t appear that easy to get at, at least according to this article.

Xfinity now sends combined router-modem units that take about an hour to set up.  The process does work if you follow the directions exactly.  You should wind up with a strong password (which you should save off line even in hardcopy) and WPA2 security standards.  This is supposed to be OK.

You can implement a modern anti-virus package that screens websites.  Right now, Kaspersky and Trend seem to be the strictest in protecting users from drive-by sites.  But “the best” changes every year, with every visit to Best Buy and Geek Squad.

One idea could be to install OpenDNS (and here).  But this does not appear to be possible at the router level if you have a combined unit. However it can be installed on individual computers, and may offer  more protection against illegal activity than standard anti virus.

OpenDNS at the router level, if possible, could protect the homeowner from incidents where someone outside the home somehow hacks into the router.  This may be more of an issue in apartments and condos (as has resulted in arrests of renters in Florida and New York State on at least two rare occasions).  In detached homes, good home security goes along with cybersecurity:  enforcing parking regulations, for example, in the neighborhood.

The downstream legal liability that a router owner could have for misuse, especially if the router owner was careless about security settings or did not install the router properly, is still a troubling and uncertain area.

This is a rapidly evolving topic.

Update: Jan.14, 2017

Further checks show that it can be done at the router level, but not all routers supplied by cable companies allow it.  It's possible to "piggyback", and it may be possible in a guest account.  I'm looking further.  The same concerns will exist for disabling P2P.

Friday, October 21, 2016

Major DDos attack against DYNDNS leads to outages for many US users; many telecommunications companies had workaround

A Major DDoS attack against a company(s) “DynDNS”  (or maybe Dynatrace -- I've seen both companies named, not sure if this is different)  that provides DNS routing disrupted Internet connections for many Internet users in the US, especially the northeast, early Friday.  Curiously, the company(s) does (do) not seem to have a press release for the incident yet.

Major platforms such as Twitter, Reddit, and Amazon were affected for some users.  But I experienced no issues starting at 9:30 AM EDT today and watched a movie on Amazon Prime.  I found out about the outage at first from Facebook user “Survival Mom”.  I did experience a 5-minute DNS holdup on my Bluehost Wordpress domains this evening that could conceivably be related, but the outage was very short.

There have been at least three attacks today, that DYN and some other companies (like Amazon especially) have spent the day repelling. 

Some users did not experience difficulties because their telecommunications providers (Xfinity and Verizon in my case – I tried both) use other services, or because their own computers cache the DNS information (which I believe Windows 10 and later Mac OS’s do). 

The DDOS came from botnets of “Internet of things” devices with malware called Mirai.  Well secured PC’s (Windows, Mac’s) with modern anti-virus protection would not have been vulnerable to becoming compromised.  But separate webcams and digital recorders (which I have but which haven''t been connected recently) could have been infected. 

Wired has one of the best stories, by Lili Hay Newman, "What We Know".
There are some claims on Twitter that Wikileaks engineered the attack in conjunction with the treatment of Julian Assange.  But it sounds plausible that it came from Russia or North Korea.  

Update:  Oct. 25

Dyn has a statement on the attack here

Monday, October 10, 2016

Windows 10 suddenly installs unrequested game, causing Chrome to blot out Windows icons and requiring power reset

While I was on a PBS site in Google Chrome, Windows somehow loaded bloatware “Candy Crusg Doda Mash” (which Trend marks green), and the Google Chrome screen filled up completely, making the normal windows taskbars inaccessible, and forcing hitting of the power button to get it back.

A Trend quickscan did not show any problems after full restart.