Sunday, August 28, 2016

Hacking a home's smart appliances


Is it really a good idea to tie all your home appliances to a smart grid?

Webroot describes a proof-of-concept ransomware attack for a home thermostat here.

Where I would wonder about this is whether elaborate home security systems could be hacked, including devices to alert you by smart phone when anyone rings your doorbell or even appears at the door.  Of course, you can’t use these when driving or in a no-phones area.

In the worst scenarios, hacking could even start home fires.  Homeowners, especially those who live alone and travel for long periods, need to contemplate the safety of any devices inadvertently left on (including power strips or surge protectors).

Tuesday, August 23, 2016

DHL package service trademark misused in phishing email scam loading adware and spyware Trojan


Many users may get spam email purporting that the user has a package from DHL, and needs to enter a delivery address and other info.

Windows users can get infected with the Troy/Bredo-AGB Trojan Horse.  It seems to get passed by opening the attached zip file

Sophos has a story, here.

Spywareremoval has a “baby talk” removal guide here. The Trojam reportedly is hard to detect with some standard anti-virus packages.  It appears that it steals credit and bank card information for possible fraudulent charges or account drains later.

The operation almost certainly happens overseas (maybe Russia) otherswise DHL could have stopped it on trademark violations.  Countries like Russia don't have many legitimate jobs for teen and twenty-something male programmers.  This is part of Vladimir Putin's strategy to attack the West.

Monday, August 08, 2016

Tiny url link to "come-on" sensational news story leads to scareware; why don't Chrome and W10 block these on their own?


Today, I clicked on a Twitter tiny url about Steven Johnson's Syndrome (a catastrophic skin disease, rare, in some young children -- look it up in Wikipedia or on Mayo Clinic) leading to “Viralplanet”, which led to a series of frames for successive pages and pictures.

The site was not marked suspicious by Trend Micro, but generally sites that behave this way to serve more adware may be riskier.  Suddenly, I was sent to ‘njyde.com” and got one of these browser (Chrome) hacks that locks up the browser, sounds a beeper, and locks the machine and demands you call an 800 number to pay ransom.

I simply hit the power button in Windows 10 to bring up Windows 10.  Chrome came up clean.  I ran the quick scan, and then the full scan (about 30 minutes) on Trend, and both came up clean.   So this does not seem to load an executable, or constitute real “ransomware”.



This seems like a very transparent hack, that not many people would fall for.  It seems it is done out of desperation, from countries with bad economies and few jobs for programmers (Russia).

Security companies should investigate “njyde”, which may be a deliberate misspelling of a legitimate site.
 
But why can’t Google Chrome and Windows 10 just block this behavior?  Why is opening a web page “dangerous”?  Chrome's pop-up blocker blocks too much.  Why is it hard for them to intercept malicious javascript?

Thursday, August 04, 2016

Flaw could enable crooks to bypass debit card chips


New credit and debit card chips could be defeated by malware that causes the reader to believe the card has only the conventional old magnetic strip and not the chip. CNN has a report here.

Others say that back end retail systems would still reject any such transactions.
 
Most retail establishments now seem to have the new readers, which had been common in Europe previously.

Wednesday, August 03, 2016

New hack of https reported: are financial consumers safe (as per "Marathon Man"?)


Dan Goodin of Ars Technica has a disturbing article about a new way to intercept https secure transactions with no need for a “man in the middle”.  The link for the story is here.
 
The attack involves some intricate programming methods called HEIST, BREACH and CRIME.

A very determined hacker could seem to be able to raid almost any bank account.  Users should regularly monitor all their accounts during normal business hours and be prepared to contact their institutions quickly.


 
A good question is how this could affect the “https everywhere” debate.