Wednesday, October 16, 2019

Webhosts offer advice on Wordpress security scans

Bluehost has an advisory article for its customers, dated Oct 1, encouraging website hosts to run WordPress security scans at least monthly, as well as their own backups. 

There are some plugins that do this (if you look), but I prefer to use a third party service, like Sitelock, which does very specialized scans for malware as well as smart scans, and application vulnerabilities (the “1=1” problem which usually gets fixed by reloading a new upgrade of Wordpress).

Saturday, October 05, 2019

Iran attacks US presidential candidates, officials; may spill over to average citizens; watch for email and sms phishing

A group in Iran called Phosphorus has targeted at least one Democratic presidential campaign as well as former US officials, Engadget reports, here. The method of attack was phishing by email and SMS.

I recently got another SMS phish pretending to be Wells Fargo.

I am seeing more phishing attacks, some of which AOL doesn’t catch as spam, claiming I have committed terms of service violations.  Be careful with these.  They are likely foreign. 

Seven years ago Iranian hackers locked some US users out of their bank accounts.

Tuesday, September 24, 2019

Fake Airline boarding pass scam (to go to an Antifa demonstration?) when you didn't order tickets

Today I found a fake boarding pass PDF and fake survey for a trip between Kansas City MO and Portland OR Sept 18-19 which I did not make or order.

These appeared in Gmail and I’m surprised Google didn’t catch this. Obviously these were attempts to send malware.

Mouseovers of the sender showed fake websites as senders.

No unauthorized charges had shown up in my credit cards.

Was I supposed to be an Antifa sympathizer? 

The Daily Scam has a link.

Friday, September 20, 2019

What happens when massive software updates are rolled out when you have to travel with your devices? iOS 13?

I’m getting advice that you should wait until Tuesday to install IOS 13 on your phone – when it will be IOS 13.1. 

I also don’t know why they advised everyone to back up their phones first – I think mine is done automatically, just photos and videos.  No real stuff on the phone. 

But this doesn’t help – if you plan travel and need to depend on your phone to get to the airport, for example

Thursday, September 12, 2019

Controversial article gets blocked when an ad tries to load by Trend Micro

I received a request to consider a paper on the vaccination controversy for publication on one of my Wordpress blogs.'

I found that the article had been published on a few other places, and one of them (“wnd”), marked green (OK) by Trend Micro, the site loaded a driver that Trend Micro blocked. It was called “agensloaddiffs at xyz” with a search argument. 
I don’t know if the article could have been targeted because of its content, but I haven’t seen this before.  Trend’s own reputation checker says it has not reviewed that site.  Maybe it just loads ads.
I still get very transparent phishing by email, such as a complaint that I blocked a date on Whatsapp and I don’t even use it, and claims that my AOL account is deleted, and also claims that my Netflix is deleted.

Sunday, September 08, 2019

iPhone fake virus warnings hit again

Today, in a hotel bar, I was on my iPhone, tried to go to abcnews and I  got a popup warning me that my iPhone was infected with eight viruses.  Several people at the event got the same warning. 
A site called iPhoneLife says these are common.  You should put the iPhone in airplane mode, go to Safari settings, remove the history, turn off airplane mode.  Don’t touch the message. 
If you did get infected, I wonder if a virus could pick up your Google password even if you aren’t signed in to Google but allow YouTube to be synced automatically.

Sunday, September 01, 2019

iPhone security flaws triggered by certain infected websites revealed by Google

Google reported recently that iPhone’s still have security flaws that allow hackers to steal information from users merely by visiting certain websites.
Alfred Ng and Sean Keane report in CNet Aug. 30, link.

This differs from other hacks that are more likely to be threats to Windows systems.
This could be another reason Apple should try to take more manufacturing out of China.

Thursday, August 22, 2019

Over 20 localities in Texas hit by ransomware simultaneously

Kevin Collier of CNN reports that 22 local governments in Texas were hit by a coordinated ransomware attack on Friday Aug. 23 when the business day opened. 
A few of the towns still cannot process utility payments or process vital records (like birth certificates).
Texas is better prepared with law enforcement than many states. Apparently the source is overseas and authorities may arrest in a country where the US can extradite.  

This seems to be the first coordinated attack involving multiple municipalities.

Local governments don’t seem to spend as much money with security.
I remember on a recent trip to Ontario passing an “Iron Mountain” facility on the outskirts of Waterloo, about 60 miles from Toronto.  Local governments don’t seem to be storing offsite backups.

Friday, August 16, 2019

Windows 10 has two new wormable vulnerabilities, fixed with the Aug 14 update

Windows 10 has two major vulnerabilities which the update on Aug. 14 (automatically scheduled) fixes, various sources report.  These vulnerabilities could apparently be unleased with no user action (like clicking on links in emails). Apparently these also apply the the Creators' Update series. 

Microsoft describes them as “wormable vulnerabilities in Remote Desktop Services” (CVE-2019-1181/1182).  The problem does not occur in early Microsoft operating systems (7 and 8). 

Thursday, August 01, 2019

Could hackers cause a highway 9/11 event?

Gannett’s Detroit Free Press reports on vulnerabilities that could lead to sudden mass road casualties from a foreign attack on Internet-connected vehicles, especially Jeep Cherokees, story by Eric D. Lawrence.  

This is backed up by a Consumer Watchdog report which advocates giving motorists a kill switch.  

My own Ford Focus is not Internet connected as far as I know. 

Tuesday, July 16, 2019

Banks are now experience smart phone sms phishing attacks (breaking SSL) looking for phone PII

There seems to be a new phishing attack using SMS messages rather than email, targeting customer bank and investment accounts.
A lot of this is rather recent, but the Better Business Bureau has a typical explanation
Tonight, when I logged on to Wells Fargo, I noticed such a message about fifteen minutes later.  I thought it might be related to a long list of payments or maybe checking a secondary annuity site. 

Later I noticed that the message had come at exactly the same time as my first access. The point of such an attack is obscure;  it would make sense only if I carried a lot of data on my phone and I don’t.

If the hacker already had my cell phone, or already had access to the account “they” could have messaged me exactly as I logged in. This implies they were the man in the middle, which shouldn't happen in a bank's SSL environment.  Fortunately, I have relatively little PII on my phone.  The message would link one to an account not secured, which is another red flag. 
I’ve had only one other security issue with the iPhone, that is, occasional emails claiming gamer purchases in Indonesia or especially Belarus were charged to my Apple account, when they weren’t.
Maybe I do have a doppleganger in the non-western world. I wonder if that could surface if I were to travel abroad in non-western countries.  

Friday, July 05, 2019

Windows and small businesses continue to remain the biggest ransomware targets

Benjamin Roussey of TechGenix has an informative article from April 2019 of the seven top ranswomware threats in the next year or so, link here

He writes that small and medium sized businesses are still the easiest targets.  He notes that many still run on older versions of Windows. Many are not diligent in keeping up patches (individuals tend to do better than small companies).

He also notes that Windows is still much more vulnerable in practice than Linux or the similar Mac OS family.

Health care and doctors or PPO’s have become particularly vulnerable.
He also makes an interesting comment about AI.

Thursday, June 20, 2019

Medical clinic will close because or ransomware; why don't small companies, cities have off-site backups?

A Florida City will pay hackers $60000 in bitcoin to get its computer system back, the Washington Post reports.    We wonder why it didn’t have offsite backups.
The Citizen’s Council for Health Freedom reports that a clinic in Michigan has closed for good after ransomware destroyed its patient records, leaving patients, even recovering from surgery, stranded.  The case is said to be an example of the problems with requiring electronic records, and it sounds like HIPAA security and privacy didn’t work.
One question, why didn’t the doctors have an off-site backup made every day?

Wednesday, June 05, 2019

A brief review of Trend Micro

Here is Trend Micro’s pitch on how it monitors for global cyberthreats, including about 600 million potential ransomware threats a day. 

The service says it now pays particular attention to “cryptomining” or possible threats even to block chain entities.

It also says it can detect laundering and some organized crime.

It says it has 30 years experience (back to 1989 – mainframe companies started installing products like “Top Secret” around 1987).

Right now I have Trend on my Windows 10 computers.  I’ve had Kaspersky (banned in the US???) and Webroot.  Since Webroot bought Sitelock and my hosting provider uses Sitelock, that could be interesting.

I’ve had a problem with two of my Wordpress domains (there are four of them) going back to gray, and I don’t know why.  ThioJoe ought to do a video on website safety ratings. 

Thursday, May 23, 2019

What if we all have a hardware incontinence vulnerability?

Charlie Warzel and Sarah Jeong do a little skit on the New York Times “The Internet Security Apocalypse You Probably Missed”.  It’s a little like Daniel Gruss’s “Microarchitecutral Incontinence” about Intel chips.  This time, it’s Cisco routers.
Suddenly, a possible vulnerability that could target anyone, and that you could fix only with hardware.
Three or four years ago, the fear was some sort of massive shutdown by an enemy like North Korea. Now it seems enemies want our social media up so it can manipulate our weaker souls.

ThioJoe explains this as "microarchitectural data sampling" (incontinence), with examples like "Zombie Load" and "Fallout" and "Meltdown".

CPU vendors will eventually issue "bios updates" which average users won't know how to do. 

Sunday, May 19, 2019

Wanna Cry ransomware could come back to older systems given new Microsoft bog

Dan Goodin has an article on Ars Technica explaining again how many Windows exploits (variations of Wanna Cry) and ransomewares, continue to exploit governments and installations that don’t have the nimbleness of individuals to go to newer releases or apply patches
Some Windows servers are affected, which can affect hosting companies that find managing Windows application pools difficult, resulting in outages or 503 errors.

Saturday, May 11, 2019

Local governments are particularly vulnerable to ransomware

Local governments seem particularly vulnerable to ransomware attacks, largely because of their bureaucracy.

Right now, Baltimore has a serious problem.  A year ago, Atlanta did.  Recently a town near Fairbanks AK was targeted.

It is much easier for individuals to defend themselves than organizations, as their backup is usually a lot simpler. Individuals can also be much more wary of phishing attempts.
There have been cases where payrolls could not be run, putting affected employees in the same situation as a government shutdown without pay.

Tuesday, May 07, 2019

Robocalls may tempt users to spend money on callbacks to international 900 numbers

Security consultants are advising consumers not to return “one ring” calls, which are likely robocalls from 900 numbers that will result in steep charges when calls are returned.

Many calls come from Mauritania, but are spoofed as to appear to come from within the US.  Most recipients are in New York State or Arizona.

Consumers might consider having their providers block international calls if  they don’t normally make them.
CBS News has a typical story, by Sarah Min, 

The objection to robocalls, while very prudent and understandable, undermines legitimate activity, like raising money for political causes or candidates or for charities. 

Monday, May 06, 2019

New phishing scam claims your package was not delivered by UPS

I received a fake UPS delivery message today that claims that a package sent from my UPS store location was returned because of an address mismatch.  It named a UPS store as the source.
The scam is based on the idea that the consumer probably doesn’t remember “their” UPSW store member.  I gave a box at the store in Ballston in Arlington VA.  It turns out that this email address corresponded to a store in Rock Hill, SC.

The most recent site I can find discussing a delivery scam is here.

But this is the first time I have heard of  fake missdelivery email.

I had opened the email but not gone to any links on the computer.  I opened the link on a phone, assuming that iPhone is not as vulnerable. The link named as ups store was actually Microsoft One Drive. It invited me to download a tracking document and download an app to view it.
I did show the email to the local store and asked them to show the scam to UPS corporate security.
I did restart the computer and run a quick scan and will run a Trend Micro full scan later this evening.

Monday, April 29, 2019

How should journalists report info gathered by hacking and sent to them?

Margaret Sullivan has a nuanced piece in the Washington Post style section Monday, “How should journalists report on data hacks?” “Journalists can’t ignore hacked data meant to disrupt elections.  But here’s what they can do.”

The article is rather non-specific, but one standard is on the relevance of the information, as about the stolen emails om 2016.

I always thought it was about context. Since I had a mainframe IT background, I was aware of the controversies surrounding bringing work home or using your own hardware (which comes up with home customer service agent jobs).l 

Saturday, April 20, 2019

Trend Micro website safety ratings can revert back to Gray for no reason; Sitelock scans

I noticed Friday that suddenly the green check from Trend Micro on my two WP style 26 blogs (billsnewscommentary and billsmediacommentary) had gone back to gray, which Trend says means the site has not been reviewed.

But it had been.  I noticed the problem Friday morning when the site expanded in Twitter.

My HP Envy computer (Windows 10) has these notifications turned on. I haven’t done this on the ASUS.

The issue becomes more important in that some day, telecom providers might check safety ratings to even allow sites to be connected (esp, after loss of net neutrality). 

Also, on a coordinated story today on my main “BillBoushka” blog I discussed a tech company organization called GIFCT.  Browsers are likely eventually to refuse to load sites with harmful content (as they do today with “unsafe” sites having malware).

But there are no standards today as to how website safety is evaluated or how content markers would be set.
Sitelock’s scans give some clue as to sites can be evaluated for safety.  There are separate Malware, Smart, and Application scans.  The latter will detect problems  (like the "1=1" problem) that creep into Wordpress themes and facilities and typically can only be fixed by regular Wordpress security updates.

Tuesday, April 09, 2019

Local DC station WJLA advises consumers on avoiding cell phone spoofing

The new newscast today on WJLA talked about the problem of cell number spoofing, and how it was used by scammers calling and demanding people pay them money to avoid arrest, even going to ATM terminals.

A good writeup on the problem by Elliot Volkman appears on phishlabs from 2018.  A user should always call back and use a number published by the company (although make sure you are looking at the real website.)

Ajit Pai of the FCC has warned that carriers need to do more about this problem, Verge story by Chris Welch. 

The FCC has its own page on the problem, dated Feb. 2019.

Tuesday, April 02, 2019

Security recommendations for protesters

Electronic Frontier Foundation has a comprehensive list of security precautions to take when attending a protest, particularly in developing countries.  But the piece also mentions the way US laws work.

The piece goes quite far with its recommended measures, such as purchasing a prepaid, disposable phone, and keeping your data encrypted, and using Signal.

It also recommends not driving to an event, although in many big cities public transportation is obviously the best choice.
I also wonder about the issue of attending a protest to report and blog about it but not participate. Unless you are a journalist known to the protestors, this may sometimes elicit anger or indignation from participants focused on solidarity and the idea of “no spectators” (like Burning Man).

Friday, March 29, 2019

Home routers, for your network and for perimeter security, can be hacked; firmware is supposed to be updated regularly

Can home security systems be hacked?

Kim Zetter had looked in detail at the problem in 2014 in a Wired article.

One danger would be the possibility of generating false alarms, as well as intercepting an inadequately encrypted signal.  Another would simply be hacking the router controlling the system and interfering with the signaling.  Another is simply cutting a cable outside a house; a cellular wireless signal is much safer.  

Similar problems has been reported with routers that control cable television and Internet access, but those are often separate devices, connected to a home computer network.  A security router may be a separate device.
All of these devices have operating systems that can be programmed, usually with some sort of Unix or Linux-like kernel. 
Security experts have advised turning off and restarting routers and modems once a month, to make sure that firmware security updates get done (on restart); however most cable providers send scheduled firmware updates at scheduled times late at night.  There were cases of Russian hacks of home network routers in 2018.  But typically security devices are never supposed to be turned off, and are kept always on by high capacity batteries.

Saturday, March 09, 2019

Why "ji32k7au4a83" is a bad password

Here’s another password tip.  Beware of character strings that appear random in English or European languages but that make sense as a code for Asian languages, like Chinese. 
The Verge has a story about “ji32k7au4a83“ which translates to “my password”.

Note that there are thirteen dialects of Chinese which don’t communicate well with one another (China won’t admit this). 

Thursday, March 07, 2019

Google Chrome zero-day vulnerability patch update recommended now

Users are advised to update Google Chrome today to fix a zero-day vulnerability reported recently.

To update, look to see if the more (three vertical dots) button on the upper right has a rainbow color.

Of your computer is properly configured it should have updated automatically.

The security flaw could allow a hacker to read non-public files (like passwords stored) from your computer memory.

Monday, March 04, 2019

Some severe Wordpress plugin vulnerabilities have been fixed

Fremius has patched a “severe vulnerability” in a library used by developers for many Wordpress plugins, especially related to monetization and analytics.  This issue could have become more significant in a world with so much social and political polarization. I presume that WP 5.1 has the necessary code included.

WPTavern explains the patch here.

There is a further explanation from a Plugin security outfit, that believes hackers have already been placing vulnerabilities on sites using these plugins.  Persumably these would be detected by the Sitelock monthly application scan.

By the way, here is a critique, that seems constructive, of Sitelock. The service will charge extra fees to fix pages on which malware is found.

Picture: Daytrip to Barrett mountain (and Page Valley behind it) in Maryland, maybe the last snow of the year (no relation to article).

Thursday, February 28, 2019

Curious story in the Verge about "thunderclap"

I’m not familiar directly with Thunderbolt computers, but here’s a story on vulnerability to certain external drives and devices to thunderclap. 

I think this vulnerability could be of concern to utilities and infrastructure computers (pipelines, water treatment) to prevent “jumping” across “air-gaps” as a deep cybersecurity threat.

Just a warning note.

Friday, February 08, 2019

Youtube copyright strikes scam reported and fixed

Motherboard Vice, in an article by Jack Hauen, warns about a new scam to extort money (bitcoin) from YouTube channel creators with false copyright strikes, based on a flaw in the way YouTube handles DMCA takedown requests.  

The video above reports a similar scam using Comcast.
YouTube has restored the affected accounts and hopefully has closed the loophole.  

Tuesday, February 05, 2019

Lawsuit in Texas could set a precedent allowing copyright trolls to remove Internet access entirely from "pirating" consumers

Lior Leser (Sept. 2018) described a lawsuit by some media companies against an ISP in Austin, TX for not suspending the Internet access of some people who made illegal downloads by Bit Torrent.

The lawsuit could set a precedent requiring ISP’s to terminate consumers accused of piracy by media companies, requiring all access to the Internet merely based on allegations from a copyright troll.

This case is very disturbing and it needs to be followed in more detail.

In the future, cloud examination could develop more evidence of piracy. 
Defeating SOPA in 2012 didn’t prevent this.

Friday, February 01, 2019

Google wants to eliminate the URL, turn the world into mobile apps?

What?  Google wants to eliminate the URL? 
So Lily Hay Newman writes in Wired. 

Where as a fixed, static web address works well for individual consumers and small companies and bloggers, it seems to complicate things (that is, security and immunity from consumer database hacks and breaches) for enterprises. 

But it’s hard for me to imagine how this would go away.
But the tendency for companies to encourage you to use their apps on smartphones rather than go to a conventional URL is a start.

Then the app stops working and doesn’t work again until you turn off and restart the phone, or get another iOS update.

This story reminds me of the big scare in 2008 on DNS that led to a big security conference held by Microsoft after a Finnish researcher found a vulnerability (ID blog, Aug, 9, 2008). 
Here’s a list of the 12 most dangerous malware outbreaks in history. 

Tuesday, January 29, 2019

"The Young People Will Win", at least in busting Apple for a bug (not the NRA this time)

The Young People Will Win (“TYPWW”).  In Arizona, a 14 year old, Grant Thompson, found a vulnerability in Apple’s Face Time, which would allow it to watch a party called even if “they” didn’t pick up.  In the days of party lines, this was called "listening in." 
Heather Kelly has the story on CNN here

Apple will issue a fix this week to all iPhones with an update, which is likely to come as early as Wednesday.  That could fix problems with some other apps (like AOL mail which was dropping connections).
We have 18 years old’s who bust the NRA. 16 years olds who have to navigate perilous personal encounters that go viral given social context, and 14 year-olds who bust Apple.  But another 14 year old developed a fusion reactor and 15 year old invented a new cancer lab test.  I’ve seen other less public things, like a 16 year old direct a church play. 

Sunday, Cal Newport had written a piece in the NYTimes indicating that Steve Jobs had never intended us to be so addicted to our phones with constant social media, news and email.  I didn't have Internet on mine until 2009 as I remember (on a Blackberry then). 

Monday, January 28, 2019

Two-factor authentication is not foolproof

Josephine Wolff in the New York Times warns today that “two-factor authentication might not keep you safe.” 

The main scenarios are phishing attacks with convincing replicas of real sites.
But now industry is moving toward the idea of a physical stub with a rotating access code to be inserted into a UBS drive.

Monday, January 14, 2019

What does browser incognito mode accomplish? What about TOR?

Do you really need to “worry about” using ingonito mode on your browser (when your spouse uses it)?  

Here’s a good answer from Quora.

Yes, if you look up information on how to commit a crime, on porn, on terrorism, on fetishes – one of the respondents says, “I’m a writer, what can I say?”

Maybe that’s a relevant answer in this area where independent content creation is coming under attack from radicals on both sides.

It’s possible that in the future law enforcement will scan cloud backups even more than it can today.

The other objection is that it will lead to the serving of ads on your “family computer” that you don’t want your spouse or the kids to see.
Thorin Klowowski gives a discussion of what the use of a TOR browser (“the Onion browser”) accomplishes for the average user.  It does provide “anonymity” but not real “security”.  And it is possible for very determined law enforcement (or the NSA) to crack it, so overuse of it could call attention to illegal motivations and weaken a claim of credibility should improper online behavior come to notice in other means (especially in civil cases).  Electronic Frontier Foundation has encouraged ordinary bloggers and vloggers to learn to use it, however, even in democratic, western countries. 

Monday, January 07, 2019

Verizon hotspot and microarchitectural incontinence

On an Amtrak train, my laptop connected to somebody else’s hotspot before connecting to mine.  It even offered an automatic connection, which it should not do if I’ve never supplied a correct pw.  A flaw in Verizon software?  In Windows 10 security? 

Train was at a station, might have been someone’s house near the tracks. Maybe they didn’t set a pw?

No, I do not hack.

Some “microarchitetural incontinence”, as Daniel Gruss would say.

Wednesday, January 02, 2019

HP makes a short "horror" film about printer security

Hewlitt-Packard sent out a tweet this morning about printer security, with the main link here

It’s pretty understandable if you use your printer as a 3-in-1 and send old-fashioned faxes. 
But this seems to be more about enterprise printers on small business networks.

Here is their little short film, “The Fixer: The Wolf’s Next Meal”.

Business film does keep some independent filmmakers employed.  I remember that in the 1990s a friend wrote an article called "printer therapy" in a tech magazine.