Security

You’ve probably heard about it by now and I’m already tired of hearing about it;  the story broken by the UK’s Guardian newspaper – it figures -concerning the surveillance being carried on by the NSA (National Security Agency) on Verizon’s phone call meta-data as well as other aspects of internet communications like e-mail. For those of you who may not quite get it, meta-data is information about data; not the data itself.  The NSA does not give an R.A. about calls to your mistress/boyfriend or your predilection for phone sex. By the time they get the meta-data, your 3:00 AM call to Jake at Snake Farm is long over. Instead, they are looking for patterns like calls to the local 7-11 from Abbottabad, Pakistan that occur only when Achmed is behind the counter on the grave-yard shift.

There is the predictable hue and cry that this is the end of America as we know it or that the Government has done the “freshy-fresh” with the Bill of Rights. No-one seems to give a fig about the Police running your licence plate when they spot you parked at the Achmed’s 7-11 at 1:30 AM. Indeed, La Polizia have run the plates of a certain Mitsubishi pick-up with a canoe on top driven by a bearded, kilt-wearing, pipe-smoking, Scotch-drinking, hippy freak in ear-rings more times than I care to think about. They probably needn’t bother because no-one in their right mind would use a 23 year-old pick-up with an “I brake for Mermaids” bumper-sticker on the back as a get-away vehicle.

Yes, it’s a shame that things have come to this but it’s the price we pay for being under siege by sub-humans who would gladly suicide-bomb a day-care just to inflict a bit more pain and terror on Americans. Dr. Data can remember the common cries of “Protect us! Protect us!” in the wake of 9/11 and the Boston bombings. Well, the NSA, et alia, are trying to do just that. Moreover, the government has been doing that for a lonnng time. Back during the cold war, a certain female-type person with whom  Dr. Data has had a more than nodding acquaintance for nearly four decades, had relatives on the east side of the iron curtain. Letters arriving at her grand-mother’s house had already been read and redacted by both sides. Her brother – like Dr. Data – was into short-wave radio during that time and a Federal agent showed up at their house wanting to check his QSL cards . . . no doubt looking for coded messages.

So folks, let’s turn down the histrionics and hope that the NSA does its job before the next airliner flies into an office tower. If  you’re worried that the intelligence community may want to know about your relationship with that visiting professor who works part-time as a dominatrix, then do the following:

  1. Get rid of your phones – smart and not so smart
  2. Get off the internet
  3. Blow up your TV
  4. Pay for all transactions with cold, hard cash
  5. Read only old-fashioned books printed on real paper
  6. Travel only by foot or bicycle
  7. Hope and pray that Achmed does not hijack a Cessna and fly it into your house.

Resources:

NSA PRISIM programme spied on e-mails, searches

KCAPTCHAWe’ve all had to deal with them in some way at one time or another. The CAPTCHA; a brave attempt to prevent spam-bots from filling out things like the contact form on your website and sending you e-mails telling you about cheap Viagra, Nigerian Princes seeking to recover their fortune and busty blond bimbos who have been oh so lonely and are looking for a man just like you in order to have a meaningful, fulfilling relationship and/or a good time.

[stextbox id=”Information” float=”true” align=”right” width=”150″ mleft=”5″]Wikipaedia has an excellent article on CAPTCHAS. [/stextbox]Though they are there on the front lines of spam defense, they more often frustrate than protect. How many times have you filled out a web form only to be baffled by the distorted letters and numbers you are required to read and enter before you hit “Submit”. Is that a “1” or an “L”, an “O” or a “Q”, an “R” or a “K”? You give it your best guess and click the “Submit” button only to be told that what you entered is incorrect and are then redirected to an empty copy of the form that you’ll have to fill out again. Not only are they driving you mad but there are serious questions as to their efficacy.

The hey-day of the CAPTCHA may be over. Ticketmaster is dropping them in favour of entering common phrases or answering things like multiple choice questions. A New York based outfit named Solve Media claims that it takes the user half the time to comply with the new approach than it did to try and decode a CAPTCHA. Solve Media also believes that this method is better at blocking bots than the old way which often proved quite successful at blocking humans.

Only time will tell whether this approach will be the answer to a form-filler’s prayer. In the meantime, you can read all about it in PC Magazine.

Back in September of 2012, I discussed online bait & switch with software downloads and how unwanted add-on’s – such as memory and cycle sucking toolbars – can find their way on to your system without your knowing it. I’ve coined a new term for this sort of stuff: Sneakware. In other words, crapware that sneaks its way on to your system when you’re trying to install a legitimate product.

I’ve observed a fine example of this in the wild and thought I’d show you what to watch out for. I’ve also run across an article that backs up what I’ve been saying even though they don’t call it “sneakware”. I’ll endeavour to keep all this brief and to the point.

For a number of years, I’ve used an add-on called File Menu Tools by a Spanish development house known as Lopesoft. It has come in quite handy for folks like Dr. Data who do a lot of different things with individual files and I’ve recommended it as a “must-have” more than once. The other day, it was time to install the latest version and I discovered – much to my dismay – that the developer has succumbed to the siren call of sneakware.

There’s a heck of a lot of free stuff on the web and developers will often seek to augment their income of donations by grateful users by including add-on’s with their installation package. Legitimate – and sometimes not so legitimate – entities will pay developers a certain amount to simply include this entity’s product in the developer’s installation package and then will pay the developer a specified amount of  money for each actual installation of the entity’s product. Usually, both payments are a trivial amount but if your software is downloaded & installed 3 million times, this trivial amount can really start to add up.

In the case of Lopesoft, here’s what I saw:

Lopesoft1 In this first screen-shot, the user is asked to install the Babylon Toolbar which supposedly gives you access to freebies, discounts, etc. You’ll notice that not only is the option to install the toolbar checked & greyed-out, but so are the options for making Babylon the default search engine and making Babylon search you homepage. Your eye is drawn to the usual mumbo-jumbo of the licence agreement and clicking “Agree” has become motor memory. You have no doubt learned over time that clicking the “Decline” button will cancel the installation of the whole thing and thus you are led to believe  that you have to click “Agree” here in order to get the software you originally wanted.

The simple answer is “No, you can “Decline and still get the original product but how many users will see through all this? Also notice that the “Agree” button has focus so all you have to do is press the “Enter” key. To “Decline”, you’ll need to move your mouse to that button & click it.

Lopesoft2 This is the next window that will be shown to you whether you “Accept” or “Decline”. Here, the verbage mentions Chrome, Google, etc. It also throws in “Amazon”. Add in the mumbo-jumbo and the average user will think they have to agree in order to get the software to work with Google, Chrome & Amazon.

As before, the “Agree” button has focus. Declining takes an extra effort.

There you have a perfect example of how the user thinks they’re getting a useful utility and are really getting a lot more than they asked for. Do this five or six times and you’ll wonder why your system isn’t as fast as it was.

While the mechanics and payment schemes may vary, this article from ZDNET explains it all very nicely. The price of a clean machine is eternal vigilance.

Although we all try to prevent the latest bit of nastiness from taking up residence on our systems, sometimes the bad guys win and we’re faced with the task of cleaning up Dodge. Some of these infections are quite clever and not only prevent you from executing detection and removal tools, but also prevent you from downloading them in the first place. There is, however, a way around that last bit.

Tech Republic has an article listing 5 portable tools for cleaning up malware and virus infections. All of them are free though some may be donation-ware or a way of advertising a more robust paid version. Nonetheless, they will help get you out of a jam and in that case, who cares if there’s an ad or two for the paid-up version of the tool.

The tools are:

  1. ClamWin Portable
  2. Sophos Anti Rootkit Portable
  3. Emsisoft Free Emergency Toolkit
  4. Vipre Rescue
  5. Spybot Search and Destroy Portable

Dr. Data is most familiar with the Emsisoft Emergency Toolkit and Spybot Search & Destroy. There are a number of people who argue that the Emsisoft product is even better than Dr. Data’s favourite tool, MalwareBytes, and he is not going to argue their relative merits here. He will say, however, that the Emsisoft tool does seem to take longer to perform a scan than MalwareBytes. Whether that is because the former is more meticulous than the latter is a topic for another day.

As for Spybot Search and Destroy, Dr. Data has used it to bat clean-up for a number of years now. Spybot will flag and remove spyware, tracking cookies, etc. but it is also excellent for cleaning up the bits of debris left after an infection is removed and can give clues as to how the infection made its way on to your system in the first place.

All five tools require the user to be proactive. In other words, you need to:

  1. Find a clean USB thumb drive
  2. Install the tools on the thumb drive
  3. Keep those tools up to date
  4. Remember where you put the thumb drive

If the infection blocks the execution of one or more of these tools, then you will have to either use a rescue CD/DVD to boot your system or remove the hard drive and attach it to another system using any one of a number of fine USB SATA/IDE bridge devices on the market and disinfect the drive that way.

Read the full article on TechRepublic.

This is a brief dispatch from the trenches. Since my TechnoRant© on Ransomware back on October 9th, a few instances have been observed of a variant that I’ve nick-named “bluffware”. Bluffware will display the ransom note saying that your hard drive has been encrypted and if you want the decryption key, you’ll need to put your credit card information in a brown paper bag and e-mail it to wherever.

The funny thing is that your hard drive is NOT encrypted and if you’re foolish enough to send the money, you’ll definitely get nothing in return. This is apparently the work of bad guys who don’t have the necessary smarts or malware code to encrypt your hard drive but nonetheless want to cash in on the latest trend.

While bluffware is more a hoax than anything else, the reality is that the malware responsible for the hoax has somehow made its way on to your system and that is no laughing matter. Your system has been infected and you need to get rid of this bit of nastiness as soon as possible. There is no way of you knowing if the bluffware is dropping some other malicious code on your system in the meantime.

It’s up to you to do everything you can in advance to prevent this for making its way on to your system in the first place and being prepared to deal with the situation if it does. I won’t repeat the recommended steps here. If you want to know what to do, take a look at the original post concerning ransomware.

The latest sensation that’s sweeping the nation is something called Ransomware. This is a particularly nasty piece of Malware that infects your system through the usual vectors:

  • Visiting infected websites
  • Opening attachments to e-mails
  • Clicking on links that someone sends you via e-mail
  • Applications such as Skype
  • Etc.

Once it’s on your PC – or MAC!! –  it will do things like encrypt your hard drive or generally restrict access to sensitive files or, indeed, the entire system until you pay a fee – read ransom – to get a key or code to unlock your files or system. The ransomware will display a fake message warning you of the problem and claiming to be the Police, FBI, etc. Paying the ransom is the last thing that you want to do because:

  1. You’ll be out however many dollars they want for the unlock key
  2. They’ll have your credit card information
  3. There’s no guarantee that there is not another piece of this malware lying underneath that will re-encrypt your hard drive or lock your system in some way once you apply the original unlock key.
  4. There is the distinct possibility that they won’t even send you an unlock key at all because once they have your credit card information, they’ll have everything they need so to heck with you.

There are ways to remove ransomware and SelectRealSecurity.com shows you one way to do it. However, since the bad guys are usually at least one step ahead of the good guys, there’s always the chance that you’ll be hit with a new version of ransomware that necessitates a new approach to removal.

The best approach is not let the stuff get on your machine in the first place. To do that, you need to:

  1. Keep a good, reliable, up-to-date anti-virus application running on your system. There are some freebies out there that offer only anti-virus protection. If you want anti-malware, etc. you will have to pay for the full registered version. This is not the time to be cheap as an ounce of prevention is worth a pound of cure.
  2. Use a secondary anti-malware application such as MalwareBytes. While there may appear to be a duplication of effort here, there is always the chance that what is missed by one will be caught by the other. You need to be thorough.
  3. Do not open e-mail attachments or links from senders that you do not recognise. In fact, don’t open e-mail messages from people you don’t recognise.
  4. Be suspicious of e-mail links or attachments sent to you by people who you do recognise but who do not usually send you such things. Address books can be hacked.
  5. Avoid questionable websites like the plague. McAfee offers a product that flags questionable or unsafe websites when you do a search. If your security software warns you of a malicious website, don’t go there even if it’s one that you’ve visited before.

Just in case something DOES find its way on to your system, Be Prepared!

  1. Keep all of the installation disks that came with your system or that you subsequently purchased in a safe place that you will actually remember. These things aren’t coasters or toys to let the kids play with.
  2. Keep a list of all of the activation keys for your software products in a safe place that you will actually remember.
  3. If you purchase software and install it via the internet, keep the installation file(s) and activation key(s) in the same safe place as # 1 & # 2.
  4. Keep a list of all of your passwords, etc. in the same safe place as # 1 & # 2.
  5. Find a good, reliable system/file back-up application and actually use it. Once you’ve completed backing up your system/files to a USB drive or whatever, detach the aforementioned device from your system. Do not reconnect it until you need to restore a file or make a new back-up.

That’s enough to get you started. Do not think that simply because you have a MAC rather than a PC that you’re safe. MACs have been shown to be vulnerable to attacks. You may not get what’s currently affecting PCs but you might get something that’s especially designed for MACs.

Internet service Providers (ISPs) are reporting that the Domain Name Changer trojan has had a minimal impact since the FBI shut down the servers belonging to the criminal enterprise at 12:01 AM on Monday. Service providers such as Verizon and Comcast have been reporting only a relative  few calls for help concerning the sudden loss of internet access on Monday.

Before we consider the DNS Changer to be a non-event, users and service providers will do well to keep in mind that not everyone uses every PC every day. There is a significant number of users who only power up every few days, have a second PC or Laptop that sees only intermittent use, etc. These casual users are also some of the most likely to have paid scant attention to the warnings about the DNS Changer over the past months.

Even though the FBI has shut down those servers, ISPs have taken over by redirecting requests for those addresses to what is in effect a “walled garden”.  Here, the hapless user is informed of the situation and what is needed on their part to remedy the problem. While some news outlets have reported that anti-virus software has taken care of most of the infections, there are still plenty of people out there who refuse to either purchase security software or keep it up to date.

Several months ago, Dr. Data published a warning about the DNSchanger Trojan. Well, D-Day – July 9th – is almost here. In case you missed it, here are the main points about this whole affair:

  1. Back in November of 2011, the FBI shut down a criminal operation that would direct unsuspecting users to the operation’s servers
  2. There were about 100 servers all told
  3. These machines were infecting millions of PCs with the DNSchanger Trojan
  4. The DNSchanger would alter the PC’s DNS (Domain Name System) so that websites would redirect users to servers run by the criminal operation
  5. The FBI obtained a court order that allowed the FBI to keep those servers running while users checked their machines for infection by the DNSchanger
  6. The servers were supposed to be shut down on March 30th
  7. The deadline was extended to July 9th
  8. On the 9th, the servers will indeed be shut down. This is it!
  9. While a lot of clean-up has been done, there are still about 300,000 PCs that are still infected w/ the trojan
  10. 70,000 of those machines are in the US. Is yours one of them??
  11. If your machine is infected, you will probably lose access to the internet on that day.
  12. No more FaceBook, etc.

There is a simple way to tell if your PC has been infected. Point your browser to www.dns-ok.us. If your PC is clean, you’ll see a Green background. If there is a potential problem with your connections, you’ll see a Red background. If you’re colour-blind, find someone who isn’t!! The average user should seek the help of a computer professional – like Dr. Data – to help with the clean-up. If you want to have a go at resolving the problem on your own, here are some suggestions on how to trouble-shoot.

The full story is on the PC Magazine website. A more succinct explanation of why DNSchanger victims deserve to lose the internet may be found on ZDNet.

Time’s a wasting. Check your PC by going to www.dns-ok.us. I just did and my PC is clean. How about yours?

 

For years, I’ve watched Apple and Microsoft duke it out – either thru corporate ads or via their legions of fanboys – over PC security. You probably remember the “I’m a Mac/I’m a PC” ad campaign that Apple launched touting, among other things, that Macs – or rather OS X – just didn’t do virus or malware infections. (Dr. Data repeatedly thought: : Just you wait, Steve Jobs. Just you wait.”)

In the wake of the Flashback Trojan and other attacks – both real and potential – Apple has quietly changed its tune according to an article on the PC World website. What Apple has done is replace the claim on its website that MACs don’t get PC viruses with another stating that OS X is built to be safe. (Take a look at a comparison of the two messages.) Actually, the original claim was quite true; Indeed,  MACs do not get PC viruses. Instead, they get MAC viruses.

In line with that change, came an announcement reported on ZDNet that OS X’s Mountain Lion release would feature silent security updates. The advent of these silent patches indicates that reality has finally caught up with Apple.

It all depends on your age.

Baby Boomers worry about a lot of things; Hair loss, retirement vanishing over the horizon, dentures and . . . computer security. While those of us who are . . . umm . . . somewhat more secure tend to think that those “kids” in “Generation Y” are more computer savvy than the rest of us, that apparently is not the case when it comes to security. While there are differences between the ways each generation uses their computers, there is no denying that Boomers are more likely to have security features in place.

Zone Alarm, a manufacturer of internet security products, posted in graphical form on its website, the results of their analysis of just who employs computer security and how much. Fifty-eight percent of Boomers believe that security is more important than productivity, entertainment, etc. Only thirty-one percent of Gen. Y think the same way.

The really frightening thing to be found in all this is that, as a whole, 71% of all age-groups do not  follow best practices in security like having a two-way firewall in addition to anti-virus software.

Just something to think about.

 

This Month’s Rants

November 2017
M T W T F S S
« Dec    
 12345
6789101112
13141516171819
20212223242526
27282930  

Pipe Count

Dr. Data's Pipe Count

480 (+/-)

Dr. Data has PAD - Pipe Acquisition Disorder

Professional Reader

Subscribe to my Rants

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 222 other subscribers