Category Archives: Security

aka infosec

Internet crime, Malware, Security, Spam and scams, Things that are bad

Ransomware update

1 Comment

Ransomware has been in the news a lot lately. The CryptXXX ransomware is no longer susceptible to easy decryption, and it’s been making a lot of money for its purveryors, in many cases using compromised, high profile business web sites as its delivery mechanism. On a more positive note, the people who created the TeslaCrypt ransomware stopped production and released global decryption keys. New ransomware delivery systems are able to bypass Microsoft’s EMET security software. The Cerber ransomware was recently delivered to a large proportion of Office 365 users via a Word document in an email attachment. And an even more hideous piece of malware surfaced in the last week: posing as ransomware, Ranscam actually just deletes all your files.

Ransomware is different from other kinds of attacks because of the potential damage. It can render all your data permanently inaccessible. Even paying the ransom is no guarantee that you will get all your data back intact. Other types of attacks typically try to fly more under the radar: trojans and rootkits want to control and use your computer’s resources; and viruses want to spread and open the door for other attacks. While other types of attacks can be fixed by removing the affected files, that doesn’t work for ransomware.

Like other types of attacks, ransomware first has to get onto your computer. These days, simply visiting the wrong web site can accomplish that. More common vectors are downloaded media and software, and email attachments. Preventing malware of any kind from getting onto your computer involves the kind of caution we’ve been advising for years; ransomware doesn’t change that advice.

What CAN make a big difference with a ransomware attack is limiting its reach. Once on a computer, ransomware will encrypt all data files it can access; specifically, files to which it has write access. Ransomware typically runs with the same permissions as the user who unwittingly installed it, but more insidious installs may use various techniques to increase its permissions. In any case, limiting access is the best safeguard. For example, set up your regular user so that it cannot install software or make changes to backup data.

Here’s a worst-case scenario: you run a small LAN with three computers. All your data is on those computers. Your backup data is on an external hard drive connected to one of those computers, and a copy exists on the Cloud. For convenience, you’ve configured the computers so that you can copy files between them without having to authenticate. Once ransomware gets onto one of the computers, it will encrypt all data files on that computer, but it will also encrypt data it finds on the other computers, and on the external backup drive. Worse still, some ransomware will also figure out how to get to your cloud backup and encrypt the data there as well.

How to limit your exposure? Require full authentication to access computers on your LAN. Use strong, unique passwords for all services. Store your passwords in a secure password database. Limit access to your backup resources to a special user that isn’t used for other things. In other words, exercise caution to avoid getting infected, but in case you get infected anyway, make sure that you have walls in place that limit the reach of the ransomware.

Most ransomware targets Windows systems, so most of the verbiage out there is about Windows as well. This article covers the basics fairly well.

Adobe, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for July 2016

Leave a comment

It’s a relatively light month for Microsoft patches: only eleven this time. The updates address security issues in the usual suspects, namely Windows, Internet Explorer, Edge, Office, and the Flash code that’s embedded in IE 10, IE 11, and Edge. Six of the updates are flagged as Critical. A total of fifty vulnerabilities are addressed.

Adobe joins in the fun again this month, with updates for Flash and Reader/Acrobat. The Flash update fixes a whopping fifty-two vulnerabilities, while the Reader update fixes thirty vulnerabilities. Update: an announcement for the Flash update appeared on July 14th, despite being dated July 12th.

Update 2016Jul17: Ars Technica points out that one of the Microsoft updates addresses a critical security hole in a Windows printer driver installation mechanism that dates back to Windows 95. The vulnerability was not actually closed by the update; instead, a warning was added to the driver installation process.

Crapware, Hardware, Microsoft, Security, Things that are bad, Windows 10

Pre-installed crapware still a problem

Leave a comment

A recent report from Duo Security shows that pre-assembled, ready-to-run computers purchased from major vendors almost always include pre-installed software that often makes those computers much less secure. That’s in addition to being unnecessary, unstable, resource-hungry, and often serving primarily as advertising conduits.

If you purchase a pre-assembled computer, you should uninstall all unnecessary software as soon as possible after powering it up. Before even connecting it to a network. It can be difficult to identify exactly which software should be removed, but a good starting point is to remove anything that shows the manufacturer’s name as the Publisher. PC World has a helpful guide.

And now the good news, at least for some of us: Microsoft now provides a tool that allows a user with a valid license to reinstall Windows 10 from scratch at any time. Minus all the crapware that the manufacturer originally installed.

Patches and updates, Security, Things that are bad

Major vulnerabilities in Symantec security products

Leave a comment

Earlier this week, a Google researcher published a report on vulnerabilities affecting all Symantec security products, including Norton Security, Norton 360, legacy Norton products, Symantec Endpoint Protection, Symantec Email Security, Symantec Protection Engine, and Symantec Protection for SharePoint Servers. All platforms are affected.

From the original report:

These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.

Symantec quickly released security advisories and updates to address the vulnerabilities, including SYM16-010 and SYM16-011.

Anyone who uses Symantec or Norton security products should install the available updates as soon as possible.

Adobe, Flash, Patches and updates, Security

Critical Flash update

Leave a comment

Earlier this week, Adobe announced that they would delay this month’s Flash update for a few days, which would allow them to include a fix for a critical vulnerability (CVE-2016-4171) that’s being actively exploited on the web.

Yesterday Adobe released Flash 22.0.0.192, which addresses CVE-2016-4171 and thirty-five other vulnerabilities. Anyone who uses Flash should install the new version as soon as possible, but those of us who still use Flash in a web browser need to check their version and update immediately.

Recent versions of Internet Explorer and Edge will get the new version of Flash via Windows Update. Microsoft issued a related bulletin yesterday.

Chrome’s embedded Flash will be updated via its own internal updater. You can trigger the update by clicking the ‘hamburger’ menu button at the top right, then clicking Help and About Google Chrome.

Adobe, Edge, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for June 2016

Leave a comment

It’s that time again, folks. This month Microsoft has sixteen updates, which address forty-four vulnerabilities in the usual culprits: Windows, Internet Explorer, Office, and Edge. Five of the updates are flagged as Critical.

Adobe issued an alert earlier today, saying that they have identified a vulnerability in Flash that is being actively exploited. There’s no update as yet, but they expect to have one ready by June 16. I imagine that Adobe was planning to release a Flash update today to coincide with Microsoft’s updates, but this new threat messed up their timing.

Android, Firefox, Flash, Patches and updates, Security

Firefox 48.0

Leave a comment

The announcement for Firefox 47.0 highlights a few changes: synchronized tabs (between Firefox instances), improved video playback, and some security and performance improvements for Android users.

According to the release notes, Firefox 47.0 takes a few more steps in the process of moving away from Flash and toward HTML5 for video, and removes support for some older technologies related to plugins. The click-to-activate plugin whitelist, a security feature that was introduced in 2013, has been removed.

Most importantly, Firefox 47.0 fixes at least thirteen security issues. So don’t delay, update Firefox as soon as you can.

Check your Firefox version and trigger an update by navigating to its About page:

  1. Click the ‘hamburger’ (three horizontal bars) menu button at the top right.
  2. Click the question mark at the bottom of the menu.
  3. Click ‘About Firefox’ in the menu.