Category: Internet


I Said This Was a Bad Idea—UPNP

Filed Under: Hardware, Internet, Microsoft, Security, Security Alerts by William — Leave a comment
January 29, 2013

As the world’s various media outlets start talking breathlessly about how dangerous UPNP is anyone who has talked to me(every one of my clients knows about this) I’ve always maintained UPNP was a huge security hole.  I’ve seen Microsoft among others talk about how it’s not a security threat to allow something inside your network to automatically open holes into your firewall without the network admin’s knowledge.  me and others(like Stever Gibson0 have been vindicated once again.  UPNP has ALWAYS been a a hackers dream…it just took someone a while to prove to the rest of the world what the security guys have been saying base on common sense for years now.  Everyone NEEDS to test their routers now.  You can do it here.  if you fail the test please contact ECC immediately.  Sophos  explains the danger in this blog post.

Tens of millions of network-enabled devices including routers, printers, media servers, IP cameras, smart TVs and more can be attacked over the Internet because of dangerous flaws in their implementation of the UPnP Universal Plug and Play protocol standard, security researchers from Rapid7 said Tuesday in a research paper.UPnP allows networked devices to discover each other and automatically establish working configurations that enable data sharing, media streaming, media playback control and other services. In one common scenario a file-sharing application running on a computer can tell a router via UPnP to open a specific port and map it to the computer’s local network address in order to open its file-sharing service to Internet users.UPnP is intended to be used primarily inside local networks. However, security researchers from Rapid7 found over 80 million unique public IP Internet Protocol addresses that responded to UPnP discovery requests over the Internet, during scans performed last year from June to November.

via Researcher: UPnP flaws expose millions of networked devices to remote attacks | PCWorld.

Comment

The Broken Philosophies of Third Party Digital Certificates and How They Put you at Risk

Filed Under: Cloud Computing, Internet, Open Source, Security by William — Leave a comment
January 13, 2013

This has been a long standing procedure.  If you are online and what to have an online identity certificate that identifies you you have been required to go to various third parties(Verisign, GoDaddy just to name two) and pay them to issue you a digital certificate that other folks then accept as being genuinely unique to you.  The problem is…now you have placed the security and authenticity of your online identity in the hands of a third party.  What happens when, not if,  that third party gets hacked?  Your online identity has been compromised and now these digital certificates aren’t worth much now are they?  This philosophy is very counter-intuitive due to the fact in banking we tell clients…you must be careful to not allow your identity to be stolen and we rail against allowing third parties access to your information.  yes for online security we are doing just that?  One of the basics is to NOT trust third parties with your information.  We spent enormous amounts of time and money trying to prevent this very thing as much as possible.  Why are we then spending the same amount of time and money doing just to opposite to verify we are who we say we are when we are talking about the Internet?  If you just look at these two side by side..one is best practices and one is backwards.  If we are going to tell folks self protection and generation is the way to go why do the opposite online?  The RSA company was compromised and now two factor authentication tokens are now all worthless until the RSA generates a new algorithm   Comodo just was compromised by a third party of theirs that then compromised their own certificate database for some very high profile sites.  If you have not updated your browsers(yes all of them) you could now be receiving bad certificates that say they are genuine but aren’t.  Frankly this makes no sense to me.  All a third party has to do is screw up once..and ALL of their clients can be affected.  You then have to do something like update all of your software or redo all of your dongles once that occurs.  I use only self-generated certificates.  That way I know they are genuine and aren’t compromised.  If i get compromised It’s only me.   I don’t see how this reliance on third party for online security is progress.

 

Brian krebs tweet: as w/ this Comodo cert issue and the RSA mess, I’m struck by how many big security threats r beyond user’s ability to do squat about them

comodo incident listing http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html

ms advisory on issue http://www.microsoft.com/technet/security/advisory/2524375.mspx

Steve Gibson on RSA hack http://steve.grc.com/2011/03/19/reverse-engineering-rsas-statement/ follow embedded links too.

Comment

Verizon’s “Six Strikes” Anti-Piracy Measures Unveiled | TorrentFreak

Filed Under: Internet by William — Leave a comment
January 12, 2013

This has been building quietly in back rooms for a while and it now coming into the light.  The top 5 US isp’s and the MPAA and others are now coming out with new “anti-piracy” policies   The days of anyone being able to run free wifi are over without any kind of filters are coming to an end.  Verizon isn’t the only one doing this…Comcast and the other 3 largest isp’s have VOLUNTARILY joined in on this as well.  This isn’t even a government thing it is an alliance with the MPAA and others.  Most folks would say,” they are only enforcing copyright”.  That would be the truth if during court proceedings the content providers weren’t filing false accusations, withholding contrary evidence, and most times are just plain wrong about who did what where when.  Verizon’s policy is in the following italicized text.  Please read the linked article for the policies from other ISP’s that are int he pipeline.  If you are a business or an individual offering free wifi you now have to put in the appropriate filters to protect yourself from probable legal action.  Contact ECC for consultation on how to do this.

 

Alert 1 and 2

“Are delivered by email and automatic voicemail to the telephone number we have on file for you. Notify you that one or more copyright owners have reported that they believe your account has been involved in possible copyright infringement activity.”

“Provide a link to information on how to check to see if file sharing software is operating on your computer (and how to remove it) and tell you where to find information on obtaining content legally.”

If more infringements are found after the first two alerts then the account holder is moved on to the acknowledgment phase where “popups” appear on-screen. Customers will have to acknowledge that they received the new alert and will be instructed to watch a video about the consequences of online piracy.

Alert 3 and 4

“Redirect your browser to a special web page where you can review and acknowledge receiving the alerts. Provide a short video about copyright law and the consequences of copyright infringement.”

“Require you to click on an “acknowledgement” button before you will be able to freely browse the Internet. Clicking the acknowledgement button does not require you to admit that you or anyone else actually engaged in any infringing activity, only that you have received the alert.”

If the infringements continue after the fourth alert the subscriber will move on to the mitigation phase. Here, the customer can either ask for a review by the American Arbitration Association or undergo a temporary speed reduction to 256kbps.

Alert 5 and 6

“Redirect your browser to a special web page where you will be given several options. You can: Agree to an immediate temporary (2 or 3 day) reduction in the speed of your Internet access service to 256kbps (a little faster than typical dial-up speed); Agree to the same temporary (2 or 3 day) speed reduction but delay it for a period of 14 days; or Ask for a review of the validity of your alerts by the American Arbitration Association.”

via Verizon’s “Six Strikes” Anti-Piracy Measures Unveiled | TorrentFreak.

Comment

Don’t Allow Direct Internet Access to Your Network.

Filed Under: Cloud Computing, Internet, Security, Security Alerts by William — Leave a comment
December 15, 2012

Folks…a firewall isn’t enough.  You should not even leave the ports open for these devices.  the only way to have a remote chance of doing this safely is to use a vpn so your connection is encrypted then you can get it. Honestly for these systems that are deemed critical it is simply foolish to have it on the internet at all…it will get taken over even with firewalls and vpn’s in place.  Unless folks really want to use proper security(which most don’t) these incidents are not only going to continue but will grow in size and damage potential..or damage actually caused.  Small businesses are also very lax in their security postures these days.  many of the compromises could be avoided with some simple behavioral changes…technology can’t solve the issue if the issue is the loack of good security habits by their human operators or caretakers.

 

Hackers illegally accessed the Internet-connected controls of a New Jersey-based company’s internal heating and air-conditioning system by exploiting a backdoor in a widely used piece of software, according to a recently published memo issued by the FBI.

The backdoor was contained in older versions of the Niagara AX Framework, which is used to remotely control boiler, heating, fire detection, and surveillance systems for the Pentagon, the FBI, the US Attorney’s Office, and the Internal Revenue Service, among many others. The exploit gave hackers using multiple unauthorized US and international IP addresses access to a “Graphical User Interface (GUI), which provided a floor plan layout of the office, with control fields and feedback for each office and shop area,” according to the memo, which was issued in July. “All areas of the office were clearly labeled with employee names or area names.”

An IT contractor for the unnamed business told FBI agents the “Niagara control box was directly connected to the Internet with no interposing firewall,” according to the memo, which was published Saturday by Public Intelligence. The website has an established track record of posting authentic government documents. Barbara Woodruff, a spokeswoman in the Newark, New Jersey division of the FBI, where the memo originated, said the document appeared to be authentic.

The unauthorized access began in February, a few weeks after someone using the Twitter handle @ntisec posted comments indicating hackers were targeting SCADA—or supervisory control and data acquisition—systems. One tweet included a list of Internet addresses, including one that was assigned to the heating system belonging to the New Jersey business. The hack came five months before security researchers Billy Rios and Terry McCorkle blew the whistle on serious vulnerabilities in the Niagara system, which is marketed by Tridium, a company with US offices located in Richmond, Virginia.

Only getting worse

The revelation that Niagara vulnerabilities have been actively exploited in the wild is significant because the system is widely used to control critical equipment used around the world. Further, the number of Internet-facing Niagara systems appears to be growing. A search using the Shodan computer search engine late last year found about 16,000 systems, with more than 12,000 of those based in the US, according to Billy Rios, one of the security researchers who documented the vulnerabilities in the industrial control system. This year, the same search returned more than 20,000 systems, with about 16,000 of them in the US. While patches released earlier this year apply only to versions 3.5 and 3.6 of Niagara, Shodan continues to show “tons” of systems running earlier versions, including 1.1, Rios said.

“These things keep popping up,” he told Ars. “It’s not going away. It’s getting worse.”

Perhaps the only other documented case of an industrial control system being breached in the US came in 2009, when a security guard abused his physical access to breach computers that controlled air-conditioning systems at a Texas hospital. The intrusion came to light after he posted a screenshots and other evidence showing he had control of the systems that cool operating rooms and other critical areas of the Texas facility, where temperatures regularly hit the triple digits. He has spent most of his time since in federal prison.

via Intruders hack industrial heating system using backdoor posted online | Ars Technica.

Comment

Samba 4 Means the end of the Microsoft Stranglehold Networking

Filed Under: Internet, Linux, Microsoft, Open Source, Windows by William — Leave a comment
December 11, 2012

The team behind the Samba Project has released version 4.0 of its open source Windows interoperability software suite, the first version to offer full compatibility with Microsoft’s Active Directory protocols.

The Samba stack is by far the most popular solution for networking non-Microsoft platforms with Windows machines, but previous versions only provided Windows NT Domain Controller functionality.

According to the Samba Team’s press release, Samba 4 can now act as an Active Directory Domain Controller and offer services to any currently supported versions of client-side Windows, including Windows 8.

Servers running the new Samba support typical Active Directory features, including Group Policy and Roaming Profiles. They can also integrate with Microsoft Exchange servers, and they can even be managed using Microsoft’s own administration tools.

In addition, the new version offers full interoperability with Microsoft Active Directory servers. A Samba 4 server can be joined to an existing Active Directory domain, and Microsoft Active Directory Domain Controllers can join a Samba 4 server.

What all of this means is that for the first time, organizations have the option of replacing one or more Microsoft Active Directory servers – currently priced starting at $501 apiece for the small business version and scaling up to the Moon – with alternatives based on 100 per cent free software, via Samba 4.0 running on Linux or some other free OS.

via Samba 4 arrives with full Active Directory support • The Register.

Comment

Dangerous Minds | FACEBOOK: I WANT MY FRIENDS BACK

Filed Under: Cloud Computing, Internet by William — Leave a comment
December 4, 2012

I have a Facebook page i help admin and I’ve noticed the stats in all areas cratering.  I never could figure it out until I saw the “promote” “feature”.  I then knew what this was….yet another backdoor sneak attempt by Facebook to extract money form folks.  if Facebook wasn’t so sneaky and shady in its operations folks might actually pay.  I can tell you right now spending money to get a presence on Facebook is now a fool’s game.  Facebook will now continue to break the site to get you to pay for “better reach”…that’s not going to go far.  Be prepared for your Facebook investments to crater.

 

This has been brewing since around May. At least that’s when we first started noticing it here at Dangerous Minds and we certainly weren’t the only ones.

Spring of 2012 was when bloggers, non-profits, indie bands, George Takei, community theaters, photographers, caterers, artists, mega-churches, high schools, tee-shirt vendors, campus coffee shops, art galleries, museums, charities, food trucks, and a near infinite variety of organizations; individuals from all walks of life; and businesses, both large and small, began to detect—for it was almost imperceptible at first—that the volume was getting turned down on their Facebook reach. Each post was now being seen only by a fraction of their total “fans” who would previously have seen them.

But it wasn’t just the so-called “fan pages,” individual Facebook users were also starting to notice that they weren’t seeing much in their newsfeeds anymore from the various entities they “liked”—or even updates from their closest friends and family members. Something was amiss, but unless you had a larger “data set” to look at—or a formerly thriving online business that was now getting creamed—it probably wasn’t something that you noticed or paid that much attention to.

When we first noticed the problem, our blog had about 29,000 Facebook “likes.” Our traffic was growing 20% month over month, but our Facebook fans grew at a far faster pace. We were getting hundreds of new ‘likes” every day. Still do. As I write this, our Facebook fans now number over 53,000, not quite double what it was then, but give it another month or so and it will be.

53,000 is a more than respectable number of Facebook fans for a blog that’s only been around for a little over three years. So why is it that our pageviews—our actual inventory, what we sell to advertisers—coming from Facebook shares are off by half to two thirds when the number of new “likes” has risen so dramatically during this same time period?!?!

In a widely read—and widely shared on Facebook—NY Observer article titled “Broken on Purpose: Why Getting It Wrong Pays More Than Getting It Right,” (emailed to me by a friend, a prominent blogger, with the subject line: “Why putting a lot of energy into building a Facebook presence is a sucker’s game”) PR strategist and social media expert Ryan Holiday succinctly laid out the case against the damage Facebook had inflicted upon its most active users with its recently rolled out Promote “option”:

It’s no conspiracy. Facebook acknowledged it as recently as last week: messages now reach, on average, just 15 percent of an account’s fans. In a wonderful coincidence, Facebook has rolled out a solution for this problem: Pay them for better access.

As their advertising head, Gokul Rajaram, explained, if you want to speak to the other 80 to 85 percent of people who signed up to hear from you, “sponsoring posts is important.”

In other words, through “Sponsored Stories,” brands, agencies and artists are now charged to reach their own fans—the whole reason for having a page—because those pages have suddenly stopped working.

This is a clear conflict of interest. The worse the platform performs, the more advertisers need to use Sponsored Stories. In a way, it means that Facebook is broken, on purpose, in order to extract more money from users. In the case of Sponsored Stories, it has meant raking in nearly $1M a day.

I love how Rajaram phrases that so delicately: “Sponsoring posts is important.”

It’s perhaps the most understated stick-up line in history, worthy of a James Bond villain calmly demanding that a $365 million dollar ransom gets collected from all the Mom & Pop businesses who use Facebook. How many focus groups do you reckon it took until Facebook’s highly paid marketing and PR consultants finally arrived at such an innocuous phrase for describing information superhighway robbery?

via Dangerous Minds | FACEBOOK: I WANT MY FRIENDS BACK.

Comment

The Scrap Value of a Hacked PC, Revisited — Krebs on Security

Filed Under: Internet, Security by William — Leave a comment
December 1, 2012

Small Businesses are increasingly the targets of more and more sophisticated malware and fraud attempts due to the fact most of them have the attitude, “i’m too small for them to care”.  However since they are the least secure and the easiest to take down they are the ones getting hit.  i do not want to see another SMB get nailed and I am doing all i can to dispel this dangerous mythical attitude.  From subway store wifi takeovers(in which the pos machines are then compromised) to malware installs on company computers to enable bank fraud(of which most is NOT covered under Federal anti-fraud rules so the loss is borne by the business) the time for SMB’s to become much more aware of their own vulnerability is right now.  It’s time to wake and realize the “small guys” are the primary targets now.  The big news folks will only report of big compromises..but most fraud is actually against the little folks…that’s where the real money is.  This isn’t fear…this is fact.  read further on the linked site about more SMB’s getting defrauded..it will hopefully open your eyes.

 

The Scrap Value of a Hacked PC, Revisited — Krebs on Security.

Comment

This Article is Misnamed (Internet Security, Avoid Virus Attacks)

Filed Under: Internet, Security by William — Leave a comment
October 2, 2012

Unfortunately this has nothing to do with Internet security and nothing to do with virus attacks.  This DOES secure your router..but only goes onto the surface.  The SSID does NOTHING to discourage casual driveby snooping and poking at your settings.  Also putting your security cameras into the DMZ is good ONLY if they support secured communications.  Unfortunately most do not.  You are now leaving a way for folks to get at your camera and peer into your home or business.  Not a good idea.  Changing the default admin password however is a must and needs to be a good, strong password.  Anything over 8 characters is good.  Choose a section from GRC’s password generation page for good password.  For the full skinny on proper security for both your home and business contact ECC for details.  here are the basics on not getting infected.  You can also read all of my security related posts on my site’s blog page.

 

Internet Security, Avoid Virus Attacks | P&N Computer Systems.

Comment

FCC’s Ruling that Google’s WiFi Snooping is Legal Shows Users Are Responsible For Securing Their Networks.

Filed Under: Internet, Security by William — Leave a comment
October 2, 2012

It’s very simple. If you leave your wifi open and unsecured you are leaving the equivalent to your front door open. Anyone is welcome at that point. If you don’t want to be snooped on by the drive-by’s secure your wifi. This isn’t bad precedent by the FCC it is actually a good thing.  contact ECC for assistance.

FCC’s Ruling that Google’s WiFi Snooping is Legal Sets Horrible Precedent | P&N Computer Systems.

Comment

Windows New Tablet System Could be a Vista..Only Worse

Filed Under: Apple, Cloud Computing, Hardware, Internet, Microsoft, Tablets, Windows, Windows 8 by William — Leave a comment
September 19, 2012

If Microsoft really plans to get into the mobile space(and Win8 is all about tablets) this is not the way to do it.  $600 bucks for a tablet isn’t going to fly when Andriod and Ipads are already established with superior featuresets already.

 

For a while there it seemed that Microsoft was going to do something spectacular which was going to give Android and Apple a real kicking and establish itself as a leader in the tablet market.

The rumour had been that Vole was going to release a subsidised Windows RT tablet for about $300 which was practically a giveaway. While this would anger hardware makers, it would establish Microsoft’s new operating system and lead to the company becoming a leader in the mobile market.

Unfortunately the rumour was based on the assumption that Microsoft would use common sense and its piles of money to make itself relevant again.

According to Extreme Tech, the rumour mongers had forgotten that Microsoft is a huge elephant of a corporation ruled by competing factions and overseen by Steve Ballmer. So far it has yet to come up with anything that is responsive or innovative to push itself into the mobile market.

Now, a leak has confirmed that Microsoft’s inability to come up with a decent business plan to deal with mobile is about to snatch another defeat from the jaws of victory.

A leaked slide from Asus says that its Vivo Tab RT, due to be released alongside Windows RT at the end of October, will start at $600.

This is more expensive than the iPad 3, and a full $200 more than the iPad 2 or Galaxy Tab 2 10.1. So to be competitive it should have some insane hardware specs – right?

Er, no. The Vivo Tab RT has a low-res 10.1-inch 1366×768 IPS display, quad-core Tegra 3 SoC, 2GB of RAM, NFC, 8-megapixel camera… and that’s about it.

Basically it is the Android Transformer which can be plugged into a keyboard/battery dock for an extra $200 and a docking station only costs $150.

Microsoft is assuming that people will buy the tablet because it has Windows RT on it. This attitude is rather arrogant because it forgets that people are doing rather nicely thank-you-very-much with their Android machines and do not really need Windows.

Vole is basically charging what it always does with its licences, and has no plans to relax the “Windows Tax” to push itself into the mobile market.

via Microsoft prepares to stuff up tablet plans – Asus leak shows Vole’s own goal | TechEye.

Comment