Archive for March, 2012


Smartphones a big Source of Private Information Leakage…That is EASILY Obtained

Filed Under: Hardware, Internet, Security, Smartphone by William — Leave a comment
March 16, 2012

Security vs convenience.  They are inversely proportionate.  Current smartphones.. especially Iphones are very porous.  Easy solution..everything runs over wpa2 and ssl or both.  this requires work though and folks are adverse to this.  In short you are going to have to manage your smartphone just like you manage your computers.  Smartphones are a bigger problem for your data than modern computers are as smartphones have not caught up to the security levels of pc/servers yet.

 

As a security professional who gets paid to hack into high-value networks, Mark Wuergler often gets a boost when his targets use smartphones, especially when the device happens to be an iPhone that regularly connects to Wi-Fi networks.

That’s because the iPhone is the only smartphone he knows of that transmits to anyone within range the unique identifiers of the past three wireless access points the user has logged into. He can then use off-the-shelf hardware to passively retrieve the routers’ MAC (media access control) addresses and look them up in databases such as Google Location Services and the Wireless Geographic Logging Engine. By allowing him to pinpoint the precise location of the wireless network, iPhones give him a quick leg-up when performing reconnaissance on prospective marks.

“This is interesting on a security level because I’ll know where you work, I’ll know where you live, and know where you frequent,” Wuergler, who is a Senior Security Researcher for Miami-based Immunity Inc., told Ars. “If the last access point you connected to was your home, for example, I’ll know right where to go to get to you later or get to your data. If I’m an attacker that wants to break into your company, this becomes a disclosure that an attacker isn’t going to pass up.”

The exposure of MAC addresses extends not only to iPhones, but to all Apple devices with Wi-Fi capabilities, he said. It means that whenever the wireless features are enabled and not connected to a network—for instance, during a brief encounter at a Starbucks—they broadcast the unique identifiers, and it’s trivial for anyone nearby to record them. Wuergler speculates the behavior is a feature designed to automate configuration for networks users regularly access.

snip…..

In many respects, Stalker is a dramatic example of the risks posed by today’s smartphone, which was designed with speed and utility as its chief selling points.

“It’s widening all of the attack vectors that I can use against you,” Wuergler said. “All of the conveniences that are being extended to you are also being extended to an attacker, just making it easier for identity thieves and corporate attackers.”

He said the best advice for people concerned about smartphone security is to limit the kinds of personal information they entrust to their devices. Users can also benefit by turning off their device’s Wi-Fi as much as possible.

“I do use my phone on wireless networks, but I don’t store a lot of personal data on my phone,” he said. “If you put your personal data on there, you don’t even need to be connected to a wireless network for me to be able to break into your phone.”

via Loose-lipped iPhones top the list of smartphones exploited by hacker.

Comment

Avast and AVG Support Contracted to Questionable Company

Filed Under: Internet, Security, Vendors by William — Leave a comment
March 14, 2012

This means AVG if out of my recommended products until they change this policy.  If you want honest anti-malware protection contact ECC for my recommendations.  if you are a current client and using AVg or avast contact ECC before you contact this vendor.

A call to the support number listed on Avast’s site put me through to a technician named Kishore Chinni; I told Mr. Chinni that I had just installed a copy of Avast, but that I couldn’t be certain it was updating correctly. He asked for a phone number and an email address, and then said the first thing he needed to do was take remote control over my system. He directed me to use Internet Explorer to visit a Web site that requested permission to install two ActiveX add-ons. Those add-ons installed a remote control client called Bogmar Support.

Chinni asked if I had previously installed any antivirus software, and I said I wasn’t sure (I hadn’t). He then fired up the Windows Registry Editor (regedit), poked around some entries, and then opened up the Windows System Configuration Utility (msconfig) and the Windows Event Viewer. Chinni somberly read aloud a few of the entries in the event viewer marked with yellow exclamation points, saying they were signs that my computer could have a problem. He then switched over to the “services” panel of the system configuration tool and noted that the “manufacturer” listing next to avast! antivirus read “unknown.”

“When it says unknown like that, these are warnings that there could be an infection running on the computer,” Chinni explained. He proceeded to install an iYogi “tune up” tool called PCDiagnostics, which tool about 60 seconds to complete a scan of my system. The results showed that my brand new installation of Windows had earned a 73% score, and that it had to detected 17 registry errors and a problem with Windows Update (this was unlikely, as I had already enabled Windows Update and Automatic Updates before I made the support call, and had installed all available security patches). Chinni explained that the “antispyware” warning generated by the PCDiagnostics scan was an indication that a previously installed security software program had not been cleanly removed and was probably causing problems with my computer.

He said another technician could help me with these problems if I wanted. When I inquired whether it would be free, Chinni told me that the company sells support packages for one- to three-year durations, and that the starting price for a support package was $169.99…..

Unfortunately, Avast is not the only security and antivirus firm that has outsourced its support to this company. iYogi also is the support service for AVG, probably Avast’s closest competitor.

via Aghast at Avast’s iYogi Support — Krebs on Security.

Comment

Critical Windows bug could make worm meat of millions of high-value machines

Filed Under: Cloud Computing, Microsoft, SBS 2008, SBS2011, Security, Security Alerts, Server 2008, Server 8, Vista, Windows, Windows 7, Windows 8 by William — Leave a comment
March 13, 2012

Update your machines now.  If you are running a server with rdp exposed first firewall it off the internet then use another actual secure vpn to get to that server and update.  I would then never allow rdp direct access to the net again.

 

Microsoft has plugged a critical hole in all supported versions of Windows that allows attackers to hit high-value computers with self-replicating attacks that install malicious code with no user interaction required.The vulnerability in the Remote Desktop Protocol is of particular concern to system administrators in government and corporate settings because they often use the feature to remotely trouble-shoot e-mail servers, point-of-sale terminals and other machines when they experience problems. RDP is also the default way to manage Windows machines that connect to Amazons EC2 and other cloud services. That means potentially millions of endpoints are at risk of being hit by a powerful computer worm that spreads exponentially, similarly to the way exploits known as Nimda and Code Red did in 2001.”This type of vulnerability is where no user intervention or user action is required and an attacker can just send some specially crafted packets or requests, and because of which he or she can take complete control of the target machine,” Amol Sarwate, director of Qualys vulnerability research lab, said in an interview. While RPD is not enabled by default, he said the number of machines that have it turned on is a “big concern” because it is so widely used in large organizations and business settings.The bug affects Windows XP and all versions of Windows released since, including the developer preview of Windows 8. It was privately reported by Luigi Auriemma, an Italian security researcher who frequently focuses on vulnerabilities in industrial control systems and SCADA, or supervisory control and data acquisition, systems used to control dams, gasoline refineries, and power plants. Microsoft said theres no indication the vulnerability is being used in the public to attack Windows users at the moment, but the company predicts that could change.”Due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days,” Suha Can and Jonathan Ness, of Microsoft Security Response Center Engineering, wrote in an advisory published Tuesday.

via Critical Windows bug could make worm meat of millions of high-value machines.

Comment