Category: Data security

KRACK WPA2 Wi-Fi vulnerability–what is affected

Telstra Gateway Frontier modem router press picture courtesy of Telstra

A wireless router set up in the ordinary way as a base station or hub for your home network isn’t at risk of the KRACK exploit

The computing press has been awash with articles regarding a recently-discovered security vulnerability that affects Wi-Fi wireless networks. This vulnerability, known as KRACK, compromises the authentication process associated with the WPA2 security protocols that most Wi-Fi home and business networks implement.

What is affected

But it mainly affects client devices like laptops, smartphones and the Internet of Things which connect to Wi-Fi networks using WPA2 facilitated through software that isn’t patched against this risk.

It also can affect Wi-Fi infrastructure devices that serve as a repeater or client-side bridge in a Wi-Fi wireless network segment – this encompasses Wi-Fi client bridges used to connect desktop computers or smart TVs equipped with Ethernet connectivity to a Wi-Fi network, Wi-Fi repeaters, distributed-Wi-Fi setups and mobile devices implementing “bridge-to-Wi-Fi” functionality.

Data security risks

The security and privacy risk occurs at the media level of your network connection which would represent the Wi-Fi wireless link to the access point / router.

If you use higher-level encryption protocols like gaining access to Internet resources through SSL / TLS encryption which includes “https” Webpages, implementing a client-based VPN or using IP telecommunications apps that implement end-to-end encryption, you have reduced the risk factor for your data security that the KRACK vulnerability poses. Access to LAN-based resources like your NAS or printer from within your network can be a risk with Wi-Fi clients that aren’t patched to mitigate this risk as with unencrypted Internet resources.

Current remediation efforts

This situation has been rectified for regular computers running Windows 7 onwards through a patch that Microsoft rolled out as part of the October 10 security update. Here Microsoft didn’t disclose this vulnerability until there was a chance for all of industry to have patches in beta testing or “ready to roll”. Other regular-computer and mobile operating systems are being updated with security patches that are coming online through the next two months or are already online.

There will also be various pieces of client-side security software that will be updated with extra code that provides extra defence against the KRACK Wi-Fi vulnerability for both the software and the host computer.

The devices you will find as having a strong risk factor for your network are “dedicated-purpose” network devices like Internet AV devices, “smart-home” devices, videosurveillance cameras and the like that don’t benefit from regular firmware updates. This will mainly affect those devices that manufacturers are declaring “end-of-support” on or a lot of “white-box” devices sold by multiple vendors. But check your devices’ manufacturers’ Websites for new firmware that will patch the device against this vulnerability.

This will not affect the typical home or other small network that is based around a wireless router. Nor will it affect networks that implement multiple Wi-Fi access points connected to a wired (Ethernet or HomePlug) backbone. This is because you are dealing with devices that serve as a Wi-Fi base station for that particular wireless network segment.

But if you have Wi-Fi infrastructure devices using some sort of repeater or bridge functionality, check with the vendor for a firmware update for your device.

As well wireless router and access-point manufacturers, especially those courting the business and allied markets, will offer newer firmware to harden their devices against the KRACK vulnerability.

Remember that well-designed devices will implement at best an automatic software-update process or you may have to visit your device’s Settings, Setup or Configuration menu to download new firmware.

As well, the Wi-Fi Alliance have updated their certification tests for network hardware to be sure that such hardware isn’t vulnerable to this risk. These certification tests will be required before a product can show the Wi-Fi Certified logos and will affect products being introduced from this month onwards.

Keeping your network secure until new software is available

If you run Wi-Fi network infrastructure hardware that implements repeater or bridge functionality, disable the Wi-Fi client mode or repeater mode on these devices until your device is running firmware hardened against this vulnerability.

HomePlug AV adaptor

The HomePlug powerline adaptor can help with mitigating risks associated with the KRACK WPA2 Wi-Fi network vulnerability

You may also have to set up your home network with multiple access points linked to a wired backbone as the preferred way to extend the network’s coverage or reach to another building as has been done with this man-cave. A good example of this is to use a HomePlug wireless access point kit which uses your home’s AC wiring for this purpose. If you use a “Mi-Fi” mobile router that supports Wi-Fi data offload, disable this functionality until it is loaded with the latest secure firmware.

Similarly, use a wired network connection such as Ethernet or HomePlug to connect sessile devices like desktop computers, Smart TVs, printers and the like to your home network. This may not be feasible with those devices that only support Wi-Fi connectivity as their network-connection option.

Conclusion

You can mitigate the risk of the KRACK WPA2 Wi-Fi network vulnerability as long as you keep your computer equipment running software that is patched with the latest security updates.

If you use Wi-Fi infrastructure devices that work as a Wi-Fi client like repeaters or client bridges, these have to be updated with the latest firmware from their vendor. As well, use of wired backbones and access points for expanding your home network’s coverage will achieve the proper level of security against this risk if you are dealing with client-capable Wi-Fi infrastructure devices that aren’t updated with the latest software.

Let’s not forget that higher-level encryption protocols like SSL or client-side VPNs do mitigate the risk of data theft through this vulnerability.

Send to Kindle

Controlled folder access to come to Windows 10 soon

Articles 

Windows 10 preview build protects your files from ransomware | Engadget

Windows 10 will hide your important files from ransomware soon | The Verge

Microsoft previews new ransomware protection feature | Bit-Tech

From the horse’s mouth

Microsoft

Windows Experience blog post

My Comments

If you have heard the news over the last few month, you will have heard about ransomware activity in the form of the WannaCry and Petya ransomware variants getting at major installations including the NHS and the Victorian traffic-camera infrastructure.

But Microsoft has attacked this problem in a different way by providing application-level control for the next major update for Windows 10 – the Fall Creator’s Update. It is part of refining the Windows Defender security software that is part of the operating system for improved business-tier data security.

It is a very similar process to what Android and iOS do in relation to allowing the user to control what apps have access to what resources and features on their smartphone or tablet. It is also in contrast to how regular-computer operating systems work when it comes to controlling the level of access granted to a computer’s file system, where users or groups of users are typically granted particular levels of access to folders or files.

Here, once you enable the Controlled Folder Access function, applications can’t add, modify or delete files in folders where this control exists unless the app is part of a user-defined whitelist.  The routine for adding an app to the whitelist will be very similar to what you do on your iPhone or Android phone when it comes to allowing that app you newly downloaded to have access to a particular resource on your smartphone and could occur during installation or when you first use that app after enabling Controlled Folders.

By default, this feature would be enabled for the Documents, Desktop, Pictures and Videos folder trees but you can enable this feature for other folders such as “ad-hoc” work folders created on the system disk or other fixed storage on your system. I am not sure is this is also to apply to removable storage like USB hard disks, USB memory keys or SD cards, or whether this can also apply to network and online storage like your NAS shares or your Dropbox folder.

A question that can also be raised is whether the Controlled Folder feature will also provide a way to limit access to other system resources by apps. Here, it could range from access to network and Internet resources to prevent spyware from “phoning home” or to limit access to your computer’s Webcam and microphone to limit use of these resources as a surveillance tool.

Send to Kindle

Security flaw found in HP laptop audio driver software–how to fix it

Article

HP Elitebook Folio laptop press picture courtesy of HP

Check that your driver software is up to date on these HP business laptops.

HP issues fix for ‘keylogger’ found on several laptop models | ZDNet

Keylogger Found in Audio Driver of HP Laptops | BleepingComputer

From the horse’s mouth

Hewlett-Packard

Download site – identify your computer’s model number in the form on this site to obtain a list of the relevant software

My Comments and further information

Just lately, a security weakness had been found in the Conexant HD Audio driver software that was delivered to a large number of recently-issued HP business-tier laptop computers. It may also affect some of their consumer-focused laptops that run this driver. Let’s not forget the reality that some of you may have one of the affected HP business laptops as a consumer-tier computer, perhaps due to buying an ex-lease or surplus unit. This weakness affects driver versions 10.0.46 and prior versions.

The problem manifests with the MicTray64 program that comes with this software package. Here, it is a keyboard monitor that listens for particular keystrokes in order to allow the user to control the computer’s integrated microphone. But, thanks to debug code being left in the production release of this software, the software becomes a keylogger, writing keystrokes to a cleartext logfile (MicTray.log) in the Users\Public folder on the computer’s system drive.

But what is a monitor program for those of you who want to know? It is a program that “listens” to activity from or to a peripheral for a particular event then instigates a pre-defined activity when a particular event occurs. In most cases, you see these programs in operation when you use a printer or scanner with your computer and they show up a print-job status message when you print or catch scan jobs you started from your scanner’s control surface.

If you have this version of the Conexant HD Audio driver software on your HP business laptop, you may have to use Task Manager to kill the MicTray64 keyboard-monitor process, as well as removing it from the Scheduled Tasks list. It may also be worth moving the MicTray64.exe file out of the Windows\System32 folder and the MicTray.log file out of the Users\Public folder on the system disk to somewhere else on your computer’s file system and see if the computer is still stable and, if so, delete those files.

An update that rectifies this problem has been made available on the HP.com driver download site but should also be made available through Windows Update. This will be available on Wednesday 10 May 2017 (US Pacific Time) for those machines made since 2016 and on Friday 12 May 2017 (US Pacific Time) for systems made during 2015.

HP may have software installed on these systems to check for newer versions of the software drivers, which may simplify the process of updating your computer’s drivers and firmware.

This is endemic of a situation where driver software and system firmware is rushed out the door without being checked that it is production-ready and good-quality software. This software ends up as part of the distribution software image that comes with newer computer equipment, including appearing on the recovery partition of your computer’s system disk.

A good practice is to regularly check your computer manufacturer’s Website for newer drivers and firmware for your computer at regular intervals and install this software. This practice will allow you to have a computer that runs in a more secure and stable manner, perhaps gaining some extra functionality that answers current requirements along the way.

Send to Kindle

HP to introduce virtual-hardware security for Web browsing

Article

HP Elitebook x360 G2 press picture courtesy of HP USA

HP Elitebook x360 G2 – to be equipped for Sure Click

HP hardens EliteBook protection with Sure Click, a browser secured in virtual hardware | PC World

From the horse’s mouth

HP

Press Release

Bromium

Press Release

Video explaining the Bromium micro-virtualisation approach (Click / Tap to play)

My Comments

A very common attack gateway that has been identified for endpoint computing devices, especially regular desktop or laptop computers, is the Web browser. It is because the browser is essentially the “viewport” to the Internet for most reading-based tasks.

But most recent browser versions have implemented software-based “hardening” against the various Internet-based attacks. This is in conjunction with the main desktop operating systems being “hardened” through each and every update and patch automatically applied. These updates facilitate practices like “sandboxing” where software of questionable provenance is effectively corralled in a logical quarantine area with minimal privileges so it doesn’t affect the rest of the system.

HP and Bromium have developed a “virtual hardware” approach where a browsing session can take place in a separate “logical computer”, a concept being driven by the multi-core CPUs that are the hub of today’s computer systems. This can provide improved security by using the hardware approach that is effectively with its own operating system and has the data destroyed at the end of a session. Here, it restricts the effect of malware like ransomware picked up during a “drive-by” download because the software can only run within that separate “logical computer”.

At the moment, this feature is being initially rolled out to the Elitebook x360 G2 convertible business laptop but will trickle out across the next generation of “Elite” premium manageable business computers to be launched in the second half of the year. It will work only with Microsoft’s Internet Explorer and Google’s open-source Chromium browser at the moment. What I would like to see happen is that this feature is able to be “trickled-down” to HP’s consumer, education and small-business product ranges but in a more “self-service” manner because households, small businesses and volunteer-driven community organisations could equally benefit from this feature.

Send to Kindle

Making sure your business laptop’s fingerprint reader works with Windows 10

Fujitsu Lifebook S-Series SH771 ultraportable

You may have a problem with the fingerprint readers on these business laptops after you upgrade the operating system to Windows 10

Those of you who had purchased a business laptop equipped with a fingerprint reader may find that this feature doesn’t work with Windows 10. The situation can be very difficult if you had participated in the Windows 10 free-upgrade program that happened from 2015 to 2016 and you may have foregone the use of this security feature after that upgrade.

What can you do?

Remove the existing fingerprint-authentication software from the laptop

Use the Windows 10 Add/Remove Programs option to remove the fingerprint-reader software that the manufacturer supplied with your laptop computer. It may also mean that you have to remove the password vault program that came with your laptop computer and you were using to keep your Website passwords with.

The reality is that some of the business laptops came with software installations where a third-party fingerprint-management program was part of the package. This may be due to the fingerprint reader not having driver software that could work directly with Windows at the time the machine was released or the program offering more “enterprise-friendly” features than what Windows and a baseline password vault could offer for the business laptop’s user class.

If you still value the feature set provided by the fingerprint-management program or depend on its compatibility with certain other management software, it may be a good idea to look for and download the latest versions of that software.

Update the fingerprint-reader’s driver software

HP Elitebook 2560p business notebook fingerprint reader

The fingerprint reader on this HP Elitebook may be able to run the same driver software as one installed on some Lenovo ThinkPads

You would then have to update your fingerprint reader’s driver software to the latest version that can work with Windows 10. This is because the newer driver software takes advantage of the application programming interfaces associated with Windows 10’s Hello authentication mechanism.

Some laptops may require you to update their software relating to their BIOS / firmware and chipset before you progress any further. This is a process you would have to do from your laptop manufacturer’s support Website.

One way would be to open Device Manager in Windows 10 and identify then select the fingerprint reader’s entry in the device list. This will be listed under the Biometric Devices class of devices. Right-click that device and choose “Properties”. Click the “Driver” tab and select the “Update Driver” option to make sure it is up-to-date.

Or you could visit your laptop manufacturer’s support Website and download the latest version of the fingerprint reader’s driver software. Then you install that software, whereupon you may have to reboot your computer as part on the install process.

Sometimes a particular laptop manufacturer may not have the updated driver for the fingerprint reader that is integrated in to their business laptop. Here, you may have to do a Google search for details regarding the make and model of your business laptop and how to enable that machine’s fingerprint reader in Windows 10. This is because a particular fingerprint-reader subsystem may be used by two or more manufacturers in their product lines during a particular point in time. For example, the Lenovo website hosts the Validity Fingerprint Common Driver for Windows 10 which has been found to support most of the fingerprint scanners integrated in HP business laptops like the Elitebook 2560p.

On the other hand, you may find that the latest version of the driver software that they host is the Windows 8.1 version. Here, you can get by with this version for your Windows 10 computer thanks to the use of similar APIs.

Set your laptop up for Windows 10 Hello authentication

The next step will be to set up for Windows 10 Hello – the authentication framework that Windows 10 uses for advanced authentication methods like biometric authentication.

Here, you go to SettingsAccountSign In Options. Then you will have to create a PIN number, which is what you use when you log in to your machine. If you log in to Windows using your Microsoft Account credentials, you will need to create a PIN number, which will become a machine-specific alternative credential.

There will be an option to sign in with your fingerprint which will be enabled thanks to the newer drivers that you installed. Click on that button to sign in with the previously-mentioned PIN if you have created that or to create a new PIN number, before you enrol your fingerprints as your sign-in credentials.

If you still want to “swipe in” to your favourite Websites with your finger, you would need to acquire the latest version of the password manager that came with your computer like HP SimplePass, Softex OmniPass or a similarly-competent password vault that uses fingerprint recognition out of the box.

Conclusion

What this means now is that you don’t have to see the fingerprint scanner on your business laptop computer as being redundant just because you have upgraded your computer to Windows 10.

Send to Kindle

NETGEAR have fixed security exploits in some of their newer routers

Netgear DG834G ADSL2 wireless router

If you are running a recent NETGEAR router, make sure its firmware is up to date

Article

Netgear Patches Its Router’s Security Holes, Download Your Updated Firmware Today | Lifehacker

From the horse’s mouth

NETGEAR

Original Security Advisory

Models affected
Smart Wi-Fi Router AC1600 R6250
AC1750 Smart Wi-Fi Router – 802.11ac Dual Band Gigabit R6400
Nighthawk AC1900 Smart Wi-Fi Router R7000
Nighthawk X6 – AC3200 Tri-Band Wi-Fi Gigabit Router R8000
Nighthawk AC1750 Smart Wi-Fi Router – Dual Band Gigabit R6700 Beta firmware
Nighthawk AC1900 Smart Wi-Fi Router R6900 Beta firmware
Nighthawk 4G LTE Modem Router R7100LG Beta firmware
Nighthawk DST – AC1900 DST router
HomeNetworking01.info coverage
R7300DST Beta firmware
Nighthawk X6 – AC3000 Tri-Band Wi-Fi Gigabit Router R7900 Beta firmware
Wi-Fi VDSL2+/ADSL2+ Modem Router D6220 Beta firmware
AC1600 WiFi VDSL/ADSL Modem Router – 802.11ac Dual Band Gigabit D6400 Beta firmware

My Comments

NETGEAR had faced a serious problem with some of its recent-model routers due to a security exploit in the firmware that drives these network-Internet “edge” devices. Previous coverage about this issue had required you to use another router for your home network to stay secure.

This has had NETGEAR rush out firmware updates for each of these affected routers in order to mitigate the recently-discovered security exploit.

A problem that besets most of the commonly-available home-network bardware is that firmware updating requires you to visit the manufacturer’s site, download the firmware as a special file package for your device, then upload that package to your device via its Web-based management interface. This can daunt some computer users who haven’t much experience with these kind of hardware maintenance tasks.

Personally, I would like to see steps taken to support automatic firmware upgrades such as what AVM are doing with their Fritz!Box devices, or at least the ability to click on a button in the management interface to start the download and update process for the device’s firmware. This is a practice that is being implemented in most of the European-made modem routers, along with most consumer-electronics devices like Smart TVs and set-top video peripherals.

There is also the issue of protecting the update files so that you aren’t installing malware on your device and it may involve processes like authenticity checks for software delivered as part of a firmware update or functionality add-on.

The update procedure

The update procedure will require you to download the updated firmware package using your regular desktop or laptop computer. Here, they recommend that you connect your regular computer directly to the router using an Ethernet cable if you can do so for the download and update process to be sure that this process works reliably.

Follow the link listed in this article to the NETGEAR-hosted support page for your router’s model. You will see the link for the firmware package you need to download. Here, you download that firmware package to your “downloads” folder.

Then, once you have downloaded the firmware from the NETGEAR site, you log in to your router’s management page from that same computer using your favourite Web browser. For these routers, the URL is http://www.routerlogin.net. Subsequently, you have to visit the ADVANCED tab, then the Administration option, then the Firmware Upgrade option.

In that screen, you click the Browse button, which will pop up a file-system dialog box where you have to find the firmware file that you downloaded in your “downloads” folder. Once you have selected the firmware file, click the Upload button to transfer the firmware to your router, whereupon it will commence the updating process. Leave the router alone during this process so as not to interrupt this critical process. You will see a progress bar to indicate how the upgrade is progressing.

Once this update procedure is done, a good practice would be to regularly visit NETGEAR’s support pages for your particular router and check for newer firmware on a regular basis. Then, if there is newer firmware available for your device, update it following the instructions on their Website or the general instructions listed in this article.

Conclusion

The increased awareness by industry and computer media regarding software quality and data security for dedicated-purpose devices connected to the Internet along with consumer / small-business network-infrastructure devices is going to make companies who design these devices or the software that runs them wake up regarding these issues.

Send to Kindle

Keeping hackers away from your Webcam and microphone

Article

Creative Labs LiveCam Connect HD Webcam

Software now exists so you can gain better control over your Webcam

How To Stop Hackers From Spying With Your Webcam | Gizmodo

My Comments

A privacy issue that is being raised regarding the use of cameras and microphones connected to your computer is the fact that malware could be written to turn your computer in to a covert listening device.

Those of us who use a traditional “three-piece” desktop computer and have a physically-separate external Webcam may find this an easier issue because you cam simply disconnect the camera from your computer. But the issue of your Webcam or your computer’s microphone being hacked to spy on you would be of concern for those of us who have the camera or microphone integrated in the computer as with portable or all-in-one equipment, or the monitor which is something that could be offered as a product differentiator by display manufacturers.

The simplest technique that has been advocated to deal with this risk is to attach an opaque sticker or opaque sticky tape over the camera’s lens. Some computer and monitor manufacturers have approached this problem using a panel that slides over the Webcam as a privacy shield. But you wouldn’t be able to control the use of your computer’s integrated microphone unless it had a hardware on-off switch.

Most of the mobile computing platforms require that newly-installed software that wants to use the camera, microphone, GPS device or other phone sensors have to ask permission from the phone’s owner before the software can be installed or use these devices. The Apple iOS App Store even vets software to make sure it is doing the right thing before it is made available through that storefront and this is also becoming so for software sold through the Google Play Android storefront and the Microsoft Store Windows storefront.

Lately there have been some software solutions written for the Windows and Macintosh platforms that allow you to take back control of the camera and microphone due to the fact that these regular-computer platforms have historically made it easier for users to install software from anywhere. But I would also suggest that you scan the computer for malware and make sure that all of the software on the computer, including the operating system, is up-to-date and patched properly.

One of these solutions is Oversight which has been written for the Macintosh platforms and can detect if software is gaining access to your Mac’s Webcam or microphone. It also can detect of two or more programs are gaining access to the Webcam which is a new tactic for Webcam-based spyware because it can take advantage of people using the Webcam for business and personal videocalls and record these conversations. The user has the ability to allow or block a program’s access to the Webcam or microphone.

For the Windows platform, a similar program called “Who Stalks My Cam” detects events relating to your computer’s Webcam such as software wanting to acquire material from it.  This has the abilities for you to stop a program that is using the Webcam running or to shut down the Webcam process. But there is also the ability to track processes that are running while the computer system is idle because some spyware processes can be set up to come alive when the system isn’t being actively used. The program even allows you to “whitelist” programs that you trust like over-the-top communications programs or video-recording software so that it doesn’t get in their way.

The ability to track usage of attached / connected cameras and microphones or similar hardware like GPS units by software running on your computer will end up becoming part of a typical desktop/endpoint security program’s feature set as people become concerned about the use of these devices by spyware. This is in conjunction with operating systems also hardening access to devices that can be used to spy on their users by implementing software certification, sandboxing, privileged access and similar techniques.

It is definitely another threat vector that we are being concerned about when it comes to data security and personal privacy.

Send to Kindle

Celebrity gossip sites–attractive to malware distributors

Articles

Who Weekly celebrity-gossip-magazine Web site

Be sure you stick with trusted news sites when you are after celebrity gossip

The most dangerous celebrities to look up on Google | BGR.com

Searching for celebrity news on Google can be dangerous for your computer | Panda Security

Malware parasites feed on PerezHilton.com gossip fans | BBC News

My Comments

An issue that has been raised is that searching for the latest news and gossip about a celebrity can be risky for your computer’s security. Panda Security even described it as being of risk to a business’s computer systems because office workers would do it during slow times in their workday. It is though this activity is still today’s equivalent of looking through the gossip magazines at the supermarket checkout or in the doctor’s waiting room.

This is because the Internet has made it easier to push up “fly-by-night” gossip Websites that are laden with malware and have these advertised.

Online ad - to be respected like advertising in printed media

Ads on sites like here need to be secure to obtain the same respect as magazine ads

It is also because there is a weakness that exists in the online advertising marketplace is that ad networks and publishers don’t subject the advertising that comes to these networks to thorough scrutiny on a safety perspective. This then allows online advertising to become a breeding ground for malware with such things as “malvertising” where scripted ads are used to “push” malware on to users’ systems. This is a topic I have raised because I am wanting to see the rise of a quality online ad marketplace that has the same level of respect as the advertising seen in traditional print media.

A similar situation happens whenever a new album or movie featuring a popular entertainer is released because sites and torrent files would pop up claiming to offer the material for free. To the same extent, this could include offers of “exclusive” photo, audio and video material relating to the content or its performers for free. The same thing also can happen with surveillance, personal-album or similar material that features celebrities in compromising situations and ends up being “leaked” to the public arena. Again these sites and the torrent “file-of-files” available to download would be a minefield of malware files if you aren’t careful.

The situation becomes worse during the time surrounding entertainment-industry awards events, the release of new headline content featuring the celebrities or whenever there are major personal events affecting these people such as new relationships or relationship breakups. The articles cited that people involved with the Hollywood entertainment scene are more likely to be targeted with fly-by-night malware sites, malvertising attempts and similar skulduggery. but I also would place at risk of this treatment the British Royal Family or past and present popular Presidents of the United States.

What can you do?

  • Make sure your regular or mobile computing device is running the latest version of the operating system and you are using the latest version of the Web browser(s) and other software that you surf the Web with. It may also be a good practice to run an up-to-date version of a desktop / endpoint security program which can scan for flaky links and files.
  • Most importantly, think before you click! When you are searching for information about a particular show, recording or star, get it “from the horse’s mouth” – go to the publisher’s or broadcaster’s site that relates to what you are after. Also visit the online presence of the mastheads that you know and trust when you are after the celebrity or entertainment-industry news. Examples of these would be those magazines available at the supermarket checkout
  • But be careful about anyone offering links to resources that are too good to be true, especially where words like “free” and “exclusive” are bandied around. These sites are the ones that are the malware traps.
  • You may find that using tools like search engines or browser plugins that verify Websites’ reputation may be of assistance when it comes to staying away from flaky Websites.
  • As for online advertising with sites that are suddenly popular, be careful about following through on these links or make sure you are using desktop security software to protect your computer against malware.

Conclusion

You can engage in the digital equivalent of browsing the gossip mags safely as long as you are sure of the resources that you are heading towards and don’t fall for the bait.

Send to Kindle

EU wants to establish a security baseline for Internet Of Things

Article

Netgear DG834G ADSL2 wireless router

The security of network connectivity equipment is now in question thanks to the Krebs On Security DDoS attack

The EU’s latest idea to secure the Internet of Things? Sticky labels | Naked Security Blog

My Comments

The European Commission wants to push forward with a set of minimum standards for data security especially in context with “dedicated-function” devices including the “Internet Of Things” or “Internet Of Everything”. This also includes a simplified consumer-facing product-label system along with a customer-education program very similar to what has taken place in most countries concerning the energy efficiency of the appliances or the nutritional value of the foodstuffs we purchase.

This issue has been driven by a recent cyber attack on the Krebs On Security blog where the “Mirai” botnet was used to overload that security blog, the latest in a string of many attacks that were inflicted against data-security journalist Brian Krebs. But this botnet was hosted not on regular computers that were running malware downloaded from questionable Internet sites, nor was it hosted on Web hosts that were serving small-time Websites running a popular content management system. It was based on poorly-secured “dedicated-function” devices like network-infrastructure devices, video-surveillance devices, printers and “Internet Of Things” devices that had their firmware meddled with.

Nest Learning Thermostat courtesy of Nest Labs

… as could other Internet-Of-Things devices like these room thermostats

There will be issues that concern how we set network-enabled equipment up to operate securely along with the level of software maintenance that takes place for their firmware. A question always raised in this context is the setup or installation procedure that you perform when you first use these devices – whether this should be about a “default-for-security” procedure like requiring an administrator password of sufficient strength to be set before you can use the device.

But I also see another question concerning the “durables” class of equipment like refrigerators, televisions, building security and the like which is expected to be pushed on for a long time, typically past the time that a manufacturer would cease providing support for it. What needs to happen is an approach towards keeping the software maintained such as, perhaps, open-sourcing it or establishing a baseline software for that device.

Manufacturers could be researching ways to implement centralised simplified secure setup for consumer “Internet-Of-Things” devices along with maintaining the software that comes with these devices. This could be also about working on these issues with industry associations so that this kind of management can work industry-wide.

But the certification and distinct labelling requirement could be about enforcing secure-by-design approaches so that customers prefer hardware that has this quality. Similarly, a distinct label could be implemented to show that a device benefits from regular secure software maintenance so that it is protected against newer threats.

It usually just requires something to happen in a significant manner to be a wake-up call regarding computer and data security. But once a standard is worked out, it could answer the question of keeping “dedicated-purpose” computing devices secure.

Send to Kindle

Be careful about USB memory keys left in the letterbox

Articles USB memory keys press picture courtesy of Victoria Police

Police warn of malware-laden USB sticks dropped in letterboxes | The Register

Crims place booby-trapped USB drives in letter boxes | IT News

Don’t plug it in! Scammers post infected USB sticks through letterboxes | Naked Security (Sophos blog)

From the horse’s mouth

Victoria Police

Press Release

My Comments

An issue that is being raised concerning data security is people loading data from USB memory keys that they don’t expect.

This has been used as a way to distribute malware to businessmen at conferences because these thumbdrives, like floppy discs and optical discs, have been accepted as a way to distribute conference content or “electronic brochures” and added to participants’ “show-bags” handed out at these events. The typical method of delivering a malware-laded USB stick was to abandon it at the venue, hotel or “watering-hole” bar and it would inspire people’s curiosity to pick up this memory key, plug it in to their laptop and load up what was on the stick.

Newer iterations of the desktop operating systems i.e. Windows or MacOS have made it hard to allow one to run a program off a USB memory key by default. Similarly, most of the desktop security software would implement removable-media scanning routines to automatically check for malware on a USB stick or other removable media. But there have been some USB thumbdrive variants which have had the firmware altered to run keystroke macros or meddle with network settings.

This situation has now been found to occur in a personal-computing context in some of the outer south-eastern Melbourne suburbs like Pakenham. This was where USB memory keys were left on households’ mail boxes and these thumbdrives were full of malware including fraudulent content-streaming offers. Infact Victoria Police even encouraged Australian householders who received these thumbdrives in their mailbox to contact Crimestoppers Victoria by phoning 1-800-333-000 or using the online form.

But the common security advice to deal with USB memory keys that you didn’t expect to receive is not to insert them in your computer. If you do expect to receive one of these sticks such as them being in a show-bag from a vendor or you receiving conference material on one of them, make sure that you have your operating system and desktop security software patched and updated.

Send to Kindle