Category: Data security

Article

Chrome update to raise alarms over deceptive download bundles | The Register

From the horse’s mouth

Google

That’s not the download you’re looking for …. – Blog post

My Comments

I have helped a few people out with removing browser toolbars and other software from their computers that they didn’t necessarily invite in the first place. What typically happens is that a person looks for software to do a particular task such as a lightweight game, native front-end for an online service, video-codec pack, an “essential” CD-burning tool or an open-source Web browser, but they work through a very confusing install procedure that has them invite software like TubeDimmer to their computers if they aren’t careful.

A lot of this unwanted software ruins the browsing experience by “cluttering” the screen with extra advertisements and data or redirects genuine links to advertising sites hawking questionable products. As well, they are more likely to “bog” the computer down by stealing processor time and RAM memory space.

Mozilla has become aware of the problem with Firefox courtesy of their bug-reporting mechanism and found that it wasn’t about proper software bugs but improper bundling practices. They had found that these bundles were infringing their copyrights and trademarks that they had with the software, especially the open-source concept.

Google has answered this problem at the search phase of the operation by identifying whether a download site is paying to advertise courtesy of its Adwords keyword-driven advertising service and provided a way to highlight that the software is not the official software site. This is typically because a download site may bundle multiple programs in to the install package rather than just having the program you are after.

They are even going to “expose” the detection software to Mozilla and others to allow them to integrate the detection functionality in their “regular-computer” browsers or desktop-security software by virtue of their Safe Browsing application-programming interface.

This may be a step in the right direction towards dealing with “loaded downloads” but desktop security programs could work further by identifying installation packages that have more than what is bargained for.

Article

The danger of using PCs in hotel business centres | HOT For Security

Data thieves want to track what you type at hotel business centers | Engadget

My Comments

A very common part of the Internet landscape is the availability of public-access computers that are connected to the Internet. These were made available in schools, universities and libraries but then ended up as being part of cafes, bars and the like, including hotel business centres.

But there had to be a level of control over what software ended up on these computers so that they don’t become a conduit for mailware. Even before the Internet, there was the issue of people bringing in software on floppy disks and these were known to be a conduit for viruses. For example, the computer systems that I used at the TAFE college where I studied my computer course were connected to a network but these were set up to boot from the network where the IT department had control over the software that was made available. In some cases, the boot sequence required the computer’s local hard disk to be “swept clean” of data and the locally-required software image to be reinstalled on that hard disk.

A common reality with public-access computers nowadays is that they operate all the time the business is open, surviving the day without being rebooted. In some cases, it becomes feasible to install software on them thus allowing any “Tom, Dick and Harry” to install software off removeable media or the Internet. As well, there is a culture amongst a lot of organisations who run these computers where no-one cares about what goes on with them, usually due to technically-inept or overworked customer-service staff or IT support staff who are distant from the venues.

This has lead to situations like keylogger malware being planted on these machines because users enter personally-identifiable information in to these computers to complete transactions or communicate with others.

What can we do

If you can, use your own computer equipment to perform your sensitive communications or transactions. If you have to use a public-access computer, make sure that the machine you intend to use implements a “wipe-clean-and-install” arrangement where the local hard disks are “wiped clean” and the software reinstated from a known image after every usage session.

What venues can do

Encourage the staff to keep an eye on the public-access computers and respond to issues that the users may have with the systems. As well, they keep an eye out for any physical tampering with these systems such as installation of hardware keyloggers or similar devices.

Another issue worth considering is deploying system-management software that can either restore from a known disk image when the computer is restarted (Faronics DeepFreeze), lock down the computer (Anfibia Deskman) or provide a simple “Web kiosk” environment (Webconverger). These can limit the effect that malware can have on the public-access computers.

At least, they could keep the computers running operating systems, application software and desktop-security software that is kept updated with the latest security patches. In a lot of cases, the software could be set up with “blind updating” where the updates are downloaded and installed automatically. As well, making sure that the computers are restarted on a regular basis to be sure of updates being properly installed and can increase the effectiveness of “wipe-clean” system management software.

General comments

Personally I see the public-access computers becoming the Internet equivalent of the public pay phone – something that we are making less use of and people who use these devices regularly are seen as social pariahs. This is although they become a stop-gap measure for computing tasks when we deal with laptops or smartphones that are out of battery for example.

It may come to a point where a USB charging device offered by a stranger may be treated with distrust

I have seen some recent press coverage generated especially by the security-software industry about the concept of USB-based charging devices stealing data from smartphones and tablets that normally charge from these devices. This issue was brought to public attention at the start of the World Cup 2014 where the fear that an increased number of travellers pouring in to Brazil for the soccer may be a breeding ground for threats to the safety of personal and business data kept on mobile devices owned by these visitors.

The devices that are being considered of concern are “walk-up” charging facilities installed in commonly-accessible places or made available for everyone to use. The concern was brought about with a laboratory experiment involving a small “homebrew” computer circuit connected to an iPhone running iOS 6 and this computer discovering the data on that device. They said that this device could be concealed in a box the size of a “wall-wart” or built in physically or logically to a “walk-up” charging facility. Here, the device could gain access to your data on an iPhone or iPad running iOS 6 or earlier because those earlier iterations of the iOS operating system don’t indicate in a user-facing manner what kind of host device you are connecting your mobile device to.

USB symbol that indicates that your Android device is connected to a computer device

Android user are luckier because all of the iterations of that operating system indicate whether your mobile device is being plugged in to a computer device rather than a power-supply device and tell you how they are presenting themselves to the host device i.e. a “Media Transport Protocol” device, a “Picture Transport Protocol” device or a “Mass Storage” device.  You have the ability to determine how your device presents itself by tapping on the “Connected as” message in the Notification Screen which will show the possible modes. As well, you will see the USB trident symbol in the Notification Bar at all times while the connection is active.

The “Media Transport Protocol” mode primarily exists to allow the host access to the media content on your device and may be exploited by entertainment setups like home AV devices, in-vehicle infotainment setups and airline in-flight entertainment screens for playback via the device’s screen and speakers or headphones. On the other hand, the “Picture Transport Protocol” mode allows access to the pictures and videos in the default folders on your device and is exploited by PictBridge-capable printers and printing kiosks for “walk-up” printing of digital pictures. As well, the “Mass Storage” device mode presents your device to the host as a USB “memory key”.

USB device type notification on Android

iOS users can protect themselves by bringing their iPhones, iPads and iPod Touches up to date with the latest version of that operating system. Here, iOS 7 and newer versions will pop up a dialog box asking whether the user trusts the computer device that they are plugging in to and if they don’t assent, the Apple connection port just becomes a power-and-audio port rather than a power-audio-data port.

Device types supported on your Android device

Other suggestions to deal with this issue include properly shutting down your mobile device when letting it charge up at a public charging facility or someone else’s computer, or charging it from an AC charger or external battery pack that you own and bring with you. Even ideas like being frugal with the way you use your mobile gadgets in order to “spin out” their battery runtime like cutting back on multimedia or gaming, or turning off functions like Wi-Fi and Bluetooth unless you actually are using them have been put forward.

New iOS 7 dialog box that identifies if the other device is a computing device

The main issue here is keeping your mobile devices on the latest version of their operating system and paying attention to situations where your mobile device identifies that what is ostensibly a charging device is infact a computer device and the host device doesn’t come clear on its functionality.

Personally, it could become the time for the USB specification and other host-peripheral connection specifications to be revised to factor in “privilege levels” and trust ecosystems when it comes to device connectivity. This could mean that a connection may only be a “battery charging / power delivery” connection unless a level of trust is established between both devices as regards their functionality and it could even just lead to a removal of the “plug-and-play” features of these systems.

Article – From the horse’s mouth

Barclays Bank

Special offer for Barclays Bank online customers

My Comments

In 2009, I had reviewed a copy of Kaspersky Internet security and had found that it was the start of things to come for a capable desktop-security program. Then I had read some comparisons of various desktop security programs and found that this same program was doing its job without trading off performance unlike the Norton software where I have heard complaints about sluggish performance. Lately, I have even recommended this program as a desktop-security solution for people who have asked me about their home-computer security needs.

Barclays, a well-known UK bank who had been the victim of a “distraction-burglary” hacking scam, has now offered a partnership deal with their online-banking customers by offering free copies of this software. This also applies to those of us who have continued a subscription with Kaspersky for the software and the subscription is up for renewal.

What I like of this is that Barclays have led the field by a partnership with a desktop security software vendor to protect their customers from the varying forms of malware that can compromise the sanctity of their customer’s banking and personal data.

Article (French language / Langue Française)

VeraCrypt, une alternative française à TrueCrypt | Le Monde Informatique

From the horse’s mouth

Idrix

VeraCrypt product page

My Comments

TrueCrypt is a source-available encryption engine used primarily in Windows 7 and 8 as part of the BitLocker volume encryption function that the operating systems offer. Lately, further maintenance of this encryption engine had ceased with accusations of the likes of NSA putting pressure on the developers to cease maintaining it.

A few other third-party encryption engines have surfaced from Europe such as the VeraCrypt engine from France and a fork of this engine constructed in Switzerland. This is in response to Europeans having a distrust for “big government” having access to personal data due to being burnt by the Hitler, Mussolini and Franco regimes in the West and the Communist governments in Russia and the East.

Idrix has worked on the French VeraCrypt project which is pitched as being easy to use for small business, non-profit organisations and individual users. Like all encryption software, it doesn’t support the ability to “trans-crypt” i.e. convert an encrypted volume over to another encryption mechanism.

It will be initially issued for the Windows regular-computer platform but a port is being expected soon for the MacOS X (Apple Macintosh) and Linux platforms. As well, it is being made available for free and as open-source software.

But what I see of this is an attempt for European companies to “break through” the US stranglehold that can accompany the computer software scene and for European culture and norms to be respected in this field.

Articles

IT-focused News

FBI Issues Wanted Posters For Five Chinese Army Officers | Gizmodo

DOJ’s charges against China reframe security, surveillance debate | PC World

US authorities name five Chinese military hackers wanted for espionage | The Register (UK)

General News

US Charges China With Cyber-Spying On American Firms | NBC News

Previous coverage on this topic

Symantec Symposium 2012 – My Observations From This Event

The issue of cybercrime now reaches the national level

My Comments

I have heard and will cite previous coverage about the issue of nation states engaging in cyber espionage against other nation states and businesses within these other nation states. For example, I attended the Symantec Symposium in 2012 and listened to the keynote speech by a guest speaker from the Australian Federal Police and he mentioned about organised crime and nation states engaging in the cyber-espionage or sabotage. He even said that it isn’t just servers or regular computers that were at risk but mobile devices like smartphones, point-of-sale / point-of-payment equipment and other dedicated-purpose computing devices being also at risk.

Subsequently, I watched the ABC Four Corners “Hacked” broadcast which covered the issue of cybercrime reaching a national level. This telecast covered key points including a small business who manufactured electronic equipment for defence purposes that fell victim to a Chinese cyber attack along with the theft of blueprints for ASIO’s new offices,

The recent indictment of Chinese military officers by the US government, along with FBI serving “wanted notices” on these officers has underscored the issue of nation states being involved in cyber espionage. It highlights the theft of intellectual property that private companies or government departments hold close to their heart for economic or strategic advantage.

It was even looked at in the context of the National Security Authority debate regarding cyber surveillance by that government department of Uncle Sam’s especially when there was the leaks that were put out by Edward Snowden, The US President Barack Obama even wanted to establish a global discussion regarding the cyber hacking and surveillance.

It got to the point where Mark Zwillinger, the Department Of Justice lawyer ran this line:The only computers these days that are safe from Chinese government hackers are computers that are turned off, unplugged, and thrown in the back seat of your car. Personally I would take this further by saying that the only computers these days safe from the Chinese government hackers are those that are turned off fully, unplugged and securely locked in the boot (trunk) of a sedan (saloon) or similar car.

As well, it would have us “wake up and smell the bacon” when it comes to nation states, especially those that don’t respect human rights, engaging in cyber warfare.

Article

Apple users: Try these five tips for better Mac security | Naked Security

My Comments

Just lately, I have heard over the dinner table that a few Apple Macintosh computer users have been facing issues with malware and other software with questionable behaviour. Some of these attacks were mainly “overlay attacks” that worked with the user’s Web experience.

What previously used to happen was that Windows computers were the target for viruses, worms, Trojans and similar malware due to them having a stronger installed base compared to the Apple Macintosh platform. This caused some people to switch to the Apple Macintosh platform because of less malware threats occurring on that platform.

But even in 1989 when I was made aware of the virus issue, the awareness about viruses and similar malware was targeted across all personal-computing platforms that were in operation through that year i.e. the MS-DOS-based IBM PC, the Macintosh, the Commodore Amiga and the Apple II amongst others. At that time, there was awareness about keeping a “clean” system and keeping control over how you shared your files.

Similarly, we started to see the arrival of signature-driven anti-virus programs that could scan hard disks or removable “floppy disks” for viruses. Some of these initially scanned the boot sector but moved towards checking files for these viruses. They became a very important part of every computer user’s software toolkit as the virus activity increased. But through the 1990s as the Internet came on the scene, the malware activity was more focused on the MS-DOS / Windows platform with Apple Macintosh users not having as much of that activity. At that time, the MS-DOS / Windows platform was effectively the computing platform for most personal and business computing applications including gaming with the Macintosh being used by creative types due to its inherent prowess with multimedia.

This lead to a sense of complacency concerning secure computing for the Macintosh platform on both Apple’s and their users’ part. Microsoft took proper steps in updating and patching the Windows computing platform since 2001 with the arrival of Windows XP and hardening that platform with the arrival of Windows Vista and 7. Similarly, Windows users jumped over to the Macintosh platform for their home computing because they saw Windows as being slow and virus-ridden; and also due to the arrival of Apple’s iPod and iPhone products.

Lately, the Apple Macintosh has become the target for various malware campaigns including “write-once run-anyone” attacks based on Adobe Flash and Java software platforms. This is due to the increased new-found popularity that the Macintosh has acquired and, in another context, activities involving the Internet, networks or removeable media are still being seen as vectors where the Mac can share Windows-targeted malware.

Upgrade to Mavericks if you can

To stay secure, Apple Macintosh users need to upgrade to the 10.9.2 Mavericks version of MacOS X, with this version being equipped with various security improvements in a similar way to what Microsoft did with Windows 7. This can be done with newer Macintosh computers and for free with Macs running Lion or Mountain Lion versions.

Keep the operating system and software up-to-date

As well, as part of proper computer housekeeping, it is important to keep the Mac “lock-step” with the latest operating-system updates. Here, you can use the Apple-Menu / System Preferences / App Store option to have the Mac check for and download the updates from Apple by itself; or go to the Apple-Menu / Software Update menu to cause it to check for updates. The latter option can be of use with a MacBook that is used “on-the-road” and you are able to check in at a Wi-Fi hotspot or other Wi-Fi network.

Similarly, keep Adobe Flash and Oracle Java up-to-date by using options in the Apple-Menu / System Preferences menu to check for automatic or manual updating for these programs. If any other “write-once run-anywhere” software-development platforms show up on the Macintosh platform, treat these like you would with Adobe Flash – they can become a path for distributing malware that “hits across all platforms”.

This also applies to the application software and utilities you also run on your Mac and, here, you go to whatever software-option menu there is to check for software updates or cause automatic software updating to occur.

Don’t enable Java if you don’t need it.

As for Java which appeals as a “write once run anywhere” coding system, don’t enable it unless you are intending to run a known trusted program that uses this language or are developing Java software. OS X Mavericks comes with this deactivated by default but you can deactivate this in your Web-browser option menus.

Take advantage of full-disk encryption if you have confidential data

Another practice you could use for all computer platforms is to take advantage of full-disk encryption. Most operating systems provide this as a function that you can use with MacOS X providing it “across the board” for recent iterations in the form of FileVault. Similarly, a commercial or open-source third-party full-disk-encryption tool can do the job better than what the operating system provides.

These tools encrypt and decrypt on an “on-the-fly” basis and mainly protect the local volumes on the computer with some business-tier USB memory keys providing a similar full-disk encryption for their own volumes.

Use a good anti-malware or desktop security program for the Macintosh

Check for and use a good anti-malware program for the Mac platform like Kaspersky, Sophos, AVG or ClamXav . As well, keep the anti-malware program that you run on automatic update in order to keep them ahead of the malware game.

It is also worth noting that the good programs in this field can also keep the Macintosh from being a conduit for spreading Windows-based malware around the Windows platform. This is whether the files are passed through email, message-based file transfers, network-hosted / Internet-hosted file sharing points or removeable media.

Another sign of a good anti-malware program is the ability for it to scan your computer’s primary storage (RAM and paging files) to protect against malware that works on data being held in this space. This is because most data normially encrypted on a secondary storage or in transit is kept “in the clear” in the RAM and is vulnerable to RAM-scraping malware.

Keep stock of what is installed on your Mac

Another way malware gets on to computers is when you load software “in a hurry”. Typically what can happen with some freeware tools is that they can “push” browser extensions and toolbars or utilities of doubtful provenance on to a computer. This can lead to it underperforming or malware creeping in and taking over the system.

If you download from the Mac App Store or similar download locations, check for the app’s reputation by looking at comments, star-ratings and the like. This is something I have raised previously in relation to app stores for mobile-computing platforms along with the newer App stores that are opening up for regular computers and dedicated-purpose devices.

With your browsers and other applications, keep tabs on what plugins, extensions, toolbars and other add-on modules are running and if you notice something being awry about the module since you installed, don’t hesitate to remove it. A good article on this topic concerning uninstalling applications on the Mac is this one on MacRumors.com which highlights that dragging an application bundle to the Trash may not be the only method available.

Conclusion

The main issue here is that the Apple Macintosh is a computing platform vulnerable to malware and will become more so as it be becomes more popular as a mainstream computing platform. So you would need to continue with proper computer-housekeeping practices to keep your Mac from these threats.