Monday, April 28, 2014

FIRST INTERNET EXPLORER AND NOW FLASH


GO TO ADOBE AND PATCH YER FLASH...












This morning I wrote to tell you about another Internet Explorer exploit that is already being exploited, and here I am this afternoon to tell you that there are some critical issues with Adobe's "FLASH" that should have you clicking ADOBE now and upgrading to the latest, patched version [ed. - just remember to un-check the box that installs additional software that you don't need].

While I couldn't pronounce the writers name if given twenty chances, you can read his post on Kaspersky's Blog HERE. Adobe, as you would expect, issued a security advisory which starts off with:

Adobe has released security updates for Adobe Flash Player 13.0.0.182 and earlier versions for Windows, Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh and Adobe Flash Player 11.2.202.350 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.

You can read the full advisory HERE.

Now all we need is to wake up tomorrow to hear about a zero-day JAVA exploit...

'Nuff Said,
Brian

WHAT DID THE FOX SAY? "BE CLANDESTINE"

NEW INTERNET EXPLORER EXPLOIT







A new zero-day [meaning it's already being exploited] flaw in Internet Browsers 6-11 is forcing Microsoft to dash out a fast fix [no, they're NOT that fast], and if you have I.E.8 on XP it won't be patched [ed. - I've said it before and I'll say it again: "FireFox"].

Currently aimed at businesses it can allow the attacker to take over the infected system, view-change-delete files, and more.

Okay, you can finish that early morning yawn now...

'Nuff Said,
Brian

Saturday, April 26, 2014

HAVING GOOD WiFi SECURITY DOESN'T MEAN A THING

IF YOU DON'T PLUG IT INTO THE RIGHT SWITCH






If I don't bring my iPAD into doctor office visits, at the least I have my iPhone - on silent mode of course. Both devices have a variety of network related Apps on them, and one of my favorites is "FING".


Usually the wait to get called from the large waiting room into the smaller room [to wait even more] is fairly long, so if I see what appears to be a wireless GUEST account, I'll connect to it immediately [if not secured], or ask for the password. I haven't run into an unsecured "guest" account in some time - until the other day.


"...and to my amazement I found myself looking at almost 50 devices, including routers, printers, lab equipment, and office computers!"



If you've setup your own router at home then you are probably familiar to a guest account. While it allows friends and family to access your Internet connection while visiting you it keeps a wall between your own in-house WiFi connection/network and the guest account [and if you don't use this feature you should start doing it immediately]. This keeps prying eyes, viruses, worms, and other nasty things from infiltrating your home or business network. Because you don't want any freeloading neighbors using your guest account it should have a password as well. Back to the other day...


Preparing for a potentially long wait at a new doctors office I opened my iPAD and found two strong signals [ed. - I'll call them doctor.local and doctor.guest]. Doctor.local was secured with the little lock image next to the full scale reading, and surprisingly Doctor.guest wasn't even password protected; not that it has to be - I was just surprised. Doing what comes naturally for me to do I opened the FING App, did a network scan, and to my amazement I found myself looking at almost 50 devices, including routers, printers, lab equipment, and office computers!



SAMPLE "FING" DISPLAY, AFTER NETWORK SCAN


Obviously someone goofed somewhere, and when it came time for me to be called into the examination room I waited (again) until the doctor arrived and then explained to her what I found, along with showing the visual FING display which listed all of the devices, IP addresses, names, and MAC addresses. 

It wasn't the kind of information a doctor wants to hear from a patient, but it was alarming enough that she planned to call in their security team right after we were finished.


Everyone that has a wireless network at home, or work, should have an App like FING and periodically scan their network to see what's visible, including possible intruders...


'Nuff Said,
Brian

Monday, April 21, 2014

OLD WORMS DON'T GO AWAY

THEY JUST COME BACK ANOTHER DAY






TALES FROM THE VIRUS CRYPT:

Recently, someone I know ran across an old adversary - the AUTORUN.BI worm. On the radar from 2008-2011 we hadn't seen this on a customers computer for several years now, until last week!

Typically when a computer comes in with viruses a USB flash drive is popped in and various utilities are run. In this particular case my friend put his flash drive into the USB port and opened Windows Explore to view the contents of the drive. In a blink of his eye all of the utilities had changed to shortcuts [rather than actual .exe or .com files] - they were now useless. This is why techs carry a CD with utilities as well as a USB flash drive.

A quick look at the flash drive revealed that it's autorun.inf had been modified by a worm, which corrupted the files on the drive. If that flash drive had been put in another computer it would have infected it as well. Worms are a nasty lot, and here is one description of this worm taken from Microsoft:


Worm:VBS/Autorun.BI is a worm written in VBScript. It spreads by copying itself to the root of every writable drive as "nuevos !!!.hta".

Recovering from recurring infections on a network
The following additional steps may need to be taken to completely remove this threat from an infected network, and to stop infections from recurring from this and other similar types of network-spreading malware:
 
  1. Ensure that an antivirus product is installed on ALL computers connected to the network that can access or host shares.
  2. Ensure that all available network shares are scanned with an up-to-date antivirus product.
  3. Restrict permissions as appropriate for network shares on your network. For more information on simple access control, please see: http://technet.microsoft.com/library/bb456977.aspx.
  4. Remove any unnecessary network shares or mapped drives.
 
Note: Additionally it may be necessary to temporarily change the permission on network shares to read-only until the disinfection process is complete.
 
I colored part of the description in red because it's very important to note that it will copy itself to network shares [yes, your home setup is a network], meaning any drive it can write to, including:
  • Other computers on your home/work wired or wireless network
  • An external backup drive
  • A USB flash drive 
If this was found on one computer, then it's likely to be on others so be alert!
 
'Nuff Said,
Brian 

PC MAGAZINE AND WEBROOT










PC Magazine has a deal on Webroot anti-virus security today [as pictured below] -
















The price seems fairly attractive, but you should shop around before jumping on this deal, found HERE. Amazon sells the first one for about $23, and it covers 3 devices, which, if you have more than one PC makes it a better deal, but perhaps not the "BEST" deal. For instance, Amazon ran the download-only version of the 3-device anti-virus for $9.99 over the weekend [ed. - yep, I bought in at that price].

I haven't "switched teams", but I've heard good things about this product so I'm willing to try it out, especially for under $10. With several computers to test with I'm now running Webroot, Norton 360, Trend Micro, and Avast (Free edition) on each one to see what differences [good or bad] I can see over the next year [ed. - i.e.: look forward to my own thoughts about these at the end of the year].

Once chart shown on the page of the advertisement above was interesting and also validates what I tend to tell customers regarding McAfee being a memory hog. I clipped that chart and you can see it below -
















When choosing anti-virus software it's always a good idea to ask around, read reviews, and make a well informed decision...

'Nuff Said,
Brian

Saturday, April 12, 2014

UPDATE/ADDITION - "HOW TO MAKE A BOOTABLE USB DRIVE"










Bryan Guevara's post on "How To Make a Bootable USB Drive" was one of the most popular "How-to's" and was read by many people. He sent me an update/correction shortly after it was done, and I'm sorry to say it got shuffled out-of-sight due to heavy incoming mail - but here it is:



CORRECTION TO THE SCREEN BELOW:




While YUMI may not directly give you the ISO they will point to where you can go get it. It’s really easy to use and chances are anyone wanting to use a Multiboot Flash Drive would already know where to get it.


I would also like to make a suggestion for utilities that are handy for not only us techs but your everyday Joe as well. It’s called HWInfo (Hardware Info). It is a great little utility that comes especially in handy when I was in the shop (and even still in the field) where I can’t figure out the Model of a motherboard for hunting drivers or a video card I pop this utility and gives you detailed information from OS info to even what kind of RAM is in your PC. It lists detailed information about hard drives, BUS, DIMM Slots, how many cores  your processor has, what speed they are running, etc.
They have a 32 bit and 64bit in versions you can run from a flash drive for when on the go or if you permanently want it installed on your pc. http://www.hwinfo.com/



























 










Thank for the added info Bryan!

'Nuff Said,
Brian

Friday, April 11, 2014

HEARTBLEED MAY CAUSE RATS IN LABORATORY HUMANS...

RUBBISH...








I'm not downplaying the significance of this threat, and while that was a huge exaggeration [ed. - we all know cellphones cause that right? 'Nuff said], expect strange claims about the "Heartbleed Bug" to surface from news outlets vying for attention by upping viewer stress with salacious reporting designed to make you "Tune in at 10pm" for the latest update.

I've received e-mails and phone calls asking the same question: "What can we do to fix this?". While security experts discover the same flaw from cellphone apps to firewalls to your online bank, it boils down to the same thing that was said on day one: 

"Check the website, and IF it shows "ok", or they have patched their servers - change your passwords. BUT ONLY THEN".  

[If you have an affected app or network appliance, all you can do is wait for the vendor to come out with a patch].

There are plenty of places to check websites individually [I put one in a previous post and two below], with links to articles which had other links to search for affected websites] and developers are already coming out with more automatic search utilities as well as browser plugins like "Chromebleed", which, when installed in your Chrome browser will alert you that the site you are on is not safe.

Finally, here are links to some websites that let you plug in a domain name to check the security status -

LastPass - HERE
Qualsys - HERE 

Unless there is some mind-bending news that arises in the future, I think I've spent enough time writing about it without fueling the flames. And yet, a the thought just occurred to me that this would be the perfect time to introduce a huge new malware attack while everyone's eyes are looking at "Heartbleed". 

If I thought about it, you can bet the bad guys have. So keep one eye on "Heartbleed" but don't take the other eye off the ball...



'Nuff Said,
Brian