InfoSec privacy links October 23, 2014

How to restore privacy - fix macosx

It appears that Apple's Spotlight app, which helps search for various items, on Max OS X Yosemite devices sends your search data to Apple. This website will show you how to disable the features that send this information. I went ahead and disabled everything, because I don't use Spotlight. For more information click here. To open Spotlight, simply swipe down on the home screen.

Bahraini Activists Hacked by Their Government Go After UK Spyware Maker - Kim Zetter - WIRED

Not long after the phantom Facebook messages, Ali discovered spyware on his computer—a powerful government surveillance tool called FinFisher made by the UK firm Gamma International. Human rights groups and technologists have long criticized Gamma International and the Italian firm Hacking Team for selling surveillance technology to repressive regimes, who use the tools to target political dissidents and human rights activists. Both companies say they sell their surveillance software only to law enforcement and intelligence agencies but that they won’t sell their software to every government. Gamma has, in fact, denied selling its tool to Bahrain, which has a long history of imprisoning and torturing political dissidents and human rights activists.

More Crypto Wars II - Bruce Schneier - Schneier on Security

I'm not sure why he believes he can have a technological means of access that somehow only works for people of the correct morality with the proper legal documents, but he seems to believe that's possible. As Jeffrey Vagle and Matt Blaze point out, there's no technical difference between Comey's "front door" and a "back door."

This post first appeared on Exploring Information Security.

InfoSec links September 24, 2014

Data Breach Victims or Enablers? - Bill Brenner - Liquid Matrix

Companies that suffer a breach — Home Depot and Target have been among this year’s biggest poster children — are victims. They don’t set out to put their customers’ data in danger and they probably thought they were practicing all due diligence until they discovered the intrusions. But they probably also mistook their compliance check lists for real security and failed to turn security into a company-wide mindset, and that makes them enablers for the hackers who beat them.

Home Depot ignored security warnings for years employees say - Sean Gallagher - ars technica

Former information technology employees at Home Depot claim that the retailer’s management had been warned for years that its retail systems were vulnerable to attack, according to a report by The New York Times. Resistance to advice on fixing systems reportedly led several members of Home Depot’s computer security team to quit, and one who remained warned friends to use cash when shopping at the retailer’s stores.

Massive Malvertising Network is 9 Times Bigger Than Originally Thought: Cisco - Brian Prince - Security Week

"The “Kyle and Stan” network is a highly sophisticated malvertising network," blogged Armin Pelkmann, threat researcher with Cisco. "It leverages the enormous reach of well placed malicious advertisements on very well known websites in order to potentially reach millions of users. The goal is to infect Windows and Mac users alike with spyware, adware, and browser hijackers."

This post first appeared on Exploring Information Security.

Looking for celebrity nudes could lead to malware

As is the case with any big news, criminals and nefarious types are taking advantage of the celebrity nude photos news to get malware installed on the machines of the unwitting.

Celeb nude photos now being used as bait by Internet criminals - Sean Gallagher - ars technica

Links are being spread among social media sites such as Twitter and Facebook. I imagine they're also being spread on other social media platforms. Just don't do it, unless you're prepared to lose more than just your dignity.

This post first appeared on Exploring Information Security.

Dealing with the ransomware known as CryptoLocker

Ransomware is some pretty nasty stuff and it’s only getting nastier. This particular piece of malware encrypts a person’s drive and then locks it from the user. To unlock it the person must pay, usually by bitcoin, to get access to the freshly encrypted data. Brian Krebs recently called 2014 ‘The Year Extortion Went Mainstream’ and one of the reasons he said that was because of online criminal activities like ransomware. One of the most well known ransomware is called CryptoLocker

There are a couple of ways that ransomware can be combatted:

Take good backups

The backups should be offline. If they’re online then attackers could potentially get access to that device and take it over. Recently, it was found that some Synologys with older firmware versions could be infected with ransomware. Which leads to the next point.

Keep your system up-to-date

This is nothing now and something that has been suggested thousands of times. Still systems are being left unpatched. I know it’s not easy, especially, when there are a lot of other things to do, but one of the easiest ways to keep your system up-to-date is to use a program like Secunia. It does most of the work for you and is fairly user friendly.

Trust your intuition online

Listen to that voice in your head telling you clicking on this link or that link is a bad idea. It’s usually right. If it feels wrong or it’s too good to be true it probably is. I leave it at that, because that’s is something else that gets mentioned a lot in ‘online safety.’

If all else fails, there's an app for that

Recently, Fox IT and FireEye teamed up to offer a free Decrypt service that will get people infected with ransomware their stuff back. I haven’t tried the service, nor do I know how well it works, but both FireEye and Fox IT are legitimate  security companies.

At this point and time, there is not an alternative to getting data back from a ransomware infection. You either need to avoid ransomware altogether, reinstall your operating system and have good backups, or use the FireEye/Fox IT service. If you try the service I would love to hear your experiences with it.

This post first appeared on Exploring Information Security.

InfoSec links July 15, 2014

Pandemiya Emerges As New Malware Alternative To Zeus-Based Variants - Fraud Report - EMC/RSA

This is a breakdown on some new malware called Pandemiya. It’s being offered as an alternative to the widely popular Zeus trojan. The price tag is between $1500-$2000.  

Crooks Seek Revival of 'Gameover Zeus' Botnet - Brian Krebs - Krebs on Security

The previously dead Gameover Zeus botnet is apparently making a comeback. After the initial takedown, the owners of the botnet laid low for a while. Now it appears they’re trying to bring it back. The old botnet is still in lockdown, so this appears to be an effort to rebuild the botnet from the ground up.

Glenn Beck's The Blaze Site Serving Malicious Ads - Pat Belcher - invincea

My care meter for politics:

don’t care |-|---------------------| care

Glenn Beck can be a bit of a hot topic, but it’s his site I want to focus on, The Blaze. It’s been discovered that his site, via advertising, is serving up malware to people that visit the site. The site is not compromised, it’s the ad services that are running on his site. Ad services do not vet the people who submit ads, which makes it easy for nefarious folk to submit ads with malware attached to them. The Blaze, according to the article, is ranked the number two political site on the web, thus making it a target for these kinds of ads. If you see an ad that is of interest you, I would suggest doing a google search instead of clicking the ad.

This post first appeared on Exploring Information Security.

InfoSec links May 27, 2014

Hackers now crave patches, and Microsoft's giving them just what they want - Gregg Keizer - Computer World

Criminals are using Windows 7 patches to try and figure out vulnerabilities in Windows XP.  According to the article, "By conducting before- and after-patch code comparisons, attackers may be able to figure out where a vulnerability lies in Windows 7 -- which will be patched -- then sniff around the same part of XP's code until they discover the bug there." Just another reason to get off Windows XP.

CBS picks up 'CSI: Cyber' with Patricia Arquette - Scott Collins - LA Times

I used to watch a lot of CSI: Las Vegas. After several seasons, though, I realized it was the same episode with slightly different variations. This looks interesting enough that I might just check it out. My expectations for an accuracy and/or entertainment quite low. Still, it could be used to give the masses a small peak into the electronic "battlefield" and might even make for a good jumping off point for infosec professionals to teach the uninitiated.

Meet the Zberp Trojan - Dana Tamir - Security Intelligence

New malware has been discovered. According to Trusteer researchers the new malware combines the Zeus and Carberp Trojans, hence the name Zberp.

This post first appeared on Exploring Information Security.