Security Protection – Harry Waldron (WP) Rotating Header Image

Uncategorized

Heartbleed – Arrest made in Canada for hacking tax agency records

This is likely someone capitalizing on use of the exploit itself (not original developer)

http://money.cnn.com/2014/04/16/technology/security/canada-heartbleed/index.html

QUOTE: Canadian mounties have arrested a teenager who, they say, used the Heartbleed Internet bug to hack into the country’s tax agency. Shortly after the Internet bug was revealed to the world last week, the Canada Revenue Agency suffered a data breach that leaked the Social Insurance Numbers of about 900 taxpayers. The agency was forced to shut down its website temporarily to prevent further theft of sensitive personal information. On Wednesday, the Royal Canadian Mounted Police said it arrested 19-year-old Stephen Arthuro Solis-Reyes at his London, Ontario home a day earlier. During the police raid, agents seized computer equipment as evidence. Solis-Reyes now faces two counts of computer-related crimes.  The arrest appears to be the first related to the Heartbleed bug since it was discovered last week.

HeartBleed – List of Major sites where passwords should be changed

A “zero day” attack for this Open SSL flaw has been undetected for two or more years.  The changing of static passwords at least annually is always a beneficial best practice. Some of the MAJOR impacted sites are listed below:

IMPACTED SITES YOU SHOULD SHOULD CHANGE PASSWORDS FOR: Yahoo, Flickr, Tumblr, Blogger/Blogspot, Dropbox, Facebook, Electronic Frontier Foundation, Etsy, Google, Imgur, Instagram, Netflix, Pinterest, Stack Overflow, Twitter, Wikipedia, Woot, WordPress.com/Wordpress.org and YouTube

SITES WITH STRONGER SECURITY AND NOT LIKELY IMPACTED INCLUDE: Amazon, AOL, Apple, Ask.com, Bank of America, Bing, Buzzfeed, Capital One, Chase, CNET, Craigslist, eBay, ESPN, Evernote, GoDaddy, Hotmail, HSBC, Huffington Post, Intuit, LinkedIn, Live.com, Microsoft, Newegg, The New York Times, PayPal, Reddit, Salesforce, Target, TD Bank, Walmart, Wells Fargo and Zillow.

MAJOR SITES INITIALLY IMPACTED (While most sites have been fixed – if it was on initial list as vulnerable Passwords should be revised) https://github.com/musalbas/heartbleed-masstest/blob/master/top10000.txt

SITE TESTING LINK (many sites with special security controls may not allow test to work) http://filippo.io/Heartbleed/

GOOD CONSOLIDATION OF IMPACTS & GUIDELINES http://www.tomsguide.com/us/heartbleed-bug-to-do-list,news-18588.html

Malware – HEARTBLEED Open SSL vulnerability

 

The ISC has escalated to rare YELLOW ALERT status and it is important for administrators to patch expediently and for users to change passwords for email, banking, and other sites that may have been affected.

https://isc.sans.edu/forums/diary/+Patch+Now+OpenSSL+Heartbleed+Vulnerability/17921

http://www.f-secure.com/weblog/archives/00002694.html

http://www.komando.com/blog/247387/super-bug-exposes-your-information-on-tons-of-websites

http://heartbleed.com/

QUOTE: The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).  The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

Malwarebytes v2.0 – Documentation and additional resources

Additional information shared by fellow security professionals is noted below on how to use the product and the new features effectively:

The online guide is available here:

http://www.malwarebytes.org/support/guides/mbam/

PDF version available here:

http://static-cdn.malwarebytes.org/assets/userguides/2014-03-10/MalwarebytesAntiMalwareUserGuide.pdf

Quick Scan –> Threat Scan — Threat Scan is the primary scan to choose because in almost all cases it catches all malware that a “Full Scan” would in less time. It scans for threats in all of the locations that malware likes to hide on your system, and ignoring places that it doesn’t.  Generally, all that is needed is a Threat Scan.

Flash Scan –> Hyper Scan — (Only available with Malwarebytes Premium)  This was renamed because with the word “flash”, it can be implied that this scan will search flash memory devices such as flash drives/thumbsticks, which it does not. This type of scan primarily searches for malicious processes that are currently running in memory. Because it takes less time to perform than a Threat Scan, it was renamed “Hyper Scan” to avoid the confusion with “flash”.

Full Scan –> Custom Scan — A custom scan can be used to perform a full scan, that is, scanning every file and folder on every drive connected to the system. However, that’s not its only function.  A few specific directories can be selected as well instead of simply scanning everything.

For any issues with Malwarebytes Anti-Malware 2.0 the development team recommend you start a new topic and report them here:

https://forums.malwarebytes.org/index.php?showforum=41

Hardware – Advantages and Disadvantages of physically shutting down PC

Interesting & updated article below from Kim Komando on pros/cons of physically powering off desktops or laptops when not in use.  I usually have always done that without major issues. One key advantage is that Windows Updates are often installed during the power off process. Also, when there is a potential for T-Storms everything gets physically unplugged including DSL.  Conversely, there are benefits in performing overnight defrags, AV scans, or other maintenance functions.  Leaving a system on/off is more a usage consideration than one which saves equipment these days.

http://www.komando.com/tips/11929/should-you-shut-down-your-computer-at-night

QUOTE: For decades, the debate has raged over whether you should leave your computer on every single second or give it regular rest. Both sides believe their way is better for a computer’s life. The shut-it-down crowd believes that leaving it on and working will wear out components faster and shorten your computer’s life.  The leave-it-on crew believes that repeated shutdowns and startups will wear out components faster and shorten your computer’s life. In other words, they’re worried about the same thing for completely opposite reasons. So, who is right, and what does it mean for you?

Malwarebytes v2.0 – FAQs and Press announcement

More details on this great new product release:

http://blog.malwarebytes.org/news/2014/03/malwarebytes-anti-malware-2-0/

QUOTE: We have also built in and improved our Anti-Rootkit and Chameleon self-protection technologies, which have been in beta for the past year. Additionally, we’ve rewritten Malicious Website Blocking and improved native x64 support.  Most importantly, our detection and removal engine was significantly improved under the hood and kicks even more malware butt!  With the launch of 2.0, we’ll also be moving to a subscription licensing model, $24.95 per year. As more and more people have come to rely on us for malware protection and cleanup, our costs in bandwidth, hosting fees, infrastructure, salaries of our researchers, QA department and more have grown immensely. Though our company is about more than just making money, we are a company and we do have to make money to pay our staff to continue doing what they love, which is fighting malware.

ADDITIONAL LINKS

http://securitywatch.pcmag.com/security-software/322084-malwarebytes-2-0-still-tough-on-malware-now-with-a-pretty-face

http://www.pcmag.com/article2/0,2817,2455505,00.asp

Microsoft – System Development Lifecycle story to implement TWC

An excellent historical recap of how security was strategically integrated into Microsoft’s development process.

http://www.microsoft.com/security/sdl/story/

QUOTE: Across thousands of developers and millions of lines of code, one company learns to build secure software in an increasingly insecure world.  It was 2 a.m. on Saturday, July 13, 2001, when Microsoft’s then head of security response, Steve Lipner, awoke to a call from cybersecurity specialist Russ Cooper. Lipner was told a nasty piece of malware called “Code Red” was spreading at an astonishing rate. Code Red was a worm — a malicious computer program that spreads quickly by copying itself to other computers across the Internet. And it was vicious. At the time, ABC News reported that, in just two weeks, more than 300,000 computers around the world were infected with Code Red — including some at the U.S. Department of Defense and Department of Justice.

Mobile Security – Marble Labs Study of applications with high risk

Communications and social media application plug-ins may create greatest risk of privacy and security according to excellent study performed by Marble Labs during Q1 2014.

http://www.marblesecurity.com/wp-content/uploads/2014/03/Marble-Mobile-App-Threat-Report-March_2014_0317.pdf

http://securitywatch.pcmag.com/none/321703-the-10-riskiest-mobile-app-types

QUOTE: Communication apps topped the list; over ten percent of them got tagged as risky. Social media apps came next, around nine percent risky. Somewhat to my surprise, the “news and magazines” category was third, with a bit over eight percent risky apps. Safest of all, according to this study, were game apps, with less than one percent of them identified as risky. The full report points out that consumers may well accept risk levels that businesses wouldn’t. Data leakage in particular is more of a business problem. It concludes, “Companies should monitor or restrict use of these apps on devices that connect to corporate networks, data or online cloud services. Risk-based restrictions are more important than ever, given the ever-growing number of apps and the increased use of mobile devices in the enterprise.”

Malware – Fake TOR Browser circulating to Apple users

A Fake TOR Browser touted to improve security is circulating to Apple users.  As article reflects it will infect vulnerable systems with adware and other malicious agents.

http://securitywatch.pcmag.com/apple-ios-iphone-ipad-ipod/321803-fake-tor-browser-app-for-ios-full-of-adware-spyware

QUOTE: Concerned about online tracking and eavesdropping? Considering TOR? If so, don’t download the iOS app for the Tor Browser from Apple’s App Store. It appears the Tor Browser app for iOS devices is fake, and “full of adware and spyware,” according to a support ticket opened two months ago by “Phobos,” a volunteer with the Tor Project. “Tor Browser in the Apple App Store is fake,” Phobos wrote on the ticket, adding, “We should have it removed.”  It appears from the ticket that Tor Project officials notified Apple of the fake app in December, and Apple said it would give the developer a chance to defend the app. Even though other users have filed complaints, the app remains available on the App Store, and other Tor users and volunteers have expressed their frustrations on the ticket and elsewhere online.

AV TEST – Windows 7 x64 – FEB 2014 review

New Chinese AV Vendor QIHoo, Kaspersky, and Bitdefender recorded perfect scores in latest tests for Windows 7 64 bit O/S as noted in review AV-TEST review.

http://securitywatch.pcmag.com/security-software/321857-chinese-antivirus-qihoo-360-earns-top-score-in-independent-test

http://www.av-test.org/en/tests/home-user/windows-7/janfeb-2014/

QUOTE: Chinese Antivirus Qihoo 360 Earns Top Score in Independent Test. Last time around, Qihoo earned 5.5 points in each category, for a total of 16.5. This time it took a perfect six of six points for protection, and usability, raising that score to 17.5 of a possible 18. Bitdefender and Kaspersky tied that score. McAfee, Norton, and Trend Micro came very close, with 17 points each.