Computer News & Safety – Harry Waldron Rotating Header Image

April, 2019:

YouTube – Resources for personal legal downloads for offline use

PC Magazine shares resources for creating “personal use” only legal downloads from U-Tube as noted in links below.  One should respect artist rights & all legal copyright considerations when creating MP3 and MP4 formats

https://www.pcmag.com/news/331905/how-to-download-youtube-videos

https://www.pcmag.com/feature/362854/how-to-convert-youtube-videos-to-mp3-files

When the topic of downloading YouTube videos comes up, there’s a side subject that must be broached: Is it legal?  On the copyright front, as long as you’re downloading a video for your own personal offline use, you’re probably okay. It’s more black and white when you consider Google’s terms of service for YouTube, which reads: “You shall not download any Content unless you see a ‘download’ or similar link displayed by YouTube on the Service for that Content.”

After all, watching YouTube videos offline through unofficial channels takes money out of Google’s pocket and the wallets of the video creators. There’s a reason YouTube runs pre-roll ads: people make a living this way. The video below from Video Creators explains it; it references YouTube Red, which is now YouTube Premium, but the legal issues remain the same.

FBI – Targeted Business email compromise top crime for 2018

https://www.eweek.com/security/fbi-email-enterprises-scam

When the FBI released its 2018 Internet Crime Report on April 22, one topic appeared as the very first of the hot topics that should give business leaders reason to pause. There, as the first of the report’s hot topics, was Business Email Compromise. This is a type of scam that’s specifically aimed at businesses or other organizations that depend on employees’ unquestioning obedience to their supervisors.

The way the Business Email Compromise scam works is that the criminals create an email that appears to be real, which then directs someone in the financial departments of the target organization to send a large payment, usually via a wire transfer, to an account owned by the criminals. But as you might expect, there’s a lot more to it than that.

First, the scammers pick out a victim. Normally it’s a company (or sometimes a non-profit) that has a large enough staff that there’s a hierarchy of responsibilities. Beyond that, the size of the business doesn’t necessarily matter, as is demonstrated by the FBI statistics that show businesses of all sizes being targeted.  Once the target organization is selected, the scammers go to work studying the operations and the staff of the company. They will use public information to determine who the senior executives are, what their contact information is and who reports to them. 

Scammers Look for When Execs Travel — Then they will look for information, either public or in emails, to learn the movements of the organization’s senior executives. Then, normally when the CEO is on travel, they strike.  “There’s usually an urgent email from the CEO or CFO asking for an immediate transfer of funds,” explains Colin Bastable, CEO of Lucy Security.

Windows 10 v1903 – requires 32GB minimum disk space

https://www.howtogeek.com/412435/windows-10-now-requires-12-16-gb-more-storage/

Microsoft has raised Windows 10’s minimum storage requirement to 32 GB. Previously, it was either 16 GB or 20 GB. This change affects Windows 10’s upcoming May 2019 Update, also known as version 1903 or 19H1.  These details come from Microsoft’s minimum hardware requirements web page. They were first spotted by Pureinfotech and brought to our attention by Thurrott.

Before this update, 32-bit versions of Windows required a minimum of 16 GB of storage on your device, while 64-bit versions of Windows required 20 GB. Now, both will require 32 GB.  It’s unclear exactly why Microsoft made this change. The May 2019 Update now reserves about 7 GB of your PC’s storage for updates, so it may just take more space in general.

Let’s be honest, though: You always wanted more than 16 GB of space for Windows 10. Microsoft wanted Windows 10, like Windows 8 before it, to function on tablets and lightweight laptops with a small amount of storage. Those lightweight devices often had a compressed operating system and had trouble upgrading to Windows 10.

Chrome – New mobile exploit and phishing attack APR-2019

Researcher James Fisher has found a new Chrome mobile exploit that takes advantage of how the app displays the address bar.

https://jameshfisher.com/2019/04/27/the-inception-bar-a-new-phishing-method/

https://www.engadget.com/2019/04/29/chrome-exploit-uses-a-fake-address-bar-for-phishing-attacks/

In Chrome for mobile, when the user scrolls down, the browser hides the URL bar, and hands the URL bar’s screen space to the web page. Because the user associates this screen space with “trustworthy browser UI”, a phishing site can then use it to pose as a different site, by displaying its own fake URL bar – the inception bar!

This is bad, but it gets worse. Normally, when the user scrolls up, Chrome will re-display the true URL bar. But we can trick Chrome so that it never re-displays the true URL bar! Once Chrome hides the URL bar, we move the entire page content into a “scroll jail” – that is, a new element with overflow:scroll. Then the user thinks they’re scrolling up in the page, but in fact they’re only scrolling up in the scroll jail! Like a dream in Inception, the user believes they’re in their own browser, but they’re actually in a browser within their browser. Here’s a video of the hack in use:

Data Breach – Data exposed on 80 million US households

This exposed demographic data base includes information on addresses, income levels and marital status.  It’s origin is unknown & was discovered as a cloud stored object.

https://www.cnet.com/news/exposed-database-reveals-details-on-80-million-us-households/

In yet another blow to the privacy of consumers, the addresses and demographic details of more than 80 million US households are listed on an unsecured database stored on the cloud, independent security researchers have found.  The details listed include names, ages and genders as well as income levels and marital status. The researchers, led by Noam Rotem, have been unable to identify the owner of the database, which is still online and requires no password to access. Some of the information is coded, like gender, marital status and income level. Names, ages and addresses are not coded.

The data doesn’t include payment information or Social Security numbers. The 80 million households affected make up well over half of the households in the US, according to Statista. “I wouldn’t like my data to be exposed like this,” Rotem said in an interview with CNET. “It should not be there.”  Rotem and his team verified the accuracy of some data in the cache but didn’t download the data in order to minimize the invasion of privacy of those listed, he said.

Windows 10 – Ten Power Tools for advanced users

PC World highlights 10 Power Tools + 10 best Tips/techniques for advanced WIN10 users

https://www.pcworld.com/article/3387950/10-truly-helpful-windows-10-tools-you-might-not-know-about.html

https://www.pcworld.com/article/2875600/windows-10-the-best-tips-tricks-and-tweaks.html

Windows 10 offers many other power tools for enthusiasts—if you know where to find them. Some are older, yet still obscure. Others are relatively new, added during the twice-annual major upgrades Microsoft’s been pushing out since Windows 10 launched nearly four long years ago. But all 10 of these little-used tricks and tools can help hardened PC users save time or eliminate headaches.

If you’re looking for a guide to even more of the operating system’s darker corners after reading this, be sure to check out our roundup of the best Windows 10 tips and tweaks. Most everyone will learn a little something! Microsoft’s been aggressive about rolling out new features for Windows 10, but not necessarily about promoting them. Speaking of which… [ Further reading: Our best Windows 10 tricks, tips and tweaks ]

Table of Contents
1. Timeline
2. Virtual desktops
3. Cloud clipboard
4. Nearby Sharing
5. Storage Sense
6. File History
7. Secret power user menu
8. God Mode (power user settings into a single, easy-to-parse interface)
9. Dynamic lock
10. Windows Reliability Monitor

PENTEST – Corporate research techniques for Service Account Passwords

Tools & techniques are shared for research of Service Account Passwords, in this informative series of SANS Internet Storm Center articles:

https://isc.sans.edu/forums/diary/Pillaging+Passwords+from+Service+Accounts/24886/

In our “pretend pentest” that we’ve been running these last few days, we’ve now got all the domain admins listed, all the service accounts found and listed, and the intersection of those two things – the service accounts that are either local admin or domain admin.

So what’s the obvious next step?  Let’s recover the passwords for those target service accounts!  Because once we have the full credentials, we have admin rights that no SEIM or systems admin will be tracking the use of – these accounts are almost universally ignored, since they login every time those services start (say during a system restart).  So if this is for instance a service account with domain or local admin rights that’s on every server and workstation, you are now “better than domain admin”.  You have all the rights, but no system controls are watching you!

Let’s get on with the job at hand. First of all, credentials for service accounts are stored in the local registry, as what’s called “LSA Secrets” in the registry key HKEY_LOCAL_MACHINE/Security/Policy/Secrets.  Because the service needs to read the actual password to login as the service account, that password is in the registry in clear-text.  Yup, you read that right – this is why service accounts are such a great target.  LSA Secrets are well protected however, you can’t just fire up regedt32 and read them – only the SYSTEM account has rights.  So you need … yes, some powershell!

Security Best Practices – Find and Reduce LOCAL ADMIN accounts

Techniques are shared to find & reign-in LOCAL ADMIN accounts in this informative ISC article:

https://isc.sans.edu/forums/diary/Finding+Local+Administrators+on+a+Domain+Member+Stations/24876/

Local Admin used to be a common thing, back in the early XP days when Windows Security was new.  It was common back then to see everyone’s AD account have local admin on their own machine, so that they could do things like update the clock, install printer drivers, or install games when they took their laptop home.

Sound familiar?  Well, those days are gone (or they should be).  In 99% of cases, you absolutely, positively do NOT need local admin for anything on a domain member computer (especially if it’s not a server) that’s administered by IT staff.  You might need an extra right here or there, but even then, it’s very likely that you don’t.  Windows 10 and even Windows 7 both do a good job without giving folks admin rights.  (We won’t talk about that dark Windows 8 detour that nobody took, but W8 does just as good a job on this score)

What local admin does give you is rights that you shouldn’t have, to perhaps install malware that might then access system files that nobody wants changed.  And if you don’t use LAPS, local admin on one station will likely give you local admin on ALL the stations, which from a malware point of view is as good as domain admin in lots of organizations.  So let’s get on with it – to find local admins across the board, you’ll want something that looks like this:

Security Best Practices – Find and Reduce DOMAIN ADMIN accounts

Techniques are shared to find & reign-in DOMAIN ADMIN accounts in this informative ISC article:

https://isc.sans.edu/forums/diary/Where+have+all+the+Domain+Admins+gone+Rooting+out+Unwanted+Domain+Administrators/24874/

Ever been in an internal security assessment or penetration test, and need to list all domain admins? First of all, why would you need to do that?  All to often, you’ll find that way too many people have domain admins – you know, “just in case” … Examples like:

* developers – who needed local admin on that one server, that one time, but we gave them domain admin and then forgot
* developers, because don’t all devs need domain admin?
* IT VP’s and dev managers, because they used to be admins
* the CEO, because they insisted
* Steve, because Steve needed to update the timezone or install a printer at home, and the helpdesk mistakenly gave Steve domain admin rights for that
You get the idea.

So, aside from the people that are actual members of “Domain Admins”, there are lots of groups that have elevated privileges in a domain, so we’ll need to enumerate all of those too.  And you can put groups into groups, so we’ll have to recurse through that mess to get the full list of users.  This can take quite a while in the GUI, but it’s only a few lines of code in PowerShell:

Malware – Cryptocurrency Mining Attacks decrease after Coinhive shutdown

https://www.pcmag.com/news/368032/cryptocurrency-mining-based-attacks-hitting-browsers-decreas

Cryptocurrency Mining Attacks Hitting Browsers Show Big Drop — The recent shut down of Coinhive has caused Malwarebytes to see far fewer attempts to mine cryptocurrencies over people’s internet browsing sessions. “We went from tens of millions of blocks to an estimated two million per day,’ said a company researcher.  The chances of your internet browser getting hit with a sneaky cryptocurrency miner have apparently tanked.

On Thursday, the antivirus provider Malwarebytes reported that cryptomining-based attacks on consumers have largely become extinct, dropping by 79 percent from a year ago. A big reason why is because a top cryptocurrency miner provider, Coinhive, shut down in early March, it said.  Coinhive’s miner worked via a computer script that anyone could install over a website. If your browser encountered the script, the miner would siphon away your PC’s processing power to generate a virtual currency called Monero. In response, many antivirus providers began blocking Coinhive’s miner from running over web browsers.