Summing it up...

Here we are, finals week. This will be my last post for this class.

Over the last 10 weeks I have posted on many things but the overall theme seems to be regarding security flaws and malware attacks, including DDoS. For the most part, I chose topics that have or could easily affect myself or my friends. I did this because it is easier to write about what you know and I needed all the help I could get since I despise blogging/writing.

To find my topics I used several InfoSec news sites including Ars Technica, C|net, and ZDnet. For the most part I would look at the SANS ISC InfoSec News Feed and see if a headline caught my eye. I would then read the article and blog my opinion about it. I would usually insert some snark as well. There can never be too much snark.

Overall I am not sure if something like this blog would be useful to others. Maybe if the blogger was someone that is actively working in the industry and can report about specific cases and tips/tricks. But for me it would be just as easy to read the articles. If you are interested in creating your own blog I can only suggest to choose what you enjoy. If that means to focus solely on malware attacks, so be it. Just find what you are comfortable with and let the words flow. I let me dislike for what I was doing make this way more of a chore than it needed to be.

How to scare a gamer to death...

TeslaCrypt...that one word can scare gamers and mediaphiles to death. A relatively new threat, seen first in late February, is ransomware and can encrypt a large amount of file types, including those associated with popular video games. The malware is distributed through a compromised WordPress website setup to redirect visitors to a page hosting the Angler exploit kit.

Once it infects a system, the malware informs victims that their photos, videos and documents have been encrypted. Unlike other ransomware, TeslaCrypt also encrypts files associated with video games, including Call of Duty, Diablo, Fallout, Minecraft, Warcraft, F.E.A.R, Assassin’s Creed, Resident Evil, World of Warcraft, League of Legends, and World of Tanks.

In addition to profile data, saved games, mods, and maps, the ransomware encrypts files associated with Steam and game development software such as Unity3D, Unreal Engine, and RPG Maker. The malware targets a total of 185 file extensions, including iTunes-related files.

To be free of this victims are given a "free decryption" button. When the button is clicked users are taken to a site where they can pay 1.5 Bitcoin (about $415) or pay $1,000 through PayPal.

“Bitcoin is the preferred method of payment as it is a untraceable secure method of receiving payment from you so they give you a better price of only $415. If you wish to use payment systems like PayPal My Cash Card, then the price increases to $1000 (this is because they lose a percentage through the middleman). The choice is very clear that they want the hefty discount to sway you into using bitcoin as payment,” Webroot researchers wrote.

Overall a crappy situation. Watch  what you click on folks!

10 years later...

A security flaw has been discovered that is 10 years old that can leave users vulnerable to attack via Apple's Safari or Androids browsers. Apple is working on a fix and Android is as well but the fix has to be sent out to users via their wireless providers so who know if/when they will ever receive it.

Researchers said there was no evidence hackers had exploited the vulnerability, which they blamed on a former US policy that banned US companies from exporting the strongest encryption standards available, according to the newspaper. The restrictions were lifted in the late 1990s, but the weaker standards were already part of software used widely around the world, including the web browsers.

One would think that if this was known about 10 years ago, it would have been in the queue to fix as soon as they could...not in 2015.

 Researchers have been alerting affected government and commercial websites for a few weeks in hopes of taking corrected measures before the vulnerability was publicized, the newspaper reported. Whitehouse.gov and FBI.gov have been repaired, but NSA.gov remains vulnerable, researchers told the newspaper.

Just wanted to make sure y'all saw the last part...the NSA website remains vulnerable...LOL! How's that for a backdoor you turds.

Morse code, really?

In super happy awesome news, the FCC announced that Net Neutrality has won! Well until the dirty stinking paid-off-by-Comcast-Congress gets a hold of it...

In a very partisan vote, 3-2 democrats over republicans, the vote passed and the new rules mean that companies cannot discriminate against traffic (except for exceptions for reasonable network management.)

The core net neutrality provisions are bans on blocking and throttling traffic, a ban on paid prioritization, and a requirement to disclose network management practices. Broadband providers will not be allowed to block or degrade access to legal content, applications, services, and non-harmful devices or favor some traffic over others in exchange for payment. There are exceptions for "reasonable network management" and certain data services that don't use the "public Internet." Those include heart monitoring services and the Voice over Internet Protocol services offered by home Internet providers.

This is huge because it protects consumers from big bad evil corporations that want to charge Netflix, et al. more to provide "fast lanes" and yet still provides for QoS (Quality of Service) for VoIP (Voice over Internet Protocol) aka using your data lines for telephone calls.

In more ridiculous news, Verizon responded to the FCC's vote by using Morse code in their press release. Classic example of someone not getting their way and having a tantrum. I do believe it is time for their nap...let me go get their blanket and "binky."

This doesn't necessarily have much to do with InfoSec but it is HUGE and IMPORTANT news that just had to be shared...and if it is important for the people and for the freedom of the internet, then it is important for IT professionals and those in security to know about and, hopefully, celebrate.

Lenovo or is it Le Oh No?

There has been a lot of interesting information coming out lately regarding Superfish and man-in-the-middle attacks.

Lenovo is selling computers that come preinstalled with adware that hijacks encrypted Web sessions and may make users vulnerable to HTTPS man-in-the-middle attacks that are trivial for attackers to carry out, security researchers said. - Ars Technica

The CEO of Superfish maintains in a statement that there is no security flaw in the software, which pretty much every other person with any knowledge of SSL and certificates can see is false. It has now even been found that it is even easier to perform a man-in-the-middle attack than previously thought.

The latest update has Lenovo CTO Peter Hortensius saying in an interview with The Wall Street Journal that they "didn't do enough." They are also in the process of writing software that will completely remove all code and data associated with the adware.

In case you wanted to know, if you bought a Lenovo between October 2014 and December 2014 and it is a model in the list below, you probably have Superfish signing certificates and are vulnerable:

G Series: G410, G510, G710, G40-70, G50-70, G40-30, G50-30, G40-45, G50-45
U Series: U330P, U430P, U330Touch, U430Touch, U530Touch
Y Series: Y430P, Y40-70, Y50-70
Z Series: Z40-75, Z50-75, Z40-70, Z50-70
S Series: S310, S410, S40-70, S415, S415Touch, S20-30, S20-30Touch
Flex Series: Flex2 14D, Flex2 15D, Flex2 14, Flex2 15, Flex2 14(BTM), Flex2 15(BTM), Flex 10
MIIX Series: MIIX2-8, MIIX2-10, MIIX2-11
YOGA Series: YOGA2Pro-13, YOGA2-13, YOGA2-11BTM, YOGA2-11HSW
E Series: E10-30

It was almost the end of the world again...

...and we're back to Facebook and how the world almost ended again.

This time because of a bug that could have opened the door to deleting every single photo on Facebook. While I don't believe it would have happened without a beast of a processor, I do think that it could have caused some major damage.

There was a bug in the code for Graph API, "a developer platform that allows websites and applications to tap into Facebook's data."

The Graph API does not allow one user to delete another person's photos or albums. But by manipulating an access token from his mobile device, he was able to convince Facebook that the album belonged to him -- effectively allowing him access to read, write, and delete the album. - Zack Whittaker, ZDNet

The bug was so potentially damaging that Facebook had a fix out within two hours, and they rewarded the person that discovered the bug the highest reward offered, $12,500. Not a bad days work in my opinion!

Taxes and death...

It is that time of year again; people all over the country are receiving their W-2's and filing their taxes. It is also time for fraudsters to come out of the woodwork and work their magic.

Tax software goliath Intuit had an issue last week with Turbo Tax and state tax filings. The issue had some people logging in to file their taxes and finding their state taxes already completed when they hadn't done so themselves.

The faked filings was not due to a security breach which makes me happy since I have used Turbo Tax for the last 10 years. At this point I have already files and received my returns (however paltry they were this year...damn you scholarships and the American Opportunity Tax Act!!)

Fraudsters can easily go to an underground website to purchase personal data suitable for filing bogus tax claims, an identity-management specialist noted in comments to USA Today.

Intuit has instituted additional security measures and anyone that was affected by the by this tax fraud is being offered identity protection services and free credit monitoring.