Category Archives: Computer Security

Virus, malware in general and all evil programs, begone!

Recent Software Security Updates

1. Adobe Flash Player has recently been updated several times, following the uncovering of vulnerabilities exploited involving a security firm. Most computers have Flash installed. To ensure you have the latest version, visit:
https://www.adobe.com/software/flash/about/.
It should tell you what version you have installed and what version is the latest available. As of this writing, both should be 18,0,0,209. If you need to update it, visit:
https://get.adobe.com/flashplayer/.
There is even a growing trend of handling the frequent uncovered vulnerabilities found in Flash by advocating its removal altogether. A middle-ground solution, since some websites still use and require Flash, would be to disable it by default in your browser so you can enable it in the websites you trust only.

2. In an unusual move for Microsoft, an update to patch a critical vulnerability was released today. It is unusual because it is not following the usual schedule for updates, which are normally released on the second Tuesday of every month. This is called an out-of-band update, and it usually signifies a very critical security update that requires special attention. if your Windows based computer has automatic updates enabled, no action is needed on your part. But if you don’t, it’s suggested you install it manually. The update identifier is KB3079904. Contact me if you have any questions as to how to install it manually.

Time Sensitive – Grab Your Private E-mail Account

In a recent article about privacy in communications, I mentioned ProtonMail. Today, I got an email in my inbox from them, which I thought it should be passed along:

“Hi Everyone,

Thank you for using ProtonMail!

To celebrate our 1 year anniversary, we are upgrading all accounts created by June 17th, 2015 to 1GB of free storage! Many of you have also asked for a way to share ProtonMail with friends and family. To do that, we have created a special link that allows instant account creation:
https://protonmail.ch/privacyforall

You can send this link to friends and family and they will be able to get a ProtonMail account instantly. As our server capacity is still limited, we will only keep this link active until June 17th, 2015 (or until we hit capacity limit). Also after June 17th, all new accounts will default to 500MB of free storage.

Over the past year, ProtonMail has proven to be reliable with less than 12 hours of total downtime (mostly scheduled maintenance), no incidents of permanent data loss, and no reports of user data compromise. Over that same period, the ProtonMail user community has grown from 10,000 to 500,000 people.

As you know, we respect your privacy and do not track detailed user activity. Therefore, to continue to improve ProtonMail, we need to rely on direct feedback from you and would love to hear your suggestions or criticisms in the following survey:
https://blog.protonmail.ch/feedback

Many of the improvements mentioned in the survey will be coming soon. In the past few months alone, we have added new features like folders/labels, encrypted attachments, the protonmail.com domain, and more: https://blog.protonmail.ch/protonmails-new-features-guide

We look forward to continuing this exciting journey with you!

Best regards,
The ProtonMail Team

We believe privacy is a fundamental human right which is why we are supported by donations instead of advertisements. If you would like to support us, please visit: https://protonmail.ch/donate

I don’t receive any compensation from passing along the above, but thought for those similarly minded souls who like privacy, this represents a good opportunity.

Communication Privacy, Part II

The first part of this article, written recently, went over secure instant messaging. This second part will take up secure email communications.

The subject is extensive enough that it is not easy to cover it comprehensibly in just 2 short articles, while also keeping it understandable for the non-geek. But here we go.

Secure emails: To a greater or lesser degree most people have heard about it. It is often accompanied by words like encryption, et cetera. The idea being that only the sender and the recipient, i.e. the intended parties, are able to access the contents of the emails.

As with everything, several degrees of security exist in different email systems models. The lowest, your “free” Gmail, Yahoo, Microsoft email accounts are relatively easy to intercept, and are often scanned by the email providers themselves (as covered in their own Terms of Service you agree to when you get the email account) to search for content that can be used to market products to you. So much for free 🙂 .

A level up are providers like Hushmail, a Canadian company that has been around for about 17 years and which provides encrypted emails and the ability to send emails that require a password to decrypt (decipher, decode), is ad free, and provides a decent level of privacy. It has free and paid versions, depending on how many features are enabled.

Then you have StartMail, brought to you by the creators of Startpage/Ixquick (one of the most private search engines around). This only has a paid version (one can start with a free trial) and provides better security. Again, no ads, encryption based emails, only intended recipient and the sender can read the messages.

Finally my pick as the one that has the most potential for actual full privacy: ProtonMail. The main feature that sets ProtonMail above the rest is that the-end-to-end encryption/decryption happens in your computer/device (seriously, you need a password to get into your account and then a second password to decrypt your inbox on the spot), so even if the Swiss based servers were subverted somehow, it would be impossible to gain access to or decrypt any messages. Also a nice feature is the ability to set the longevity of the of the emails sent (how long after sent do they expire) if so desired.

ProtonMail has been around for a year in Beta (initial) testing stage and still only available by invitation (meaning you’ll be in a waiting list for a little while, as the demand for more users is met).

As a closing remark I’d like to remind you that absolute security is a nice concept, but to me it doesn’t exist. Specially when placed in the context of a rapidly evolving world of computing technology and telecommunications. But as of this writing and so far ProtonMail is the closest I’ve found to secure email communications.

Communication Privacy, Part I

There are probably a couple of articles I can write about current secure methods of communication. Here’s the first of them.

Inherent to the field of computer security is the privacy of telecommunications. On one side of the spectrum we have a hacked computer that has been subverted and it’s easy to access by unauthorized personnel in order to guess email passwords, past messages, contacts, etc. What’s on the other side of the spectrum?

When it comes to instant messaging: Wickr. What in heavens is Wickr?

At the expense of sounding like this is a commercial (it’s not, and it’s impossible to buy a good or bad review from me about a program or device), Wickr is currently my best answer to instant messaging privacy. It’s a program or application that allows for back and forth messaging at a secure level. I’ve been using it in my phone for some time now, from when it was in Beta testing (very early stages) last year. But recently the developers have expanded the type of devices it can be installed in, to include Windows based computers (Windows 7 and above), so I figured now I can write about it.

Why is it on the other side of the security spectrum?

Wickr uses encryption of the highest level and implemented in such a way that only the chosen, authorized devices possess the ability to decrypt the messages, true end-to-end encryption with no middle man. It also provides the ability to set how long a message sent will remain in the receiver’s screen before it’s deleted forever.

I don’t want to go into a lot of data about it because there’s plenty in the Wickr website, so for more information visit the link I just gave you and study the data for yourself. Warning: Prepare to look up a word or two if you go into the details of how it all works.

Stay tuned for my next article, where I’ll tackle the most secure email system I’ve found to date.

Don’t Be Fooled About Spoof Emails

Picture this scenario if you will: You get an email from somebody who’s name you recognize, but something is wrong. The email makes no sense, or is asking you to click on a link or some other suspicious request. You correctly spot that the email was not actually written by your acquaintance.  And sometimes it’s because that person’s email has been compromised and someone is having a field day with it, sending unsolicited emails to all the person’s contacts. This happens sort of often these days.

But although the first assumption is that the person’s email has been stolen or compromised, that is not necessarily the case. As you know, when setting up an email account you normally have an email address itself AND your name. These are two separate bits of information that can be stored in an email. So strictly speaking, that can be used to “spoof” emails. How?

Let’s say Joe Blow is my friend, and by one method or another, somebody finds that out, and my email address. Now that person can send a spoofed email from a “badguy@hell.com” email address, but he fills out “Joe Blow” as the name. When one sees the email, many times one will see the “Joe Blow ” part, and not realize that the email address has nothing to do with that person.

If you pay close attention to those fields in an email, you can see the actual email address and then can decide whether the actual email account has been stolen/compromised/hacked or somebody is just spoofing it. The section of the email that has all that information is called headers.

So pay attention to the headers and you won’t be so easily fooled.

The above is not the only method used to spoof emails. There are actually ways to spoof the email address the email is coming from so you think the email address is correct as well as the name. Those require more expertise to recognize and identify and go beyond the scope of this article. But at least anyone can recognize the above scenario and avoid been fooled.

That Was a First on Infected Computers

When it comes to virus and malware in general, not much surprises me anymore. Which will put things in perspective when I say what I saw recently impressed me. A lot.

A client contacted me because a computer had gone through a virus infection and AFTER it was seemingly removed, the computer was very slow. I looked into it, and looked into it. There was something off, but all my usual scanners were not detecting anything major. And THEN, almost by accident, a major outness came into view.

Several programs, legit programs, were behaving oddly. Very oddly. When I finally got to the bottom of it, my jaw had dropped. Somebody had subverted the computer and turned it into a “bot”, meaning it was being used by other people, a lot of people, without the consent of the owner. That in itself was not surprising – it happens every day.

But what was surprising was the method used to infect the computer and carry out its subversion. It was so covert, so devilishly brilliant, that it fooled all current scanners I threw at it. And it almost escaped me while using advanced manual detection tools. Almost, fortunately, but that was a first. Never seen anything like it, ever.

It was so bad that it was one of the few occasions where I recommended re-installing the computer’s operating system from scratch. It was the only way to make absolutely sure no part of the infection remained.

I created a copy of the original hard drive to play with the infection afterwards in a controlled environment, and learn from it.

As part of the handling I put in place a better security system based on my model, and hopefully that will close the door to the possibility of it ever happening again.

 

Monster Amount of Windows Updates Just Released

Microsoft just released 16 security updates as part of its monthly update schedule. This is the largest amount of updates released in 3 years.

Five of the 16 updates were labeled “critical”, nine “important”, and two “moderate”.

The updates address the Windows Operating System itself, Microsoft Office, and Internet Explorer.

All these updates were released a few minutes ago, at 1 p.m. ET.

If you have Automatic Updates enabled in your Windows computer you don’t need to take action for these updates to install, except maybe a restart at the end of the updates. If Automatic  Updates are not enabled, it is strongly recommended you download and install these and any other outstanding Windows Updates.

Malware Statistics, 2014

Individual malware strains are still in the raise, per the latest data reported by PandaLabs. In the 3rd quarter this year, 20 millions new strains were created worldwide. Per AV-Test.org, over 14 million were created in October alone. Compare that to 2013, where an average of 5 million were created every month, or 2009, when  it was “just” a little over 1 million per month.

The most common type of malware are still Trojans, with 78% of all infections, while the most geographically affected areas worldwide remain Latin American and Asian countries.

Given these facts, a good security setup for your computer and good web surfing habits are now more important than ever.

Ebola Phishing Scams and Malware Campaigns

As it is usual with phishing scams and malware campaigns, a trending topic is used to attract attention. In this case the Ebola virus disease, a subject that has spiked public interest recently, is being used as a theme.

Therefore, beware of suspicious emails with Ebola mentioned in the subject or body of the email. Such emails may contain links used to direct users to websites which collect personal information or contain malicious attachments that can infect a computer.

The best way to protect yourself against such attempts is to

1. Do not follow unsolicited web links or attachments in email messages.

2. Maintain up-to-date antivirus software. See this article for my ideal security set up for a computer.

3. Contact a computer security expert if you suspect you have fallen victim of a phishing scam or malware campaign.

 

An Improved Password Method

Security breaches, security leaks, passwords leaks, stolen information, stolen identities. These subjects seem to be more and more present in the news in recent times. Although I wouldn’t necessarily trust all news and news sources and the slant they put on the news, there is nonetheless a situation here that seems to have worsened with time.

An alternate title for this article could be What’s “Two-Factor Authentication”?

In the simplest possible way, it could be defined as an access procedure that adds an additional step to the normal verification process. Abbreviated TFA or 2FA.

Although it might sound foreign to you, as a matter of fact you probably already use it to some degree or another. An example of it is using an ATM machine. To access your account you need two steps: 1) Have and swipe your ATM card and 2) enter the pin number for it.

By no means perfect or impenetrable, this method however does raise the fence, making it harder for hackers to get their dirty little hands on your information. Because of that, the method has gained popularity in recent times.

The possible credentials are a) something you know, such as a password or pin number, b) something you have, such as your ATM card or a phone and c) something you are, as in a fingerprint or any other similar bio-metric authentication. Two of these three are required in two-factor authentication.

For the regular user, if you come across the option to use it, I would recommend it, especially for things like online banking, and any online activity that you consider sensitive. It might save you from some future potential headaches.