More from: Identity Theft

2.2 Billion Records Stolen So Far In 2016!

As I tell everyone your information is out there, we have lost the privacy war. The big retail chains sometime make the news when they get hacked.  The real threat though are the ones that don’t make the news or we don’t know about, banks, medical records, insurance companies.  There are thousand of companies whose sole business model is collecting your data, how forth coming do you expect these businesses to be when they have a data breach.

 

From ARS

There has been yet another major data breach, this time exposing names, IP addresses, birth dates, e-mail addresses, vehicle data, and occupations of at least 58 million subscribers, researchers said.

The trove was mined from a poorly secured database and then published and later removed at least three times over the past week, according tothis analysis from security firm Risk Based Security. Based on conversations with a Twitter user whofirst published links to the leaked data, the researchers believe the data was stored on servers belonging to Modern Business Solutions, a company that provides data storage and database hosting services.

Shortly after researchers contacted Modern Business Solutions, the leaky database was secured, but the researchers said they never received a response from anyone at the firm, which claims to be located in Austin, Texas. Officials with Modern Business Solutions didn’t respond to several messages Ars left seeking comment and additional details.

Risk Based Security said the actual number of exposed records may be almost 260 million. The company based this possibility on an update researchers received from the Twitter user who originally reported the leak. The update claimed the discovery of an additional table that contained 258 million rows of personal data. By the time the update came, however, the database had already been secured, and Risk Based Security was unable to confirm the claim. The official tally cited Wednesday by breach notification service Have I Been Pwned? is 58.8 million accounts. In all, the breach resulted in 34,000 notifications being sent to Have I Been Pwned? users monitoring e-mail addresses and 3,000 users monitoring domains.

According to Risk Based Security, the account information was compiled using the open source MongoDB database application. The researchers believe the unsecured data was first spotted using the Shodan search engine. The publication of the data happened when a party that first identified the leak shared it with friends rather than privately reporting it to Modern Business Solutions.

By the tally of Risk Based Security, there have been 2,928 publicly disclosed data breaches so far in 2016 that have exposed more than 2.2 billion records. The figures provide a stark reminder of why it’s usually a good idea to omit or falsify as much requested data as possible when registering with both online and offline services. It’s also a good idea to use a password manager, although this leak was unusual in that it didn’t contain any form of user password, most likely because the data was being stored on behalf of one or more other services.


If You Force People To Constantly Change Passwords They Do Bad Things With Passwords

My own anecdotal experience with this is in 100% of cases where people where to constantly change passwords they either added a digit to the password or wrote the password on a sticky note somewhere in plain site of the computer.

From Ars

The most on-point data comes from a study published in 2010 by researchers from the University of North Carolina at Chapel Hill. The researchers obtained the cryptographic hashes to 10,000 expired accounts that once belonged to university employees, faculty, or students who had been required to change their passcodes every three months. Researchers received data not only for the last password used but also for passwords that had been changed over time.

By studying the data, the researchers identified common techniques account holders used when they were required to change passwords. A password like “tarheels#1”, for instance (excluding the quotation marks) frequently became “tArheels#1” after the first change, “taRheels#1” on the second change and so on. Or it might be changed to “tarheels#11” on the first change and “tarheels#111” on the second. Another common technique was to substitute a digit to make it “tarheels#2”, “tarheels#3”, and so on.

“The UNC researchers said if people have to change their passwords every 90 days, they tend to use a pattern and they do what we call a transformation,” Cranor explained. “They take their old passwords, they change it in some small way, and they come up with a new password.”

The researchers used the transformations they uncovered to develop algorithms that were able to predict changes with great accuracy. Then they simulated real-world cracking to see how well they performed. In online attacks, in which attackers try to make as many guesses as possible before the targeted network locks them out, the algorithm cracked 17 percent of the accounts in fewer than five attempts. In offline attacks performed on the recovered hashes using superfast computers, 41 percent of the changed passwords were cracked within three seconds.

 


STOP USING NORTON!

In fact sop using all AV, it’s best to just stick with Windows built in free security. You are just as secure, it doesn’t hog resources, and at least you are not paying for the privilege of software that makes you totally vulnerable to comically easy to perform attacks that can take over your computer. This is just the latest and worst example of incredibly sever security holes found in security software.

http://arstechnica.com/security/2016/06/25-symantec-products-open-to-wormable-attack-by-unopened-e-mail-or-links

Much of the product line from security firm Symantec contains a raft of vulnerabilities that expose millions of consumers, small businesses, and large organizations to self-replicating attacks that take complete control of their computers, a researcher warned Tuesday.

“These vulnerabilities are as bad as it gets,” Tavis Ormandy, a researcher with Google’s Project Zero,wrote in a blog post. “They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”

The post was published shortly after Symantec issued its own advisory, which listed 17 Symantec enterprise products and eight Norton consumer and small business products being affected. Ormandy warned that the vulnerability is unusually easy to exploit, allowing the exploits to spread virally from machine to machine over a targeted network, or potentially over the Internet at large. Ormandy continued:

Because Symantec uses a filter driver to intercept all system I/O, just emailing a file to a victim or sending them a link to an exploit is enough to trigger it – the victim does not need to open the file or interact with it in anyway. Because no interaction is necessary to exploit it, this is a wormable vulnerability with potentially devastating consequences to Norton and Symantec customers.

An attacker could easily compromise an entire enterprise fleet using a vulnerability like this. Network administrators should keep scenarios like this in mind when deciding to deploy Antivirus, it’s a significant tradeoff in terms of increasing attack surface.

The flaws reside in the engine the products use to reverse the compression tools malware developers use to conceal their malicious payloads. The unpackers work by parsing code contained in files before they’re allowed to be downloaded or executed. Because Symantec runs the unpackers directly in the operating system kernel, errors can allow attackers to gain complete control over the vulnerable machine. Ormandy said a better design would be for unpackers to run in a security “sandbox,” which isolates untrusted code from sensitive parts of an operating system.

The researcher said one of the proof-of-concept exploits he devised works by exposing the unpacker to odd-sized records that cause inputs to be incorrectly rounded-up, resulting in a buffer overflow. A separate “decomposer library” included in the vulnerable software contained open-source code that in some cases hadn’t been updated in at least seven years. The lack of updates came even though vulnerabilities had been found in some of the aging code and in some cases the disclosures were accompanied by publicly available exploits. A list of additional vulnerabilities is here.

Tuesday’s advisory is only the latest to underscore game-over vulnerabilities found in widely available antivirus packages. Although the software is often considered a mandatory part of a good security regimen—on Windows systems, at least—their installation often has the paradoxical consequence of opening a computer to attacks that otherwise wouldn’t be possible. Over the past five years, Ormandy in particular has exposed a disturbingly high number of such flaws in security software from companies including Comodo, Eset, Kaspersky, FireEye, McAfee, Trend Micro, andothers.

In most cases, the updates disclosed Tuesday will be automatically installed, in much the way virus definitions are received. In other cases, end users or administrators will have to manually install the fixes. People running Symantec software should check the advisory to make sure they’re covered.


The Myth of the $200 Computer

 

It happens a few times a year.  A customer is faced with either a computer that cannot be repaired or a one that is so old that it’s not worth repairing.

They will ask what their options are and I will explain to them for $350-$500 they can get a custom built PC from me that will be the best computer they have ever owned and last them a decade.

They scoff at this idea and proudly proclaim that they can just head on over to Staples and get one for $200.

I will not deny that yes there are times of the year where you can get some great deals; Back to School, and Christmas being good examples. Times of year when stores will stock up on somewhat outdated inventory and sell it as loss leaders to get parents into the stores.   However these deals are actually rare and becoming more hard to find.

Anyway let’s set that aside and look at what you get when you buy a bottom of the line PC at big box retailer.

Just this weekend I was faced with a client who did the “I don’t need anything fancy I can’t get something for $200” eye roll. He ended up at Walmart where to his surprise there are no $200, in fact you can’t even find a computer that does not include a monitor, his only option was a $250 Acer AXC-704G-UW61.

The bare minimum to manufacture a PC is over $200.  So how can they sell you a PC for such a low price.  Either you are getting very old outdated and barely usable parts.  This computer had really cheap slow parts in it. So cheap, slow, and built to a price point that they were designed to be cheap, and as we discovered the hard way not even fully functional.

The other way they bring the price down which is the case more and more you are getting a computer that has been subsidized by installing tons of Spyware.  This PC was riddled with Spyware, in fact the first program they installed on it before they even installed the drivers was Spyware.

XYO6ZbP - Imgur

This miracle of modern technology was then dropped off here so I could begin the process of transferring and installing all the software and files he needs for his business onto the this wonderful new PC.  Set it up on the desk and problem #1, this computer has no VGA or DVI ports only HDMI.  So now we either need a HDMI monitor, a video card, or a some sort of converter.   So now it’s a $270 PC, and we wasted a days labor. Nowhere on the box was it mentioned that this computer had only HDMI ports. It has two USB 3.0 ports but since it’s only two those will be taken up by your keyboard and mouse.  So if you want to actually use those ports you need a hub now it’s a $290 computer.

 

Okay we get it hooked up to a monitor.  I know have to spend half a day removing all the SpyWare that is preinstalled onto the PC.

Finish that, install al the business software we need, and star transferring his files onto the new PC.  The transfer is going to take 6 hours so I leave and come back.  In that time the PC has put the monitor to sleep and the only way to get the monitor back on is to unplug the power from it.  So now we have to leave the monitor on displaying a screen saver 24 hours a day otherwise the PC turns the monitor off and then will not turn it back on.

Finish everything, leave the computer alone over night come back  and now it for some reason has shut down and will not restart.  Pull the power and it will turn back on.  At this point it is finally decided this $200 PC is going back.

Now we have wasted 3 days,  the client owes me well over $100 in labor and we have accomplished nothing.

You get what you pay for.


Time to Pay More Attention to Things That Can and Will Actually Harm You…

We tend to focus on huge headline grabbing issues that in reality have little chance of directly affecting our lives.  You can put locks and cameras on your house, but with a phone line and a network connection you are letting crooks into your life everyday.  Ransomware is a huge out of control problem that is getting no attention. I’ve had this hit several customers and have seen it hit numerous hospitals and law enforcement agencies.  If you contact the FBI the FBI tells you they can do nothing about it and you should pay the ransom.  You need to keep proper routine backups and make sure you have a set of backups that are offline not attached to your PC or network. Don’t put it off, take care of it now.

 

From Krebs

A Kentucky hospital says it is operating in an “internal state of emergency” after a ransomware attack rattled around inside its networks, encrypting files on computer systems and holding the data on them hostage unless and until the hospital pays up.

A streaming red banner on Methodisthospital.net warns that a computer virus infection has limited the hospital's use of electronic web-based services.

A streaming red banner on Methodisthospital.net warns that a computer virus infection has limited the hospital’s use of electronic web-based services. Click to enlarge.

Henderson, Ky.-based Methodist Hospital placed a scrolling red alert on its homepage this week, stating that “Methodist Hospital is currently working in an Internal State of Emergency due to a Computer Virus that has limited our use of electronic web based services.  We are currently working to resolve this issue, until then we will have limited access to web based services and electronic communications.”

Jamie Reid, information systems director at the hospital, said malware involved is known as the “Locky” strain of ransomware, a contagion that encrypts all of the important files, documents and images on an infected host, and then deletes the originals. Victims can regain access to their files only by paying the ransom, or by restoring from a backup that is hopefully not on a network which is freely accessible to the compromised computer.

In the case of Methodist Hospital, the ransomware tried to spread from the initial infection to the entire internal network, and succeeded in compromising several other systems, Reid said. That prompted the hospital to shut down all of the hospital’s desktop computers, bringing systems back online one by one only after scanning each for signs of the infection.

“We have a pretty robust emergency response system that we developed quite a few years ago, and it struck us that as everyone’s talking about the computer problem at the hospital maybe we ought to just treat this like a tornado hit, because we essentially shut our system down and reopened on a computer-by-computer basis,” said David Park, an attorney for the Kentucky healthcare center.

The attackers are demanding a mere four bitcoins in exchange for a key to unlock the encrypted files; that’s a little more than USD $1,600 at today’s exchange rate.

Park said the administration hasn’t ruled out paying the ransom.

“We haven’t yet made decision on that, we’re working through the process,” with the FBI, he said. “I think it’s our position that we’re not going to pay it unless we absolutely have to.”

The attack on Methodist comes just weeks after it was revealed that a California hospital that was similarly besieged with ransomware paid a $17,000 ransom to get its files back.

Park said the main effect of the infection has been downtime, which forced the hospital to process everything by hand on paper. He declined to say which systems were infected, but said no patient data was impacted.

“We have downtime procedures to going to paper system anyway, so we went to that paper system, he said. “But we don’t feel like it negatively impacted patient care. They didn’t get any patient information ”

Ransomware infections are largely opportunistic attacks that mainly prey on people who browse the Web with outdated Web browsers and/or browser plugins like Java and Adobe Flash and Reader. Most ransomware attacks take advantage of exploit kits, malicious code that when stitched into a hacked site probe visiting browsers for the the presence of these vulnerabilities.

The attack on Methodist Hospital was another form of opportunistic attack that came in via spam email, in messages stating something about invoices and that recipients needed to open an attached (booby-trapped) file.

It’s a fair bet that as ransomware attacks and attackers mature, these schemes will slowly become more targeted. I also worry that these more deliberate attackers will take a bit more time to discern how much the data they’ve encrypted is really worth, and precisely how much the victim might be willing to pay to get it back.

Tags: , , ,