More from: Software

Yet Another Reason You Should By A Computer From Us

Not only do you get a better computer for the price.  Not only do you get a warranty and service from a person you know.  You also don’t any preinstalled malware.

From ARStechnica

Lenovo is selling computers that come preinstalled with adware that hijacks encrypted Web sessions and may make users vulnerable to HTTPS man-in-the-middle attacks that are trivial for attackers to carry out, security researchers said.

The critical threat is present on Lenovo PCs that have adware from a company called Superfish installed. As unsavory as many people find software that injects ads into Web pages, there’s something much more nefarious about the Superfish package. It installs a self-signed root HTTPS certificate that can intercept encrypted traffic for every website a user visits. When a user visits an HTTPS site, the site certificate is signed and controlled by Superfish and falsely represents itself as the official website certificate.

Even worse, the private encryption key accompanying the Superfish-signed Transport Layer Security certificate appears to be the same for every Lenovo machine. Attackers may be able to use the key to certify imposter HTTPS websites that masquerade as Bank of America, Google, or any other secure destination on the Internet. Under such a scenario, PCs that have the Superfish root certificate installed will fail to flag the sites as forgeries—a failure that completely undermines the reason HTTPS protections exist in the first place.


Another Parking Service Hacked

From Krebs

Book2Park.com, an online parking reservation service for airports across the United States, appears to be the latest victim of the hacker gang that stole more than a 100 million credit and debit cards from Target and Home Depot. Book2park.com is the third online parking service since December 2014 to fall victim to this cybercriminal group.

book2parkLast week, a new batch of credit card numbers [dubbed “Denarius“] went up for sale on Rescator[dot]cm, the cybercrime bazaar that earned infamy by selling tens of millions of cards stolen from Target and Home Depot. Multiple banks contacted by this author acquired a handful of cards from this new batch, and each of those financial institutions found the same pattern: All of the cards they bought had been issued to customers who recently made airport parking reservations at Book2Park.com.

Contacted about the apparent breach, Book2park.com owner Anna Infante said she was not aware that hundreds — if not thousands — of her customers cards were for sale online. But she said a technology firm the company contracts with did recently discover and remove malicious files that were somehow planted on Book2park’s Web server.

“We already took action on this, and we are totally on it,” Infante said. “We are taking all further steps in protecting our customers and reporting this to the proper authorities.”

In December, the same hacker gang began selling card accounts stolen from the Web sites of Park ‘N Fly and OneStopParking.com. The card accounts stolen from OneStopParking and Park ‘N Fly sold for prices between $6 and $13, but the cards taken from Book2Park’s site mostly fetch prices ranging from $12 to $18. This may be because most of the cards were issued by European banks, which tend to sell for more (at least on Rescator’s site).


Symantec Declares Anti-Virus Dead

I’ve been saying this for years.  The anti-virus is the least important part of a comprehensive security package and education.  Anti-virus is reactive, people need to be more proactive about both security and ensuring they have things in place to recover from a catastrophic problem.  A good set of backups is the difference between a minor inconvenience and a catastrophic loss that could cause bankruptcy for a business.

 

From Krebs

An article in The Wall Street Journal this week quoted executives from antivirus pioneer Symantec uttering words that would have been industry heresy a few years ago, declaring antivirus software “dead” and stating that the company is focusing on developing technologies that attack online threats from a different angle.

Ads for various crypting services.
Ads for various crypting services.
This hardly comes as news for anyone in the security industry who’s been paying attention over the past few years, but I’m writing about it because this is a great example of how the cybercrime underground responds to — and in some cases surpasses — innovations put in place by the good guys.

About 15 years ago, when the antivirus industry was quite young, there were far fewer competitors in the anti-malware space. Most antivirus firms at the time had a couple of guys in the lab whose job it was to dissect, poke and prod at the new crimeware specimens. After that, they’d typically write reports about the new threats, and then ship “detection signatures” that would ostensibly protect customers that hadn’t already been compromised by the new nasties.

This seemed to work for while, until the smart guys in the industry started noticing that the volume of malicious software being released on the Internet each year was growing at fairly steady clip. Many of the industry’s leaders decided that if they didn’t invest heavily in technologies and approaches that could help automate the detection and classification of new malware threats, that they were going to lose this digital arms race.

So that’s exactly what these firms did: They went on a buying spree and purchased companies and technologies left and right, all in a bid to build this quasi-artificial intelligence they called “heuristic detection.” And for a while after that, the threat from the daily glut of malware seemed to be coming under control.

But the bad guys didn’t exactly take this innovation laying down; rather, they responded with their own innovations. What they came up with is known as the “crypting” service, a service that has spawned an entire industry that I would argue is one of the most bustling and lucrative in the cybercrime underground today.

Put simply, a crypting service takes a bad guy’s piece of malware and scans it against all of the available antivirus tools on the market today — to see how many of them detect the code as malicious. The service then runs some custom encryption routines to obfuscate the malware so that it hardly resembles the piece of code that was detected as bad by most of the tools out there. And it repeats this scanning and crypting process in an iterative fashion until the malware is found to be completely undetectable by all of the antivirus tools on the market.

Incidentally, the bad guys call this state “fully un-detectable,” or “FUD” for short, an acronym that I’ve always found ironic and amusing given the rampant FUD (more commonly known in the security industry as “fear, uncertainty and doubt”) churned out by so many security firms about the sophistication of the threats today.

In some of the most sophisticated operations, this crypting process happens an entirely automated fashion (the Styx-Crypt exploit kit is a great example of this): The bad guy has a malware distribution server or servers, and he signs up with a crypting service. The crypting service has an automated bot that at some interval determined by the customer grabs the code from the customer’s malware distribution server and then does its thing on it. After the malware is declared FUD by the crypting service, the bot deposits the fully crypted malware back on the bad guy’s distribution server, and then sends an instant message to the customer stating that the malware is ready for prime time.

Crypting services are the primary reason that if you or someone within your organization is unfortunate enough to have opened a malware-laced attachment in an email in the first 12-24 hours after the bad guys blast it out in a spam run, there is an excellent chance that whatever antivirus tool you or your company relies upon will not detect this specimen as malicious.

In short, as I’ve noted time and again, if you are counting on your antivirus to save you or your co-workers from the latest threats, you may be in for a rude awakening down the road.

Does this mean antivirus software is completely useless? Not at all. Very often, your antivirus product will detect a new variant as something akin to a threat it has seen in the past. Perhaps the bad guys targeting you or your organization in this case didn’t use a crypting service, or maybe that service wasn’t any good to begin with.

In either case, antivirus remains a useful — if somewhat antiquated and ineffective – approach to security.  Security is all about layers, and not depending on any one technology or approach to detect or save you from the latest threats. The most important layer in that security defense? You! Most threats succeed because they take advantage of human weaknesses (laziness, apathy, ignorance, etc.), and less because of their sophistication. So, take a few minutes to browse Krebs’s 3 Rules for Online Safety, and my Tools for a Safer PC primer.

 

kissimmee saint cloud osceola county 192 34769 34744 34772 34771 34743 34746 computer repair st cloud computer reapir kissimee lake nona narcossee virus malware virus removal


Microsoft Warns of Attacks on IE Zero-Day

From Krebs:

Microsoft is warning Internet Explorer users about active attacks that attempt to exploit a previously unknown security flaw in every supported version of IE. The vulnerability could be used to silently install malicious software without any help from users, save for perhaps merely browsing to a hacked or malicious site.

In an alert posted on Saturday, Microsoft said it is aware of  “limited, targeted attacks” against the vulnerability (CVE-2014-1776) so far.

Microsoft’s security advisory credits security firm FireEye with discovering the attack. In its own advisory, FireEye says the exploit currently is targeting IE9 through IE11 (although the weakness also is present in all earlier versions of IE going back to IE6), and that it leverages a well-known Flash exploitation technique to bypass security protections on Windows.

ie0daymitigationMicrosoft has not yet issued a stopgap “Fix-It” solution for this vulnerability. For now, it is urging IE users to download and install its Enhanced Mitigation Experience Toolkit (EMET), a free tool that can help beef up security on Windows. Microsoft notes that EMET 3.0 doesn’t mitigate this attack, and that affected users should instead rely on EMET 4.1. I’ve reviewed the basics of EMET here. The latest versions of EMET are available here.

According to information shared by FireEye, the exploit also can be blocked by running Internet Explorer in “Enhanced Protected Mode” configuration and 64-bit process mode, which is available for IE10 and IE11 in the Internet Options settings as shown in the graphic above.

This is the first of many zero-day attacks and vulnerabilities that will never be fixed for Windows XP users. Microsoft last month shipped its final set of updates for XP. Unfortunately, many of the exploit mitigation techniques that EMET brings do not work in XP.

kissimmee saint cloud osceola county 192 34769 34744 34772 34771 34743 34746 computer repair st cloud computer reapir kissimee lake nona narcossee virus malware virus removal


Big Round of Patches This Month…

From Krebs:

 

 

Microsoft has issued security updates to fix at least 23 distinct vulnerabilities in itsWindows operating systems and other software. Three of the patch bundles released today address flaws rated “critical,” meaning that malware or miscreants can use them to break into Windows PCs without any help from users.

Leading the critical updates is a cumulative patch forInternet Explorer (MS13-059) that affects every version of the browser on nearly all supported versions of Windows. In its advisory, Microsoft warns it is highly likely that attackers will soon develop exploit code to attack the flaws addressed in this patch. Indeed, according to Ross Barrett, manager of security engineering at Rapid7, the IE patch addresses a vulnerability first demonstrated at thePwn2Own contest at the CanSecWest conference in March of this year.

Another critical update, MS13-060, is a browse-and-get-owned font vulnerability that affects users on Windows XP and Server 2003.  The final critical patch, MS13-061, tackles several flaws in Microsoft Exchange that stem from a third-party component from Oracle called Outside In.

Security experts differ over the which patches marked “important” in severity are the most interesting this month. Wolfgang Kandek, chief technology officer at vulnerability management firm Qualys, says that the most surprising patch in this category is MS13-063, a Windows kernel vulnerability that addresses another bug first disclosed (PDF) at this year’s CanSecWest. The vulnerability allows attackers to bypass an anti-exploitation protection built into Windows called address space layout randomization (ASLR). Kandek notes that the researcher who discovered that flaw — Yang Yu from Chinese security firmNSFocus — probably could have earned up to $100,000 for reporting that flaw to Microsoft, had he known Microsoft was going to start paying researchers for such bugs.

“Microsoft believes it could have qualified for one of the high-paying bounties (up to $100,000) of the current BlueHat program,” Kandek wrote. “Alas, at the time, the program did not exist, and Yang Yu had no way of knowing that the program was in the works.”

For his part, Rapid7′s Barrett said perhaps the most genuinely interesting vulnerability this month is MS13-062, which is reported as a flaw that allows lesser users to elevate their privileges on Windows.

“Microsoft has described this as extremely difficult to exploit, which I can only assume is a challenge to exploit writers everywhere to prove them wrong,” Barrett quipped.

Patches are available through Windows Update or via Automatic Updates. As always, if you experience any issues applying any of these patches, please leave a note in the comments section below.