Online Protection

Dear BFF’s, Princesses and Superheros – Hackers are your biggest fans

We have all seen the Facebook quizzes that flood our timelines. Which Disney character are you? Who is your true BFF?  What is your inner spirit animal? What is Superhero personality? Who is your soulmate? Well as 1 of many CyberSec superheros, CyberGent101 wants to help you out with something. Your longing to be a Disney character, Superhero, to release your inner spirit animal or finding out who your BFF is, maybe putting your personal data at risk. The video below gives some insight into what can occur if your data is stolen actually handed over via Facebook quizzes.

 

(video credit wfla.com)

A friend of mine @MsSharlee  and I often times find ourselves shaking our heads at the growing number of quiz posts that we see on our timelines. We continually post (and re-post) about the potential dangers of  taking these quizzes. At some point we hope that our concern will make others aware of what they are releasing to the internet.

As stated in the video here are a few helpful reminders to stay out of the crosshairs of hackers:

  • Be cautious of apps, quizzes, etc that require you to sign in or redirect you to a site to enter your credentials. Personally if something requires me to login, I don’t participate.
  • Treat your email addresses like cash. Make sure you use a strong password as well.
  • Don’t always trust links from friends. Web address analysis services like urlquery.net allow you to check out links that you may receive from emails, texts, etc. URLquery also provides a screenshot of what the site looks like at that particular time with analysis on if the link is malicious or not.
  • If you must participate in a quiz to see who your soulmate is or how many kids you will have with what celebrity, take a quiz from a company that has a good reputation of protecting data.

 

It’s..about..to..go..DROWN

Over the last few years a multitude of servers have been affected by SSL/TLS encryption breaking attacks. First off, SSL stands for Secure Socket Layer. SSL is the standard security technology for establishing an encrypted link between a browser and a web server. Transport Layer Security or TLS is a protocol that guarantees privacy between applications and their users over the Internet.

Although there have been multiple instances of SSL/TLS attacks, the two examples I want to briefly discuss are FREAK and a newly discovered attack called DROWN. (I did not make these names up by the way)  With the DROWN vulnerability researchers have stated that under some circumstances, an attacker can also impersonate a secure website (and you thought Elvis impersonations were scary) in order to intercept or change the content the user sees on the screen.

What does this mean to me?

Whenever you log into a site such as Amazon, Gmail or any other site that holds important data and information, you typically are logging into a secure site. TIP: Always look for the web address prefixed by “HTTPS”. The “S” in HTTPS stands for secure. If a web server for a particular site does not get the proper patches for SSL based attacks like DROWN, any information visitors submit during online transactions can be decrypted and obtained as it travels over the internet. Things such as passwords, addresses and credit card information can be accessed by an attacker a.k.a. the “Man-In-The-Middle” using this exploit.

One example of a previous SSL attack

The FREAK (Factoring RSA Export Keys) attack was announced on march 3rd 2015. The FREAK attack allowed attackers to easily intercept HTTPS connections between vulnerable clients and servers forcing them to use weakened encryption during the session. With this vulnerability exploited, the attacker could break the encryption in order to steal or even manipulate sensitive data. FREAK has since then become remediated as server administrators patched their systems upon hearing about this vulnerability. Vendors also advised them to disable support for all known insecure ciphers.

There are other historic SSL/ TLS attacks such as POODLE, BEAST and HeartBleed. Feel free to click the link for each one to learn more about how they were discovered along with their attack methods.

The Current SSL attack

The DROWN attack or Decrypting RSA with Obsolete and Weakened eNcryption, is a vulnerability that affects HTTPS and other services that rely on SSL and TLS. Websites, e-commerce sites, mail servers (i.e. Yahoo/ Gmail), and other TLS based sites and services are currently at risk for the DROWN attack.

DROWN_diagram1

What makes this a serious security risk is that any server that simply supports SSLv2 (SSLv2 doesn’t have to be active) is a threat to modern servers and clients.  This is demonstrated in the illustration above (illustration credits: Drownattack). The Man-In-The-Middle can launch SSLv2 probes in an attempt to decrypt the traffic and read the information transferred from the client to server.

 

 

 

drown pic

My contribution

Earlier today I used the DROWN website checker to see which sites were vulnerable to this attack. Some of the sites I came across are well known sports sites and e-commerce sites. As part of my research I plan run a few website queries to see which sites are vulnerable to DROWN, contact the site administrators / server administrators of 10 or so websites, give them my findings/results provided by test.drownattack.com and follow up with the site admins to see if they actually fix these vulnerabilities with the appropriate software security patches. This should be fun.

Secure your Selfies!!!

Instagram is in the process of rolling out its new security feature in its latest attempt to further protect you from hackers. With the latest update (to be rolled out in phases), Instagram will add two factor authentication to its app for better account protection.

Two-factor authentication or 2FA adds a second level of authentication to an account log-in. Entering only your username and one password is considered a single-factor authentication. 2FA requires the a user to have two out of three types of credentials before being able to log into an account.

Here are three types of 2FA:

  • Something you know, such as a personal identification number (PIN), pattern or a password.
  • Something you are, i.e.bio-metric like a fingerprint, voice, or eye (retinal scan)
  • Something you have, such as an ATM card, token, or phone.

If you decide to activate 2FA within Instagram, logging into the app will now begin to require your password AND an additional security code. The code will be sent to you via SMS ( Short Message Service a.k.a. Text). With 2FA activated, Instagram will send you an SMS security code every time you login as an extra layer of security. The new input screen that will appear after the regular login page will look like this:

INSTAGRAM-TWO-FACTOR-AUTHENTICAITON-PROMPT

I currently use 2FA for my online banking, Mint, Smarty Pig and Facebook. Again this security feature will be updated over time so if you do not see the 2FA option right now, it will arrive eventually. Continue to make sure your app is updated to the latest version as well. Once the update is rolled out it will be listed under “Posts you’ve liked” option in the settings page of your Instagram account.

INSTAGRAM-SECURITY-AUTHENTICATION-OPTION

Again 2FA is another added layer of security to protect your accounts and online identity from hackers. Though not 100% (like security features in general), it is a very effective security practice to deter malicious activity. Currently Facebook, Twitter, Apple, Google and a host of others use 2FA as well. What other apps or accounts do you currently use 2FA for?

5 ways to tell if your computer is infected with malware

  1. Slow performance

    Have you noticed if it takes longer than normal for your computer to boot up to the desktop? Once you’re logged in are you waiting too long for your programs to startup? More than likely you have some form of malware on your machine. Malware has the tendency to slow down your system, applications and overall functionality of the PC.

    If you do notice something like this and you are not using any resource-heavy programs or applications, keep in mind It could also be a lack of memory available, a fragmented system, lack of space on your hard drive or maybe a hardware issue affecting your drive. Hopefully that is the case instead of malware.

  2. Pop ups


    Another sign of malware is represented by unwanted pop-up windows. Unexpected (and annoying) pop-ups are typical signs of a spyware/ adware infection. To avoid potential spyware via pop ups:

    • avoid clicking on suspicious pop-up windows
    • do not download the recommended software listed on the pop ups
    • be careful when downloading free applications (always check to see if unnecessary software will be installed, i.e. un-check the checkboxes)

    If you do notice your system has pop ups, consider using malware removal tools such as Malwarebytes, Spybot Search and Destroy, Lavasoft’s Ad-Aware.

  3. Weird web-browser (IE, Chrome, Firefox) activity 


    Have you noticed if your browser home page changed to a random site? Are there toolbars placed at top of your web browser? If you try to go to one of your favorite sites, are you re-directed to another unrelated site? These could be symptoms of malware. Malware can install unwanted browser configurations, change the browsers home page, redirect you to unexpected sites, install toolbars, and/ or open unwanted Search engines. One way this can happen is when you visit a website and you accidentally click an malicious online ad or a unexpected pop-up window.

    The action that follows triggers a download/ install malicious software.If you notice this activity, run a complete scan with your Anti-Virus software asap. Your machine at the very minimum should have antivirus programs such as Microsoft Security Essentials, Avast, or AVG. These type of threats may not be initially captured by your anti-virus software so it wont hurt to run additional scans with  the anti-spyware programs mentioned in point #2.

  4. Suspicious hard drive activity 

    Another warning sign of a potential malware infection on your system is unusual hard drive activity. If you notice that your disk continues to have excessive activity (performing either very, very slow or sounding as though your computer is about to take off) this could be a good indicator to check your system for malware. More than likely there are malicious processes running which affects the production of the overall system.

  5.  Anti-Virus software / features disabled 

    When trying to run scans on your machine, you notice that your antivirus isn’t working anymore or the update feature appears to be disabled. Believe it or not there some malware programs that are designed to disable anti-virus/ security programs. Remember the overall goal of malware is to steal information from your system without any interruption.

    Some variants of malware will even prevent you from accessing security vendor websites. I experienced this when I was attempting to remove the conficker virus one time and could not get to security vendor websites like Symantec or McAfee sites as part of my troubleshooting. If you experience this situation more than likely your system has been infected with malware.

    Always try to keep your system virus free and that starts with looking out for the signs of infection listed above.

Featured software for PC protection – January 23

Malwarebytes anti-malware (Free version)

Malwarebytes Anti-Malware is by far one of my favorite anti-malware programs. I use malwarebytes as a backup to my Anti-Virus program, in case my AV program misses a threat. The free version of Malwarebytes Anti-Malware contains two types of scans, Threat scan and custom scan. The Threat scan, scans all of the possible places malware is known to hide such as in the startup process, registry and other parts of the file system.

Malwarebytes Anti-malware

The Custom scan gives you the option to choose what files and folders you want to scan.

Malwarebytes Anti-Malware custom scan

For example on one of my computers (yes I have several) I have omitted a folder containing viruses (used for testing) and another folder containing investigative tools. Had I not done so, malwarebytes or my Anti-Virus program would have deleted my testing / tool files.

I recommend downloading Malwarebytes Anti-Malware (https://www.malwarebytes.org/antimalware/) and running it at least weekly in order to further protect your computer.

If you have a Mac you can download the Mac version here (https://www.malwarebytes.org/antimalware/mac/)

The worst passwords of 2015

According to Splash Data’s yearly “Worst passwords list” here are the most common passwords used in 2015:

Rank      Password            Change from 2013

1              123456                 No Change

2              password            No Change

3              12345                  Up 17

4              12345678            Down 1

5              qwerty                 Down 1

6              123456789           No Change

7              1234                      Up 9

8              baseball               New

9              dragon                 New

10           football                  New

11           1234567                  Down 4

12           monkey                  Up 5

13           letmein                  Up 1

14           abc123                   Down 9

15           111111                     Down 8

16           mustang               New

17           access                   New

18           shadow                Unchanged

19           master                 New

20           michael               New

21           superman            New

22           696969               New

23           123123                  Down 12

24           batman               New

25           trustno1              Down 1

If you log into your personal accounts using one of these passwords above please change it. As you can see the secret is out there. If you need help refer to Up your password game

Up Your Password Game

Let’s be honest, how many of you reading this article currently uses a password containing variations of a relatives name, pets name, your address or even the word “password”. At this time I am encouraging you to change your password to something stronger. This article will encourage you to change your password to something that will make you feel more secure about your accounts (work or personal). Using a strong password can prevent someone from hacking into your account using password attack methods such as brute force or social engineering.

Once a malicious actor (what we call hackers / attackers in the cyber-security industry) gains access to your accounts they can do things such as: post random or bad posts on your behalf, send out spam emails, make changes to your bank account, change settings, etc.

Personally I have DIFFERENT passwords that I use for my online banking, email, media and social media accounts. The one thing that you want to prevent is having a specific email address and password tied to multiple accounts. If a malicious actor recognizes this trend all of your accounts can be compromised much easier.

Here are some recommendations to up your password game:

I recommend using the Password Meter site (http://www.passwordmeter.com/ ) to help you create a strong password. Password Meter will provide a real time analysis of your password and let you know how strong it is based on criteria for creating a strong password. This is a very helpful tool. Plus once you use it, you will feel a little smarter because you have taken the first step in protecting your accounts and your online identity. You will not believe how easy it is to obtain simple passwords and use the associated accounts for malicious intent.

I also use an app called 1Password (https://agilebits.com/downloads). 1Password allows me to keep all of my different passwords in 1 place, which is convenient for me because I have several passwords that I use. Using 1Password also keeps me from going to sites where I may have forgotten my password only to use the “forgot my password” link over and over again which could become a very tedious and time consuming process. 1Password also prevents me from writing passwords down on a sticky note. Over the course of my IT career, I have seen people use sticky notes to keep track of their username and passwords. The bad thing is, I have seen these sticky notes on stuck on monitors, on laptops even placed under keyboards. All of the methods listed above are of course a bad practices for storing passwords. Anyone in plain view of the sticky notes can gain unauthorized access to a person’s passwords and accounts. Again as a measure of added protection, feel free to give Password Meter and 1Password a try and let me know what you think.