Tech-2 Security

Over the past few days the new EU data protection laws have been passed which will for the first time in 20 years rewrite the requirements and responsibilities of those who store data. It will also give more rights to the users who have data stored. The new General Data Protection Regulation (GDPR)  will require many businesses to re-think and rework their current strategies.  One area which interested me was in the effect of the GDPR on cloud service providers. I have studied many articles and discusssions and thought I could take the main points and simplify them here. First some terminology Data Controller - The business who actually owns the data Data Processor - The cloud provider The current situation: All of the responsibility of data protection  currently lies with the Data Controller.  The Data Processor basically facilitates a platform on which the systems run. With the introduction of the GDPR Both the Data Controller and the Data Processo...

After Trend Security Researchers discovered two new flaws in Quicktime they contacted Apple to report the issue.  Apple allegedly responded that they would not fix the issues as they were removing support for Quicktime on Windows. It is reported that even the  Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) has recommended Windows users uninstall this software as well.

On April 12th, 2016, a crucial security bug in Windows and Samba will be disclosed. It has been named Badlock and like Heartbleed it has its own website. Full details of the vulnerability have not been disclosed but the name and logo for once are a good indication of what to expect. Visit the official website for more information. http://badlock.org/

 Re: The FBI and Apple story involving the FBI trying to force Apple to unencrypt an IPhone in their possession. The FBI have now reportedly withdrawn their court battle with Apple after a third party has given the FBI  the ability to access the phone without Apple assistance. Based on this new information, there is likely a lesser known vulnerability in the IOS which is now known to the FBI.  The question is whether Apple know of its existence and will they release a patch. Also what are the implications of this being known to the FBI.  More questions are raised.

The US acknowledged that Iranian hackers were responsible for hacking into a Dam's online control systems in 2013. It is thought that the only reason that the water contained by the Dam wasn't released was because the sluice gate system was manually taken offline for maintenance. 

The DROWN attack (CVE-2016-0800) was m ade public last week. Drown is a Cross-protocol attack on TLS using SSLv2. it allows attackers to break the encryption and access potentially sensitive communications like passwords or credit card details. At the time of writing this, researchers have estimated that around a third of all HTTPS servers are vulnerable to this attack. For an indepth discussion on the DROWN attack please visit the site. https://drownattack.com/

It's been quite a while since a vulnerability like this has been uncovered.  There is no doubt that this is a serious one and it affects many products.  What makes this a problem is not only that it has serious consequences, but also that it isn't that hard to exploit.  Affected versions of OpenSSL have also been around for a long time since around April 2012 meaning the impact up to now is unknown. Recommendations are to patch the affected products, renew certificates and ensure users change their passwords. OpenSSL versions 1.0.1 - 1.0.2.  OpenSSL advise Affected users should upgrade to OpenSSL 1.0.1g and users unable to immediately upgrade can opt to recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.  1.0.2 will be fixed in 1.0.2-beta2. The list below are links to some of the affected products.  There are many more. VMWare http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2076225 Fortinet http:...

As we know, many home users and businesses are still running Windows XP as their Desktop Operating System. With support for Service Pack 3 ending in April this year (2014), the likelihood of increased malware and virus' is very high on these systems. This information should not be taken lightly, due to the very real threat which will continue to rise the older the Operating System gets. If a vulnerability is found and remains un-patched then businesses will be taking unnecessary risks. When support is discontinued there will be no patches so the security holes will remain open waiting to be exploited. Contrary to what many believe, this isn't Microsoft looking for ways to make more money. XP is three generations old if you count Vista, Windows 7 and now Windows 8. It's time to upgrade Windows or Migrate to a different OS completely.

I received a voicemail, then text then a call to my home phone from the bank to call them. I verified the number was legit and contacted the bank. They didn't ask any questions but were able to verify my recent transactions so were genuine. However twenty minutes prior to the call someone had placed an order on Play.com for £500 using my details. Luckily for me the bank had the sense to block the transaction and contact me. I had to cancel my card. I decided to contact Play.com to tell them what had happened and after some cross referencing they could see that an order had been placed on a very recently created account using my bank details, but a different delivery address. The customer services lady was a bit shocked when she then cross referenced the delivery address to find that six other orders using other peoples details had also been placed today for delivery to that address. Unfortunately for those people it looks as if the transactions had at that point completed. ...

Click here to read the article. Yahoo Mail Breach

Tech-2 are currently in the process of investigating another potential online scam which dupes the user into making a booking through what appears to be a valid website. Infact it would appear that the booking money is taken, yet the user never receives what they have paid for. More details will be posted on this investigation including the offending website URL if proven true. Watch this space.

A two day seminar held by LAN2LAN Limited in Leatherhead was deemed a success judging by the participant reviews. The seminar focused on hacking techniques, malware and demonstrations in order to provide more awareness of the types of issues we may be faced with.

SC Magazine Full Story

New York Daily News Story

Well it has been a while since the last post. I haven't really got too excited about anything in the news over the past few months, or had many new toys to play with until recently. Just to get things started I did find the story below quite interesting. Chinese Android handset,ZTE Score M has been found to have an application installed which acts as a backdoor to the operating system. The application has a hard coded password which gives root level access to the device. The password and instructions are readily available online. As of yet there is no proof of a remote exploit being possible, but it is very likely that software downloaded by the user could be coded in such a way to exploit the issue and give attackers access to your device. Still, so far not a big issue for the UK as it is only linked to handsets which were supplied by China to the US !!

This phishing scam has been widely reported from as far back as Feb 2011. Today I received the email myself. The first warning sign was that there were approximately twenty other email addresses CC'd on the same email all supposedly having the same failed transaction number. Obviously a mistake on the part of the sender. Also the from address didn't bear much relation to the supposed sender. *thi***@sui****.com Opening the email on a "safe" machine I took a look through the source and there was a significant amount of javascript. along with a link to a website in South Africa which is accessed once the "view report" link is clicked. The site is a company site and therefore has likely been compromised and the offending link hidden with a numeric directory name. NACHA have reported this scam and users should not open the link due to it's likelihood to infect the machine. To protect identities, the CC'd addresses, website link and from address have...

This one has reached a lot of people including myself. Check the email below. The url in red is where clicking the link above it actually takes you. Once clicked you are redirected to another fake webpage. (below) This is where you are asked to enter your credentials. Right or wrong the credentials entered get harvested and the link redirects you to another real BA webpage. BA are aware of this scam and are looking into it....

Similar to the windows fake AV alerts, MAC users have now been targeted with a fake AV scam. After visiting an infected site, the software scans the users hard disk and reports on viruses found. Users are then given the opportunity to purchase remedial AV software, thus parting with credit card information. The trick here is that is can masqurade as the legitimate MAC Defender application making the users less suspicious about the warnings. Apple Mac users have been adviced to disable a setting in the Safari browser that allows "safe" files to be automatically installed. Full details on removing and preventing this malware can be found here. Apple MAC Malware Removal

If you are looking for a free anti-virus product, there are a few to choose from, however the Forticlient suite offers many additional features beyond a standard Anti-Virus product. Fortinet are the world leaders in the Unified Threat management arena and have a client in their portfolio. There is a premium version for the enterprise and a standard version free for download. The image shows the features and a download link is provided below. Download

Full Story CNET