Cryptonight mining with Chrome

Subject: General Tech | October 24, 2017 - 01:14 PM |
Tagged: cryptonight, chrome, mining, security

Have you noticed your Chrome sessions are using a lot more CPU power now than they used to and you have installed the Short URL (goo.gl) extension recently?  Congratulations, you are a cryptocurrency miner!  It seems some ne'r-do-well managed to infect the server which provides that app with a mining program called Cryptonight which enlists your browser into mining XMR coins.  For now your best bet is to uninstall that application if you have it installed; it has been removed from Google Play if you do not.  The Register has a bit more information on Cryptonight as well as some history on similar browser miners here.

monero-la-gi.png

"Another Chrome extension has been found secretly harboring a cryptocurrency miner – and it appears this issue is going to get worse before it gets better."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Register

ARM Introduces PSA (Platform Security Architecture)

Subject: Processors | October 24, 2017 - 02:12 AM |
Tagged: arm, cortex, mali, PSA, security, TrustZone, Platform Security Architecture, amd, cortex-m, Armv8-m

It is no wonder that device security dominates news.  Every aspect of our lives is approaching always connected status.  Whether it is a major company forgetting to change a default password or an inexpensive connected webcam that is easily exploitable, security is now more important than ever.

arm_secure_01.PNG

ARM has a pretty good track record in providing solutions to their partners to enable a more secure computing experience in this online world.  Their first entry to address this was SecurCore which was introduced in 2000.  Later they released their TrustZone in 2003.  Eventually that technology made it into multiple products as well as being adopted by 3rd party chip manufacturers.

Today ARM is expanding the program with this PSA announcement.  Platform Security Architecture is a suite of technologies that encompasses software, firmware, and hardware.  ARM technology has been included in over 100 billion chips shipped since 1991.  ARM expects that another 100 billion will be shipped in the next four years.  To get a jump on the situation ARM is introducing this comprehensive security architecture to enable robust security features for products from the very low end IoT to the highest performing server chips featuring ARM designs.

arm_secure_02.PNG

PSA is not being rolled out in any single product today.  It is a multi-year journey for ARM and its partners and it can be considered a framework to provide enhanced security across a wide variety of products.  The first products to be introduced using this technology will be the Armv8-M class of processors.  Cortex-M processors with Trusted Firmware running on the Mbed OS will be the start of the program.  Eventually it will branch out into other areas, but ARM is focusing much of its energy on the IoT market and ensuring that there is a robust security component to what could eventually scale out to be a trillion connected products.

There are two new hardware components attached to PSA.  The first is the CryptoIsland 300 on-die security enclave.  It is essentially a second layer of hardware security beyond that of the original TrustZone.  The second is the SDC-600.  This is a secure debug port that can be enabled and disabled using certificates.  This cuts off a major avenue for security issues.  These technologies are integrated into the CPUs themselves and are not offered as a 3rd party chip.

arm_secure_hardware.PNG

If we truly are looking at 1 trillion connected devices over the next 10 years, security is no longer optional.  ARM is hoping to get ahead of this issue by being more proactive in developing these technologies and working with their partners to get them implemented.  This technology will evolve over time to include more and more products in the ARM portfolio and hopefully will be adopted by their many licensees.

 

Source: ARM

All you need to know about Windows 10's Controlled Folder Access

Subject: General Tech | October 23, 2017 - 04:27 PM |
Tagged: windows 10, security, windows defender

One feature of the Fall Creator's Update which has not seen much coverage is the new Controlled Folder Access security setting under Windows Defender Security Center.  It is enabled for system files automatically, blocking the ability for all but approved apps from making changes to the files in your system folders.  You can also add additional folders as well as approved applications by following the simple instructions which Slashdot linked to.  The primary goal is to prevent ransomware's ability to encrypt vast swaths of folders on your machine but it will also help protect folders you choose from being modified by applications you have not approved.

WCFA-Step2.png

"With the release of Windows 10 Fall Creators Update last week, the "Controlled Folder Access" that Microsoft touted in June is now live for millions of users. As the name hints, the Controlled Folder Access feature allows users to control who can access certain folders."

Here is some more Tech News from around the web:

Tech Talk

Source: Slashdot

Come on baby, IoT fear the reaper

Subject: General Tech | October 20, 2017 - 02:24 PM |
Tagged: security, Reaper, iot

There is another IoT botnet running rampant, with several million devices already infected inside over a million businesses and homes, according to the report over at The Inquirer.  Experts are expecting the IoT_reaper to be worse than Mirai once it is activated as it is far more sophisticated than that botnet.  Some time in the near future you can expect serious issues as routers, IP cameras and fridges start launching DDoS attacks.  There is little that you can do at this point apart from ensuring your devices are patched and the firmware is up to date.  You can get an idea of the scope of this botnet by following the link in the story.

ThreatCloud-Global-Network.png

"Check Point first unearthed the botnet, codenamed 'IoT_reaper', at the beginning of September and claims that, since, it's already enslaved millions of IoT devices including routers and IP cameras from firms including GoAhead, D-Link, TP-Link, Avtech, Netgear, MikroTik, Linksys and Synology."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Inquirer

Stalkers can choose to spend $1000 on a mobile ad instead of a private eye

Subject: General Tech | October 18, 2017 - 01:12 PM |
Tagged: security, spooky

Forget big brother tracking you via your phone, anyone with a bone to pick can stalk you via ad supported apps on your phone for around $1000.  Researchers conducted some disturbingly effective experiments where they created a banner which displayed geo-targeted ads and went through the usual process of paying to have it displayed inside an app, in this case Talkatone.  If the app was left open for more than four minutes, or opened twice in that same amount of time, they were able to pinpoint that phones location within 25 feet.  That let them map out a daily route, work and home addresses as well as many of the locations visited by the person bearing the phone.  Read the full article over at Wired and reconsider this the next time you are pondering installing an ad supported app on your phone.

MappingGeotracking.jpg

"They then used that DSP to place a geographic grid of location-targeted ad buys around a three-mile square section of Seattle, which for their tests they set to appear on the popular ad-supported calling and texting app Talkatone."

Here is some more Tech News from around the web:

Tech Talk

Source: Wired

Don't let todays WiFi security Krack drive you into a panic

Subject: General Tech | October 16, 2017 - 02:41 PM |
Tagged: krack, wifi, security

If you are running Windows 7 or a more recent version and applied the patches from last Tuesday then you are essentially immune to KRACK attack, however older Android OS, Chromium, Linux, OpenBSD and Android Wear 2.0 are. There are several attacks that can be carried out via this vulnerability but all rely on modifying the key which connected devices use to protect data transferred over the wireless network.  KRACK replaces that key with one which the attacker has crafted, which allows them to intercept and decrypt packages sent over the wireless network, or to send there own disguised as an authenticated system.  Depending on the security you use and the OS you are on the attacker can carry out a variety of tasks, which Ars Technica describes in full.

If you are running an older Android device, especially one which no longer receives regular updates you should be concerened, Apple will offer a patch soon as will Google; for now if you have an up to date installation of Windows, the risks have been minimized thanks to the recent patches from Microsoft.

478888602.jpg

"While Windows and iOS devices are immune to one flavor of the attack, they are susceptible to others. And all major operating systems are vulnerable to at least one form of the KRACK attack. And in an addendum posted today, the researchers noted that things are worse than they appeared at the time the paper was written."

Here is some more Tech News from around the web:

Tech Talk

Source: Ars Technica

Want another reason to dump that HDD? It can be used as a microphone

Subject: General Tech | October 13, 2017 - 01:01 PM |
Tagged: security, paranoia, microphone, hdd, hack

Some of you may remember the days when it was inadvisable to yell at a HDD array, the latency issue has been mostly overcome with the advances in technology over the last decade.  That does not mean it is completely gone, as the read head in a HDD cannot read from a disk that is oscillating due to external input such as sound, and those tiny delays are how this researcher was able to use the HDD as a low quality microphone.  He also found a tone which created even more latency than in that video; enough to have a system drop the disk as bad.  There are links to the research over at Slashdot, including the new improved way to verbally abuse your storage devices.

index.jpg

"It's not accurate yet to pick up conversations," Ortega told Bleeping Computer in a private conversation. "However, there is research that can recover voice data from very low-quality signals using pattern recognition. I didn't have time to replicate the pattern-recognition portion of that research into mine. However, it's certainly applicable."

Here is some more Tech News from around the web:

Tech Talk

Source: Slashdot

ICANN not update the root KSK system on schedule

Subject: General Tech | September 29, 2017 - 12:53 PM |
Tagged: icann, bind, dns, ksk, networking, security

ICANN have had to delay their planned upgrade to the root key signing keys used by DNS thanks to between 5-8% of key validators lacking the new KSK key.  If a validator only possess the 2010 key, they would no longer be able to resolve DNS properly and the vast majority of the internet would disappear for stuck on the old system.  The Register points out that the problem will actually be much larger as ICANN assumed that everyone has updated to the newest version of BIND DNS database, and only scanned those validators using the newest version. 

The reason for the update is to increase the length of the root KSK that DNS depends on, which will greatly increase the security of anyone surfing the net and to help move this forward ICANN will be publishing a list of those out of date validators in the hopes publicity will spur them to upgrade.  As with IPv6, we will wait and see.

dnskeyen.PNG

"A multi-year effort to update the internet's overall security has been put on hold just days before it was due to be introduced, over fears that as many as 60 million people could be forced offline."

Here is some more Tech News from around the web:

Tech Talk

 

Source: The Register

Skimmer Scanner, a start to protecting yourself at the pump

Subject: General Tech | September 25, 2017 - 01:12 PM |
Tagged: skimmer scanner, security, bluetooth

If you haven't seen the lengths which scammers will go to when modifying ATMs to steal your bank info you should really take a look at these pictures and get in the habit of yanking on the ATM's fascia and keyboard before using them.  Unfortunately as Hack a Day posted about last week, the bank is not the only place you have to be cautious, paying at the pump can also expose your details.  In this case it is not a fake front which you need to worry about, instead a small PIC microcontroller is attached to the serial connection between card reader and pump computer, so it can read the unencrypted PIN and data and then store the result in an EEPROM device for later collection.  The device often has Bluetooth connectivity so that the scammers don't need to drive right up to the pump frequently.

There is an app you can download that might be able to help stop this, an app on Google Play will detect Bluetooth devices utilizing the standard codes the skimmers use and alert you.  You can then tweet out the location of the compromised pump to alert others, and hopefully letting the station owner and authorities know as well.  The app could be improved with automatic reporting and other tools, so check it out and see if you can help improve it as well as keeping your PIN and account safe when fuelling up. 

Skimmers-Main.jpg

"It would be nice to think that this work might draw attention to the shocking lack of security in gas pumps that facilitates the skimmers, disrupt the finances of a few villains, and even result in some of them getting a free ride in a police car. We can hope, anyway."

Here is some more Tech News from around the web:

Tech Talk

 

Source: Hack a Day

Texting troubles with 2FA

Subject: General Tech | September 19, 2017 - 02:07 PM |
Tagged: security, sms, 2fa

Two factor authentication is the way to go when dealing with important information online, unfortunately the most common way of enabling 2FA has proven rather vulnerable.  With just your name, surname and phone number an unsavoury type could use a vulnerability on cellular networks to gain access to your accounts.  The example given over at Slashdot is of a Coinbase wallet with 2FA, registered with a Gmail address also protected by 2FA, which the security researchers easily took control of.  Take a look at the article for more details on the SS7 network vulnerabilities this attack exploits as well as better ways of making use of 2FA. 

If you do intend to continue to use SMS as part of your 2FA, at least consider disabling the feature on your phone which allows you to breifly read a text without unlocking your phone.

cell-tower-chemtrails-hendersonville-header11.jpg

"The report notes of several ways you can protect yourself from this sort of attack: "On some services, you can revoke the option for SMS two-factor and account recovery entirely, which you should do as soon as you've got a more secure app-based method established. Google, for instance, will let you manage two-factor and account recovery here and here; just set up Authenticator or a recovery code, then go to the SMS option for each and click 'Remove Phone.'"

Here is some more Tech News from around the web:

Tech Talk

 

Source: Slashdot