Latest Threat: International Domain Name Attack

International characters in domain names can do things like make an address LOOK like but it is really in the Russian character set and has NOTHING to do with

If you are using Chrome, no problems. Google has made it far more difficult for the bad guys. Firefox is not quite up to spec. In firefox type about:config in your url. Find the set network.IDN_show_punycode setting and change it to TRUE. Most browsers should be releasing a patch within the next week to deal with this security issue in a more robust manner. Update your browsers next week.

NSA Hacking Tools are Now In The Wild

An April 14, 2017 article in The Intercept states the worst case scenario has occurred with the NSA’a cyber attack package. According to the article, an entity called “The ShadowBrokers”,

“…today released another cache of what appears to be extremely potent (and previously unknown) software capable of breaking into systems running Windows. The software could give nearly anyone with sufficient technical knowledge the ability to wreak havoc on millions of Microsoft users.”

While the world has been worrying about North Korea, a potentially far worse disaster is in the making. A digital attack package, created by some of the most brilliant talent the United States has, is now in the hands of everyone. Script kiddies will shortly have access to an attack suite that has the potential to spread havoc around the world. The Russian hackers who specialize in cyber-crime have just been handed a tool package better than they have ever had access to before. Hostile governments will now have access to parts of the United States infrastructure that I do not want to even think about.

Instead of spending the next hour telling you just how bad this could be, just trust me, it is really bad. The important question right now is what to do about it?

My understanding is that the attack modules are just for “computers running version of the Windows operating system earlier than the most recent Windows 10”. If your computer is running Windows 10 with all of the patches, you may be safe… I doubt that you are, you will need to decide for yourself. Servers, especially Windows 2008, the most used version, are definitely vulnerable!

Individual home users, if possible, should strongly consider using Linux, Macs, and Chromebooks as much as possible and just don’t use Windows.

Office environments and servers are going to be a tricky problem. Many are still running Windows 7, 8, and 8.1. Pretty much all Windows servers are vulnerable. Now is the time to consider thinking outside the box. I consider good backups to be the first step in ANY security plan. If you are responsible for your company’s network, NOW is the time to leverage online, real-time backups of data. Consider upgrading to the latest and greatest version of Windows if you believe that the latest version is safe. If you are not current on updates, make that your first priority. I would have a couple of live versions of Linux ready to go. It is cheap insurance and will allow people to do some Office 365 stuff online while you are dealing with any issues that pop up.

While it is not much, that is all we can do for now. Realize that there are going to be major data leaks and disruption in the near future. If I was Microsoft, I would be pulling out all of the stops right now. If I were the NSA, I would be doing everything I could to help Microsoft BEFORE everything goes south…

Good luck!

IoT and Router Flaw

There is an article from ARS Technica, Newly discovered router flaw being hammered by in-the-wild attacks.

There is a well known malware delivery package, Mirai, that is now being used to take advantage of several million vulnerable routers. The port being exploited it 7547. Do yourself a favor, block that port on your routers both at home and at your businesses.

While we are talking vulnerabilities, there is a site Bullguard that is useful. It can quickly see if you have one or more IoT (Internet of Things) devices on your network just asking to be attacked. To save yourself a lot of potential issues, just block port 4567.

Lenovo installing malware on new computers

According to OS News, Lenovo has been installing adware, called Superfish, on new computers. It injects third party ads on Google searches and other websites without user permission.

It gets worse. It is incredibly insecure and allows security threats. The malware issues itself an unrestricted root certificate authority.

The article at The Verge gets into some really ugly details.

Lenovo dismissed the outcry in the same statement, saying, “we have thoroughly investigated this technology and do not find any evidence to substantiate security concerns.”

The other fun issue created is the fact that removing the malware WILL NOT DISABLE THE ROOT CERTIFICATE. Thanks Lenovo!

I have never purchased an Lenovo, and now I am sure that I never will.