Coming hard on the heels of the international sting two weeks ago that resulted in the arrest of nearly 100 “RATters”, law enforcement agencies in several countries again acted together to take down two very large botnets that together number well over 1.2 million compromised Windows computers, arresting a Russian hacker who allegedly managed the powerful zombie networks. Botnets are essentially large collections of “zombified” computers that can be controlled remotely and are a favored tool of cybercriminals and hackers that can execute a variety of activities including widespread phishing campaigns to steal sensitive personal data and focused DOS attacks used to cripple websites and servers.
What this means for you:
The UK Crime Agency believes that though they have control over the botnets for the moment, that control won’t last long – maybe 2 weeks – before the zombified computers are drafted into another botnet. In those 2 weeks, the various involved law enforcement agencies are hoping to take advantage of the temporary reprieve to notified the owners of the infected machines that they need to clean up their computers ASAP. If you receive a conspicuously official looking notice from some form of local law enforcement, it might be legitimate and not just another scareware scam. Some obvious signs that your computer might be infected (and possibly part of the one of the 2 busted botnets) include:
- Websites loading in your browser that are clearly not where you intended to go, or what the search results said they would be
- Computer performing unusually slowly or erraticly, unexpected crashing or other unusual behavior
- Files suddenly becoming corrupt or unusable
The last one is of special concern – it could mean your computer is infected with Cryptolocker, a nasty bit of malware that locks your files up and holds them for ransom. This might also mean that even if you were inclined to pay the ransom to get your data back, you may not be able to, as the take down of the botnet may also result in no one, criminal or lawful, being able to unlock your files. Sadly, if you hit this point and don’t have a recent backup of your data, it is gone forever.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
Dutch scientists have recently announced a breakthrough in quantum mechanics that could have significant applications in networks and security. Where previous experiments in this field have demonstrated that information could be transmitted across great distances (up to 90 miles) via quantum mechanics, the researchers at Delft University were able to instantaneously transfer information between two quantum-entangled bits (Qubits) ten feet apart from each other, and they theorize this could be accomplished at greater distances as well. While this may not sound like a practical distance, there are two important facets to consider: the information doesn’t actually traverse the distance, the information just exists in two different places at the same time, and the materials used to build the Qubits (in this case, diamond) could conceivably be produced on a mass-scale.
What this means for you:
Though it sounds like science fiction, quantum computers are actually being built and are in use, though mostly in highly experimental situations. The benefit of quantum data communications go beyond speed: because data isn’t transmitted so much as teleported across distances, it would be theoretically impossible to intercept, tap or otherwise tampered with a quantum bit of information without altering it, and thereby rendering any sort of eavesdropping impossible. Quantum-based encryption keys would be unbreakable and could never be intercepted or replicated as has been the weakness exploited in Heartbleed and countless other security hacks. However, we are still years away from a quantum internet, or even a quantum home computer or router, so don’t give up on your current security measures just yet. Also keep in mind that even though quantum security is impossible to hack in theory, the devices that will be built to use quantum mechanics will still be designed by people, which means that it is only as impervious or infalliable as the humans that created it.
Image courtesy of Renjith Krishnan / FreeDigitalPhotos.net
Even the most diehard Facebook afficianado will admit that some days their news feed seems to be a neverending stream of banal posts from friends, making it hard to catch the posts that really matter. “Banal” not because their friends are boring, but many social media apps start out by default posting everything a user does with that app. Multiply that by 5 or 6 apps times all the friends you follow on Facebook, and you have a news stream that is full of noise and very little signal. Facebook, realizing that it already has a fight on its hands to retain its billions of customers, has heard the complaints and is adjusting its news feed platform to de-prioritize auto-posts from third-party apps, which should give posts actually written by the user better visibility. They also start requiring third-party apps that auto-post on a users behalf to ask users if they actually want the app to auto-post, instead of just assuming that they do.
What this means for you:
The explosive growth of Facebook was largely attributed to its astonishing abillity to allow friends to socialize in a way that was previously only possible by being in direct contact with them, or (heaven forbid!) seeing them face to face. However, as social media grew into maturity and other platforms emerged, splintered and gathered their own loyal fans, the amount of social activity has increased exponentially, to point where its become nearly impossible to sort out the information that matters. And what matters in the social context is so highly personalized, there is no simple, algorithmic way to do so. Thus, we see the pendulum begin its return swing, starting with Facebook (the progenitor of “What I had for lunch” posts) turning down the activity spam so that their users can once again sort the wheat from the chaff. It may even get me reading my Facebook news stream again!
A new scam to extort money out of Apple mobile device users has surfaced in Australia, with scattered reports in other countries as well. Affected devices are locked out via Apple’s own “Find my iPhone” platform with a message that demands a ransom payment of $100 USD to unlock the phone. Security analysts are unsure at this point as to how the perpetrators are gaining access to victim’s AppleID accounts, and so far Apple is refusing to comment on this issue. According to posts on Apple’s Support Forums, the only reliable way to unlock the device is to reset it back to factory settings and restore your data from a backup, if one was actually created and maintained for that device.
What this means for you:
So far, there is a tenuous link between some of the victims and the recent eBay hack that exposed user accounts and encrypted passwords, where the victims admitted to using the same password for both eBay and iCloud. However, several other victims of this new ransom scam did not use the same password as their eBay account, so eBay’s exposed data may not be the only source. Bottom line, you should use strong, unique passwords for online accounts, especially for the ones that are tied to important services like online banking, email and any account that has access to confidential data, either yours or your clients/customers.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
It’s a beautiful day on the internet when I can report good news instead of bad. In what appears to be a new and very positive trend in modern law enforcement, several agencies around the world came together in a global sting that bagged nearly 100 cybercriminals selling and using the Remote Access Tool (RAT) “Blackshades”, a very popular hacking tool used to spy on and even extort thousands of victims through their compromised computers. Lest you think this is a new trend in cybercrime, “Ratting” has been around for years, but perhaps its profile was elevated through the unfortunate victimization of Miss Teen USA 2013, Cassidy Wolf, high enough to galvanize authorities to do something other than attempting to squash Ratters one at a time.
What this means for you:
According to analyst estimates, Blackshades was being used to compromise hundreds of thousands of computers world-wide at the time of the sting. It was readily available and cheap, and did not require sophisticated technical skills to use. In the case of Ms. Wolf, the software was installed by a former acquaintance, but typically users are infected and “ratted” through a link on Facebook or via email, often sent by other infected machines. As with any malware incursion, a healthy level of caution and up-to-date antimalware could have prevented the infection, and in the case of Miss Teen USA, a great deal of heartache and trauma. If you are one of the many who refuse to lock their unattended computers with a strong password, consider the victimization of Cassidy Wolf as a cautionary tale and take immediate steps to secure your privacy and safety.
Security holes in Adobe’s Flash and Oracle’s Java have become so commonplace, it’s actually helped to raise awareness about the necessity of keeping these platforms updated, but there’s a third platform that many of you probably use everyday without ever realizing that it too needs to be patched. Would it surprise you to know that it’s a Microsoft product? Microsoft’s Silverlight technology was originally built to compete with Flash, but it’s probably best known as the platform that delivers Netflix’s streaming content to your computer. Hackers, unfortunately, are very much aware of how widespread Silverlight is, and are currently pressing their attacks on older versions of Silverlight, seeing as their usual punching bags, Java and Flash, are now firmly in the security spotlight.
What this means for you:
If you’ve ever watched Netflix streaming content on your computer, you have Silverlight installed. Even if you don’t use Netflix streaming, there is a high probability Silverlight is installed on your computer, even if it’s a Mac. Depending on how long ago it was initially installed, it might be out of date, especially if you disallowed automatic updates of the software. The latest version of Silverlight is 5, and to make sure you are up to date, you can use this link here. While you are at it, double check to make sure Java and Flash are both up to date as well, but be careful of the “optional software” both companies push when you update their platforms. Oracle variously pushes the Ask toolbar or McAfee Security Scan, the former a very annoying adware-spawning toolbar, and the latter may be redundant if you already have a decent antimalware app installed. Adobe is a little less obnoxious, but it does offer to automatically install Google Chrome (and the Google Toolbar), which may be redundant if you already have it installed, or possibly very confusing to a less savvy computer user who thinks Internet Explorer is the web browser.
A secret war is being fought in the internet industry right now, but unless you are a die-hard student of all things tech, you might not even know it’s taking place. The more conspiratorial-inclined among us accuse the mainstream media of avoiding coverage of this debate because of their close ties to the opponents of net neutrality, but it’s also a very complex, “unsexy” topic that is hard to explain in easily digestible soundbites.
The principles of “network neutrality” have been the subject of hot debate for over a decade now, but as of yet, there has only been one highly publicized incident of a company actively “violating” the basic tenet of net neutrality, which is that all data on the internet should be treated equally, both in terms of accessibility (can I see it?) and how quickly it loads. For Americans, censorship is a hot-button topic, so the accessibility issue isn’t normally included in the ongoing debate. What’s at stake is whether internet service providers like Time Warner, Comcast and AT&T can charge content providers (NetFlix, Google, Spotify) more because they use so much data, and if those companies refuse to pay the premium, would their bandwidth be throttled, lowering the quality and/or value of the service itself.
Another aspect of this debate is whether the US Government (or any government, for that matter) should regulate the internet like a utility. Both sides of the net neutrality fight are of mixed opinion on this. Some argue this would encourage (enforce) competition in the ISP market, and would allow oversight into ensuring net neutrality was observed, but as many others have pointed out, this didn’t work so well for the telecomm industry the first time we tried this. The other thorny facet of this issue is the plain fact that the internet is not owned nor controlled by any one country, though it could be argued that the US holds a “majority stake” in its creation and continued wellbeing.
What this means for you:
Today, the FCC has presented a plan that many feel completely undermines network neutrality by providing a “regulated” means for ISPs to create “fast lanes” of service into which content providers may opt, and if they do not, presumably their content would be delivered via the “normal lanes”. If no one opted into the fast lanes, this would be a moot point, but as you all know, in business, those who get to the finish line first win, and everyone else, regardless of whether they finish at all, lose. Even the most altruistic of companies (Google maybe?) are willing to get their claws out when it comes to competing, and being slow on the internet is the difference between being Facebook or being MySpace.
In my opinion, network neutrality is a concept worth understanding at minimum, and if you take the long view on improving our civilization, an important principle that should be upheld. Competition is what made America great once, and it is what created the amazing technology we have now, including the internet. Creating tiers of accessibility and quality within a service that most would view as a fundamental need (if not right) might end up creating a version of the internet (at least in America – imagine the irony) that is the antithesis of internet that is spreading information, freedom and equality around the world.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
Cable broadband was once strictly the province of residential customers, but over the past several years, the major players in this space have made large in-roads into the SMB market with fast, cheap internet circuits that, on the whole, perform more-or-less as reliably as their more expensive (T1’s) and/or slower (DSL) counterparts. The primary difference between cable circuits and T1’s, the former mainstay of business broadband, is that cable bandwidth is not guaranteed as it is on T1’s, and speeds can fluctuate wildly throughout the day, depending on the neighborhood utilization. Web-based speed tests were born, and from them probably many acrimonious disputes between customer and provider were sprung. Anecdotal research by CNET writer Dennis O’Reilly indicates that not all speed tests are created equal, can be inconsistent and even possibly slanted to favor the companies or brands sponsoring the test.
What this means for you:
A casual run of the tests on Speedtest.net may prove eye-opening, but not necessarily irrefutable proof that your internet provider has over-promised and under-delivered. In the case of a broadband circuit in use at an office, other users and devices will impact the internet speed, and unless you can guarantee your computer is the only device using the circuit, will never be a true test of the circuit’s full potential. Also, even if you were to disconnect everyone from the internet except your test machine, that’s not a true representation of the actual speed you and your co-workers will experience on a typical day. And here’s the catch behind the low-cost business-class cable – very rarely can the cable company provide any kind of cohesive reporting on how your bandwidth is being utilized, primarily because you are using a shared internet circuit. Conversely, with T1’s the higher costs pays for a dedicated, (usually) monitored circuit. Depending on your provider and contract, you may be able receive detailed reporting on utilization at any point typically within the past 7-14 days, and they may even be able to pin-point who on your network is bogarting all the bandwidth. If you have concerns about network or internet performance, speak to a technology professional who can provide you with a much broader, context-based analysis of your bandwidth usage. Don’t rely on a simple website to pass judgement on a critical part of your business performance.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
As a parent, there is perhaps nothing more frightening than to have your child’s well-being threatened, and when that threat comes from a device meant to help safeguard children (and relieve parental anxiety), the impact can have far-reaching implications. Proving that some hackers out there have no grasp of human decency or compassion, there have been at least two separate known incidents of network-enabled baby monitors being hacked and then used to audibly taunt and yell at the toddlers devices were monitoring. In both cases, the devices weren’t hacked in the true sense of the word, but were exploited through a weakness that is common across the internet: easy-to-find default passwords. The parents, not knowing that the passwords should be changed, left the devices configured as they came out of the box, and the baby-screamers used that opening to perpetrate their irredeemable acts.
What this means for you:
In comparison to the above, getting hacked as an adult seems almost laughable, but when you think about it, it’s just as scary. In case you missed my blog about “ratting” and you aren’t feeling insecure enough about your security and privacy, you should have a read. The lesson hard-learnt here is this: make every attempt to understand all the devices you use, especially the ones that may be safeguarding the security, privacy and happiness of your family. Read the instructions that come in the box, and if they are incomprehensible, get on the internet and ask questions, or grab your nearest tech geek to have them review the device for potential security issues. Don’t take for granted that a device manufacturer (or website publisher, or software programmer) has your security and privacy top of mind when they are making and marketing their product. The lure of profit encourages even the most trusted brands to cut corners on occasion, which can lead to scary situations like the above.
I shouldn’t have worried that my special “Microsoft Zero-day Warning” graphic was going to gather dust. Would it surprise you to hear that a serious security flaw has been found in all versions of Internet Explorer up to the latest, version 11? This particular loophole allows attackers to use a specially crafted Flash file downloaded from compromised websites (like the ones linked to in spam, scams and phishing emails) to gain full access to your computer, and will likely lead to a badly infected computer and theft of your personal information. Though there are some band-aids offered by Microsoft, as of now there is no word whether this hole will be plugged by an emergency patch released soon, or on “Patch Tuesday” (2 weeks from now), or even later than that. Because of the severity of the security flaw, even the Department of Homeland Security is recommending everyone avoid using IE until this is fixed. Oh, and remember Windows XP? It won’t be getting patched, so yet another burning reason to switch browsers, and upgrade as soon as possible.
What this means for you:
This flaw is being exploited “in the wild” as you read this, though not widespread yet, and has thus far been used to target government employees and defense contractors. Given how large the target surface is, this exploit is highly likely to spread beyond these focused attacks. Unless your work requires it (or disallows the use of other browsers), you should stop using Internet Explorer for anything except known work-related websites. And if you have to use IE, you can disable the Flash add-on until the hole is plugged. This article from Microsoft explains how to do this, but make sure you use the little drop-down to the right of the headline to switch to the appropriate version of IE for specific steps. Chrome, Firefox or Safari are good alternatives to IE, and who knows, you may find that they can permanently replace IE for most of your web browsing tasks.