Don’t destroy your debit card if your account is compromised

I watched a TV programme the other day “Don’t get done, get Dom” (BBC iPlayer link will expire in a few days http://www.bbc.co.uk/programmes/b01gxsjz) which delved surprisingly deep into the issues surrounding “Chip and Pin” debit cards.

When your bank account is breached or compromised by fraudsters, one of the things the banks tell you to do, is cut up your card, and cut through the chip. This, is in fact bad practice, as this chip contains transaction logs for every time the card is used. If a fraudster obtained your card information, there is at least one known way of making a copy so a fake card can be used. By destroying your card, you destroy evidence which could prove your innocence, and point to the use of a counterfeit card.

Security researchers at Cambridge University have demonstrated how it might be possible to trick the card into thinking it’s doing a chip-and-signature transaction while the terminal thinks it’s authorised by chip-and-PIN.http://www.theregister.co.uk/2010/02/12/chip_pin_security_unpicked/ This doesn’t work at ATMs(Cashpoints) but could work with counter card devices used in shops and banks.

Other vulnerabilities are discussed here http://en.wikipedia.org/wiki/EMV#Vulnerabilities

Moral of the story, don’t cut up your card.

 

51.708912 -4.948058

How to filter out the crap without government censorship – OpenDNS

Governments around the world are trying to legislate to bring in censorship to control what they consider inappropriate. Although they claim this is to combat crime, measures they want to introduce can also put in place a mechanism to restrict freedom of speech and expression. You may have trust in the current government, but can you be sure that a future government will not be more oppressive?

An alternative is to use a company like OpenDNS. The good thing about this, is you can stop using them at any time, and you know what is going on. You can simply change your DNS settings to point to their servers, and it will block any blacklisted sites, such as sites with viruses, or spam sites. If you don’t like it, you can always change the DNS again after.

Current servers to point to are

• 208.67.222.222 (resolver1.opendns.com)
• 208.67.220.220 (resolver2.opendns.com)

For help in doing this, drop me (Adam) a line on 01646 602248.

51.708912 -4.948058

Critical Windows Updates

This month’s Windows updates from Microsoft include 4 critical updates which fix flaws that could allow the PC to be taken over simply by visiting a specially crafted web page. Your anti-virus may or may not offer any protection, therefore I advise people to install these Windows updates.

51.708912 -4.948058

Microsoft’s Valentine

Microsoft has a number of Valentines Day presents for all us loyal users in the form of some critical security updates! Woo, I know how exciting this must be, and due to us living on the wrong side of the Atlantic, we probably won’t get our pressies until late at night or even Wednesday.

Installing these updates is an important way to keep your computers secure against viruses and other threats. If you don’t see any updates appear by Wednesday night, you may have a problem. Get in touch on 01646 602248 if you need help with this, although not tomorrow night, as I am having a night off! ..and not with Microsoft!

51.708912 -4.948058

How to avoid viruses !

Sorry, there is no guaranteed protection, but one thing you can do is remove Java. Most people don’t need it, and if you do, you can always download it again. Windows itself has been updated so much, that virus writers are finding fewer weaknesses. Now, their attentions are focussed on Java, Adobe Flash and Adobe Acrobat. The average Joe is likely to need the Adobe products (Acrobat Reader for downloaded documents and forms) and Flash for many websites, including YouTube. However, you will protect yourself better if you keep those products up to date. You should be on Adobe Reader X (or 10) and Flash Player 11 – to check which version of Flash you are on, go to http://kb2.adobe.com/cps/155/tn_15507.html

The figures in a study in September put malware infections via Adobe products at 48%, and via Java at 37% with Internet Explorer trailing at a relatively safe 10%.

 

 

51.708912 -4.948058

Bad visa credit card website security questions

Security questions used for website security are generally a terrible idea, as the information is often easy to obtain. The classic example is mother’s maiden name. For famous people, this is easily available on the web, and anyone determined can find this for less famous people. The examples on this form have many poor choices, that are easily found out, favourite niece (I only have one niece), street you grew up on.

What really smacks me about this one, is how restrictive it is. Firstly it’s annoying that I have to use one word for my first car (not my real answer) which would also be an annoyance for “street I grew up on.” I also couldn’t use Paris as my honeymoon location. Secondly, it seems bizarre (and unlikely) that their database cannot store spaces nor punctuation, eg St. David’s Street. A no-brainer rule of passwords is – the more complex the password, the harder for a hacker to crack.

51.708912 -4.948058

Its good to remove programmes you no longer need…except when they are Windows Updates!

I recently reformatted a badly infected PC for a customer. It had a number of nasty trojans, plus some files with broken digital signatures. After reinstalling Windows Vista plus the 100 or so updates, and restoring her documents, I returned the PC.

I always try to advise customers on how to protect themselves online, as so much malware is now a “wolf in sheep’s clothing” masquerading as some useful piece of software. “Honest guv, I will speed up your pc, plus give you virus protection, make you lots of money and even bring you regular cups of tea” (well ok, not that.)

As part of this advice, I advise customers to remove software they no longer need, such as RealPlayer, Java, Shockwave, a gazillion toolbars etc.
Startlingly, during the course of my conversation with my customer, she starting telling me how she had removed all those surplus Microsoft Updates, as they were years old, and she doesn’t use them! I had to explain how they are vital for her protection, but it never occurred to me that this could make sense and there is a certain logic to it. The average user just installs the updates automatically without ever needing to understand these updates fix security holes in Windows.

What is the solution to this? Microsoft can’t prevent users from uninstalling updates, as updates can cause  other programmes or entire systems to crash or cease working. As much as I dislike the “are you sure?” and “are you really, really sure” type of dialogues, perhaps a sterner warning before uninstalling critical updates is needed.

51.708912 -4.948058

Ransomware /Hijackware/ Extortion-ware – totally dominant type of malware

Nearly every customer who comes to me with a malware problem has installed a “fake anti-virus” programme on their pc that is often described as ransomware because in order to get control back of your pc, you have to “upgrade to the full version” – until then, it flashes a window up in front of anything else you try to use and its impossible to close it. Generally, they disable access to task manager, so you can’t kill it by “ending its process”. It plays a video claiming to have found lots of different pieces of malware but says it’s not safe to continue until you get your credit card out and pay for the full version. Make no mistake, this IS malware, all the warnings are just bogus information that is part of the video that is played to everyone who has installed this bogus anti-virus.
Another recent case of ransonware conned users into sending an SMS to premium rate numbers at a cost of 360 Russian Roubles (approx £7.50)

Sadly this approach works. I have heard conversion rates from 2%-10% for ransomware attacks.

So, how do you protect yourself? Firstly you should use all the basic protection for your computer but perhaps the most important thing..

Know what your antivirus is?

I am quite shocked how easily people are tricked by going to a webpage and believing some random page that runs a video saying “they are infected, so click here!” The web is a dangerous place, guys! The antivirus on your machine is there to protect you, and if you are familar with it, and trust only it’s warnings, you can and should disregard ANY other warning about malware or viruses that doesn’t originate from your own antivirus.

I would guess the majority of users couldn’t name the antivirus programme they have on their machine. To me, that is a timebomb, as well as a great cash cow for the ransomware extortionists.

Wikileaks – Why Operation Payback failed to make a dent

“Operation Payback” is a coordinated effort by hackers to disrupt the operations of some of the financial institutions who have turned their guns on Wikileaks, for revealing embarassing truths about Western espionage (lets be honest: official secrets usually are secret because they don’t want the voters to know, rather than than fear of giving an advantage to the enemy.)

It appears that Operation Payback has had little success in hurting these big institutions but let’s look at the big picture. Gone are the days of “cyber-anarchism” – the motivation these days is financial or military. These institutions have hardened themselves against relentless spamming, phishing and sustained efforts by underground criminal gangs. The amateur hacking community has been overtaken by highly organized commercial concerns, perhaps in Eastern Europe, China or who knows where.

The reality is: if the controllers of the biggest botnets got all their botnets doing a mass denial of service on Amazon, it would have had more of an effect. However, these botnets are busy making money for their owners. Also, hackers have undiscovered exploits up their sleeves. These are like gold-dust. Would they reveal these exploits for this goal. At one time, they probably would, however these days, they can get paid for this information, either by playing good and giving them to Google (in exchange for cash) or using a “black hat” method.

If there was a lucrative prize for taking Amazon down, I have no doubt it would have happened already, In terms of motivation, noble political and moral ideas usually play second fiddle to the power of the Dollar.

Cyber security and UK government “spending review”

Nuclear power stations at risk

Traditional formula, announce cuts, then take people’s attention elsewhere using fear. Usually its a fear of a foreign threat, whether it is the “red menace” of the Soviet Union during the Cold War, Iraqi weapons of mass destruction, or the new “Cyber warfare” threat. So what is this latest threat, and should we be worried?

In the good old days, power stations, national grids, telephone networks, communication systems, even banks were all separate entities. Initially computers started appearing in these critical parts of our infrastructure, but they were special isolated computers, often running a custom operating system, designed for the purpose of say monitoring and controlling the temperature of a reactor core in a nuclear power station. Back in the 50s and 60s, there was no internet as we know it today. The first networks were appearing, but these were dedicated networks, connected by expensive runs of cable and exclusively for that organisation. They were called “leased lines” or “dedicated circuits.” Mostly, the mission critical machines that controlled reactor cores, air traffic control, banks’ computers etc were isolated from these early networks, and were relatively simple, in that they only had to perform a few (important) functions, for example, measure the temperature of a core and inject coolant when it exceeds a certain temperature, and sound a buzzer, flash a warning light etc. They didn’t need email, media players, office applications etc.

Now, many mission critical systems are connected to the Internet in order to allow remote control by operators, and instead of using dedicated circuits that cost 1000s per month, they use the internet.
Of course, they are protected by heavy-duty firewalls, they use encryption and certificates to sign traffic and so on, but you can’t escape the fact that they are physically connected to the internet.

The new breed of malware, viruses, trojans, spyware are unlike the more commonly encountered type that consumers experience. The more common types rely on mass circulation across the world in order to use spam, or to extort from people whose PC’s get infected by hoax anti-spyware programmes that lock up their systems unless they give their credit card details. Most of these threats are detected by security companies and antivirus signatures get updated to clean people’s systems. Nearly all these type of malware advertise themselves.

In contrast, cyber malware doesn’t want to get found. Take this scenario. A piece of malware gets developed in a government’s top-secret labs, installed as a hidden file on a memory stick, branded as new, and exported to the west. It is marketed to a foreign civil service, silently gets installed by a government / utility worker’s computer. It sits there silently, doesn’t advertise itself at all, and on a given date, or upon a signal, bounces into life, perhaps records passwords, makes a database of all computers this user’s computer talks to. It could then launch a denial of service attack, or just start shutting down important devices, if it can penetrate from a soft target inside a government network, to a core target such as a power station control computer.

The Stuxnet worm is one example of a piece of malware that targets industrial systems. It was used to target Iran’s nuclear facilities. It begs the question, who would want to damage Iran’s nuclear programme, but lets avoid politics!

With this type of malware, antivirus is probably useless. The malware is likely to remain undiscovered until it is triggered, eg in the event of war. Security patches and updates are also of limited value, as the authors of these malware will discover their own vulnerabilities and keep them secret. By the time the vulnerability is discovered, it will likely be too late.

What can we do? As consumers, nothing. What can governments/organisations do? Perhaps they are taking the same approach as in the Cold War, preliminary action…will we see the big nations fighting by proxy, by testing their cyber warfare techniques in third world countries or in sensitive parts of the world, such as the Middle East? Perhaps we should be relieved, instead of 1000s of nukes all being launched, they will all be disabled. No, that’s too hopeful.