And here are some security related links that caught my fancy this week.
Vulnerabilities Discovered in Global Vessel Tracking Systems - Trend Micro’s Security Intelligence Blog - Super study that sent chills down my spine reading. We take so many critical infrastructure systems for granted. I hear the next block-buster action novel waiting to pounce on this for the storyline.
Cryptolocker Prevention - Foolish IT LLC bloc - information on a new freeware tool to lock down any Windows OS (preventively) to block infection from the Cryptolocker malware/ransomeware. When infection occurs it encrypts personal files then offers to decrypt them for a paid ransom. More details on the utility here: CryptoPrevent. And the attack details courtesy of Ars Technica: You’re infected—if you want to see your data again, pay us $300 in Bitcoins.
Tools for reviewing infected websites - ISC Diary. They listed four and there are some more suggestions in the comment thread. Back in January 2012 I posted this fairly extensive roundup: Interesting Malware in Email Attempt - URL Scanner Links. I’ve not checked recently but hopefully more than a few of these are still active.
Learn By Example - The Hacker Factor Blog - Dr. Neal Krawetz has some wise words and poor examples of a generation that doesn’t seem to see the concern with publically posting tweeted photos of their debit/credit cards online. I’m clueless how someone can be so ill-informed. This is just one example. I see the commercials showing banking apps for smartphones that let people take a photo of a check and deposit it in their account. I also wonder if this is common as well…or even health-coverage ID/Info cards perhaps? I suspect this is just the tip of the iceberg.
40 inappropriate actions to take against an unlocked PC - Troy Hunt’s blog - As a sysadmin, all I can say is that it is probably a violation of several computer usage agreements in the workplace to walk away from your computing device without first locking the screen to prevent unauthorized access. At the same time, it is probably a violation of additional computer usage agreements in the workplace to tamper with someone else’s computer -- even if they were a bonehead in the first place and left it unlocked.
Instead what you need to do is take a photo of their unlocked screen and tweet it to everyone in the workplace. No wait…I just learned by example in the previous post that probably isn’t wise to do either. Never mind. Help us all out and just pull the power-cord out slightly to kill power to the system and make them call the sysadmins when it won’t power back on. No don’t do that either after further consideration. That might kill the system/drive and lead to a charge of wonton destruction of corporate resources; or at the very least prevent someone's unsaved labor of love on the critical TPS reports for the day. That would be bad too. OK…I give up.
Contrary to public claims, Apple can read your iMessages - Ars Technica
Experian Sold Consumer Data to ID Theft Service - Krebs on Security - Seriously, if you can’t trust the data broker companies who hold all your credit and personal financial data history records (and who they sell that data to) then who can you trust with it? Time go start digging out that backyard bunker again. Go read the article. Then get mad.
For your security, please email your credit card and driver’s license (and what PCI has to say about that) - Troy Hunt’s blog. See, it’s only a crazy idiotic thing to tweet your CC information if you don’t have a really important reason to do it. If you do it is stupidly insecure. However, if you are a big corporate entity (or govermint agency/official) then you can have something call “a policy” to require your customers to photocopy items critical to establishing and proving your identify and they can do whatever they want…oh, and by the way…please dent them to us via unencrypted email communications because like, nobody can sniff that traffic while it winds it’s way from your laptop to our desks. Sheesh. Needless to say, Troy goes to town on this one and why it is a Bad Thing™.
Please be wise, be patient, and be proactively safe.