February 2015 – Fixvirus.com

Fixvirus Security show – Privacy-NetNeutrality plus improving Cybersecurity

tonyzFebruary 26, 2015March 17, 2015Leave a comment

the video itself;

Here is a story on how to improve your privacy on your iPhones

http://www.zdnet.com/pictures/new-iphone-ipad-change-these-ios-8-privacy-settings-immediately/

Bruce Schneier's post on privacy in general:

https://www.schneier.com/blog/archives/2015/02/everyone_wants_.html

We also need more Cybersecurity http://oversitesentry.com/how-do-we-improve-security/ We need more Ethical hackers in every company understanding the issues

Use the principle of Philotimo to be an Ethical Hacker. The friend of Honor will "do the right thing"

Also an apt Youtube video (regarding ΦΙΛΟΤΙΜΟ) http://youtu.be/DaPF4_-gH4g

To listen and educate yourself on the Netneutrality is:

Interesting economist (Professor Hazlett of economics) explains the Nuts and bolts of the net neutrality

Minute 44 is DSL sales growth and usage in the telecom industry.

I saw the Internet industry grow and change like Hazlett is talking about from 1996 until today

Minute 51 had an example of a Net neutrality violation (Metro PCS streaming Youtube but not others - like Netflix or Hulu)

At about an hour questions start.

As in my video - even after listening to Hazlett discuss this for an hour, I still think it will depend on the political power of the various factions. Of course the law is going to come down on NetNeutrality as well.

Hmmm there are a 1000 phone companies in America (2-4 we can name) the rural companies get government subsidies.

Must have a Good Cybersecurity Strategy

tonyzFebruary 23, 2015March 17, 2015Leave a comment

Either that or the criminals and "events" will cause you to react in ways that you will regret.

There is a good presentation from last year's Arch Con(Saint Louis Arch): http://www.youtube.com/watch?v=7GCC-0a_mVs

The opening keynote by Richard Bejtlich (@Taosecurity) - Applying Strategic Thought to Digital Defense

Is very interesting to contemplate after the Sony and Anthem breaches and the coming year ( the convention was on September 24, 2014)

Of course when discussing with executives a "Cyber Security Strategy" consider the following: CEO and CFO execs do not really understand the computer and Internet they use every day. They want it to work and be secure period.

Now you need to wake them up 🙂 It is 2015 and remember the Y2K scare if you will... The Y2k issue was when computer people realized there may be a problem with some software as it only accounted for the last two digits in various software when describing the year (such as 98 for 1998) So the wise IT people woke up one day in the late 90's and said: what happens in the year 2000? When the year 00 is actually greater than 99? So all of a sudden all software that for whatever reason(programmer laziness etc.) only had 2 digits for the year now needs to be 4 digits.

The switch from 2 to 4 digits was not a fast switch, all programs had to be rewritten to 4 digits. The ones most scary were what is called the BIOS (Basic Input Output System) it is the program that initially connects the operating system to the computer parts (hardware). So if this program quits working nothing will work on the computer. The whole IT industry went into a major overdrive and overtime to fix all the software by 12/31/1999. And then hoped that all the fixes worked on New Years day Y2000. Fortunately all the effort paid off, and the few problems that arose were handled.

It is my belief we need a Y2K effort for cyber security for 2015. There is no time like today - this year this time we will do it.

We must have better security - spend the money this year get to a higher level of security and then it will not be a big deal in the future. Reduce the capabilities of the criminals by upping your security Just as recommended here:

http://www.fixvirus.com/catch-any-malware-including-equationgroup/ (setup an IPS firewall to catch all attacks from inside and out) Also similar http://oversitesentry.com/your-cyberdefense-still-2000s-thinking/

We need a new level of security testing and thinking, otherwise we will have worse and more serious attacks than Sony, which means the attackers will try and delete and disrupt actual commerce. Do you really want to live with http://www.fixvirus.com/what-if-the-hacker-is-in-your-network/ ?

Richard Bejtlich has a good Outline to follow for all of hte people in the company to improve security:

theme Who is in charge? Actions - goals

Program Goals Board And CEO Minimize loss due to intrusions

Strategies CEO/CIO Rapid detection, response, and containment

Operations/campaigns CISO or security director match and hunt for intruders

Tactics Security Staff Collect, analyze, escalate & resolve incidents

Tools Vendors Various software

The Directors and CEOs have an important role and have to be brought up to speed. It is up to us the IT people to talk their language.

Catch Any Malware Including EquationGroup

tonyzFebruary 19, 2015March 17, 2015Leave a comment

The Fixvirus video show that explains it:

According to Kaspersky Group report:

http://25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com/files/2015/02/Equation_group_questions_and_answers.pdf

There is malware that can infect hard drive firmware and then perform other tasks

At page 23 #14 says:

"14.

What C&C infrastructure do the Equation group implants use?

The Equation group uses a vast C&C infrastructure that includes more than

300 domains and more than 100 servers. The servers are hosted in multiple countries, including the US, UK, Italy, Germany, Netherlands, Panama, Costa Rica, Malaysia, Colombia and Czech Republic.

All C&C domains appear to have been registered through the same two major

registrars, using “Domains By Proxy” to mask the registrant’s information.

Kaspersky Lab is currently sinkholing a couple dozen of the 300 C&C servers."

C&C means command & control.

The infected hard drive means nothing without being able to "phone home". So since it has to contact its C&C server we can detect that. Once we detect it we can stop the transmission - Use an IPS system firewall (a Next Gen FireWall) properly configured can protect against the malware.

What If the Hacker Is In Your Network?

tonyzFebruary 17, 2015June 7, 2015Leave a comment

Bloomberg screenshot this morning.

The news reports are out - a Stuxnet malware was installed in your firmware thus infecting your hard drives and you cant do anything about it.

the news reports are everywhere:

http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/

As usual The Storm Center has the detailed information:

https://isc.sans.edu/forums/diary/A+Different+Kind+of+Equation/19345/

This is the money quote:

"You can find the original blog post here: http://www.kaspersky.com/about/news/virus/2015/equation-group-the-crown-creator-of-cyber-espionage

This is also the true detail: http://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf"

But my point will be I dont care if the NSA has " listening device" on my hard drive. You can shut down the NSA completely by running an IPS system as I discussed in my blog post at oversitesentry.com

http://oversitesentry.com/2-steps-stops-all-cyberattacks/

Check that communication out the client (your computer) running the malware(NSA or other) always wants to talk to C^2 or Command&Control.

You can stop C&C communications!

All you have to do is install an IPS (Intrusion Prevention System) and configure it correctly. It will reset the network connection and thus drop the connection.

The IPS can be built into the firewall (they are now called NGFW or Next Generation Firewalls) to save on the amount of problems and

The problem that this disclosure created is the idea in the criminal mindset to create a stuxnet clone. So it is going to be even more important for all businesses to install a firewall

with IPS capabilities.

Contact Me for more...

TonyZ

What is Your Hacked Computer Worth?

tonyzFebruary 13, 2015June 29, 2016Leave a comment

People keep asking me... what can someone possibly use on my computer, I have nothing on it.

We are trying to explain this with some images

The hacked computer could have a value of about $30

Zombie computer: being controlled by other computers

A hacked computer (now is called a Zombie) when it is used as an attack vehicle.

This system can be on the corporate network, could be a phone, or an "Internet of things"

Any device on the Internet has the potential to become a Zombie, and to be used as an attack vehicle.

When controlled from a single machine to reflectors one can control hundreds even thousands of computers.

Here is an analysis of using reflectors in DDOS http://www.icir.org/vern/papers/reflectors.CCR.01/reflectors.html

(Image from Datasoft: https://www.datasoft.ws/ds_whatisddos.php)

The above image is a good representation of what a DDOS reflector attack consists of.

So yes your hacked machine is worth $30 or more even if you do not have "valuable" data on it. the problem is, any password that you saved on the system could be used by the hacker to penetrate your life identity on the Internet

And of course in 6/27/16 I put up a new blogpost at my site http://oversitesentry.com/iot-botnet-can-ddos-your-webserver/

Briefly it is about a 25000 CCTV botnet which were all hackedand now are used to attack other machines.

Contact me to discuss how we can design a vulnerability analysis on your computer network.

New videos – what is an Ethical Hacker and Thursday Fixvirus Security show

tonyzFebruary 12, 2015March 17, 2015Leave a comment

First we made a special short video on what an Ethical hacker does:

Second the Video for the Fixvirus Security show:

News of Day is about this week's patch Tuesday, there are several critical patches for Microsoft software and your IT department should patch multiple patches, as they are remote code execution (and thus very dangerous). Hackers can create attacks any time now, and if you do not patch your machine then it will be hacked by criminal Hackers.

Tip of Day: We need to move to a Six Sigma IT methodology - which means we need to

A. Define

B. Measure

C. Analyze

D. Improve

E. Control

So we need to test your IT environment to ensure it is performing as prescribed.

The only way to create an environment where only 1 mistake in a million can occur is if you are constantly testing from the outside.

that is where we can help: http://www.fixvirus.com/contact-us/

PCI Compliance Affects Legal Liabilities

tonyzFebruary 10, 2015March 17, 2015Leave a comment

What does PCI compliance really mean?

There are similarities with ISO27001, PCI compliance is set up as an audit of the IT department with a specific emphasis of credit card security as well. Whereas ISO27001 is more of an audit of the processes of a company. This makes sense in a manufacturing environment where it is important that your processes show what occurs in the manufacturing and delivery of a product. A product that has to be created can have errors introduced in the creation step. And this is where Six Sigma(Quality Assurance standard) has come into place.

Our blogpost(at Oversitesentry.com) where we say Six Sigma security is needed.

But as the title mentions, the real reason for PCI compliance adherence are legal liabilities as will be proved.

The 106 page pdf (plus 6 pages in appendix) document of the latest PCI standards (DSS3.0) by pcistandards.org at the following link: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf

The document outlines many aspects of the Payment Card Industry (PCI) expectations of security. Which are security practices made up of common sense:

1. Implement a firewall, with good access control in all connections to the Internet - including DMZ (DeMilitarized Zone). If you have a single connection and single location it is straight forward, but if it is not, then the standard still tries to keep in mind the additional complexity without losing security aspects.

2. The network defense is not complete without a discussion of a personal firewall on the desktop, and later in the document an antivirus solution. The Microsoft Global Policy should also be discussed. (where all aspects of the desktop can be controlled if so desired.

3. A lot of points are made about changing default configurations and passwords in all systems, this is another good common sense item.

4. Any protocols so deemed "insecure" should be shored up as best as possible (there is a lot of latitude here, since there can be many different potential issues)

5. Using proper logs is important

6. Encrypt where necessary, as the credit card numbers should be encrypted over the Internet or wireless access points. And this has to be "verified". Again this is due to legal concerns.

Later in document - use an intrusion detection system so as to know what is being attacked and how you are attacked. Keeping the logs is important not just for reasons like finding out what is going on in your network, but it is important to reconstruct in case of legal liability. Whenever the document says "Verify" it means if you do not, then a lawyer will make you pay for it in the future.

How do I say this with certainty?

http://www.bankinfosecurity.com/retail-breach-compromised-millions-cards-a-5688/op-1 has a sentence in here of note:

"The company also pointed that as of its most recent audit, conducted in November 2012, it was compliance with the Payment Card Industry Data Security Standard."

How about this link?

https://www.paylinedata.com/payments/schnuck-markets-files-sealed-lawsuit-two-payment-processors-data-breach/

" In St. Louis Missouri, Schnuck Grocery store recently sued two payment processing companies. Currently the details of the lawsuit have not been released, but many can speculate that this is due to the recent breach of credit card data that impacted millions of customers at the the large grocery chain."

How could Schnucks end up suing the payment processors? if they had not done their due diligence in the PCI compliance audits as required by the industry. I believe this does not require the knowledge of the outcome.

So that is why we are confident in saying: PCI compliance has to do with legal liability.

What are you waiting for? The ambulance attorneys will chase you when(not if) a breach occurs.

In the end it is the criminals versus the legal liabilities that you must wrestle with

I post this doctored image of Kmart's logo, as they were hacked as well - although I am not sure of their PCI compliance.

Ransomware on Your Databases Could be a Catastrophe

tonyzFebruary 4, 2015March 17, 2015Leave a comment

Sophos has a good article detailng some potential methods the hackers can use to extort money out of companies: Nakedsecurity Sophos Blogsite

This is the important part:

1. Hackers hack and penetrate your systems, including customer databases

2. Customer data will be encrypted - a ransom will be put on the data (that is the old method)

2a. now the new method is to modify only some of the data like usernames or passwords (sometimes passwords and usernames are set by the customer) so it is impossible to find this encryption until customers call saying they cannot access their accounts.

3. Customers log onto your site and they get infected with ransomware themselves on their personal computers.

So what just happened?

A. your server inattention has caused your customers their data and the relationship with you is now harmed.

B. The fix to this is not a restore of data, since it may have been done some time ago. And thus is in your backups as well.

This is a Cryptolocker2.0 message

We must figure out how to restore before the hack.

How do you know? Test, test, and test keep your datapoints

We are all about testing here at Fixvirus.com Contact us to help you in this new cybersecurity environment

Here is the Fixvirus Security Show explaining this and Risk Management problems.

The video expounds on the Risk Management failure as well (in tip of day segment)

That was started on our blog post: http://oversitesentry.com/?p=1400 "Risk Management does not work"