Category: Security

Data Leaked Cover Page
BackupLittle TipsPhishingSecurity

EXACTIS Database Laked – Likely Most Comprehensive Data Breach Announced

Word just go out that the marketing firm EXACTIS has in its possession a database with close to 340 million individual records available until recently ( as of June 2018) on a publicly accessible server. The balk of the database comprises “close to 2 terabytes of data that appears to include personal information on hundreds of millions of American adults, as well as millions of businesses,” claims the magazine WIRED. In their article on the subject, WIRED provides further details:

While the precise number of individuals included in the data isn’t clear—and the leak doesn’t seem to contain credit card information or Social Security numbers—it does go into minute detail for each individual listed, including phone numbers, home addresses, email addresses, and other highly personal characteristics for every name. The categories range from interests and habits to the number, age, and gender of the person’s children. “It seems like this is a database with pretty much every US citizen in it,” says Troia, who is the founder of his own New York-based security company, Night Lion Security. Troia notes that almost every person he’s searched for in the database, he’s found.

You may need to go check https://haveibeenpwned.com/ by Troy Hunt to see if your email address was among the leaked data and to sign up for a notification should your email address appear in such a leak and become available to ‘;–have i been pwned? (HIBP).

As HIBP suggests in one of their recent emails,  monitoring Have I Been Pwned for data breaches is a great start, you should take two more steps to protect all your accounts:

  1. Protect yourself with strong, unique passwords for each website with a password manager like 1Password or LastPass or any of good one of your choice.
  2. Enable 2 factor authentication and store the codes inside your password manager.

Further recommendation would be that you keep an eye out on your credit records and any other possible social engineering attacks against you or your family.

Advertisements
AntivirusLittle TipsMalwarePhishingSecurity

Spam Alert: These People Never Get Tired Of Trying To Get You

 

Here is little warning and reminder not to get too comfortable thinking that scammers are gone or that your email spam filter is so good they will never get to you. Here is your wake up call: These people never get tired of trying. They use all sorts of means to disguise themselves including shortening their links by means of “short url” machines like in the case of the above picture.

Spam Email Example

Example of an email that hides a dangerous link behind a tinyurl link under the UPGRADE NOW button.

In fact, I just got right in my inbox one of those messages with a malicious link to some phishing scam hosted on https:// [some_malicious_place] .us.archive.org. But the link that was actually in the big blue button was not pointing there directly. It was disguised behind a https:// tinyurl.com/ [some_extension_goes_here]. It took running the link through Google’s online virus scanner virustotal.com to detect that the final destination of the link is an archive.org-hosted malicious content and site.

So, when you get an email that makes you uncomfortable as to why you are getting it or one that it looks suspicious, you probably are right. It is probably suspicious and dangerous. Get your IT friend look at it or just do not click on any links or attachments in it until you can get it verified by someone who has the tools. If you know how to extract the links without activating them, then do that and report the links if malicious to places like virustotal.com or to your antivirus software so they can include it in their next update. Please note that sometimes the email may come from an address of a person you actually know (after their mailbox was hijacked or is being spoofed).

Google is full of resources on how to tell if the email you are looking at is Spam. Seriously. Just type such a question and you will find a plethora of reputable sites with good examples. Emphasis on reputable. Do not fall for more phishing while trying to detect some.

virustotal.com reveals the actual final destination of a tinyurl or Shortened URL.

This screenshot from virustotal.com details page shows us the final URL the tinyurl link or Shortened URL that was in the phishing email would have led to.

macbookOS XSecurityUncategorized

When Was The Password Last Changed On This Mac?

In one more of these wonderful scripts that can do crazy things,  philastokes from APPLEWRITERHELPER, has handed you the keys to the kingdom. With this simple script, you can find our the last time the passwords for a set number of users was changed on a Mac running OS. And that right from your Terminal.

Sometimes it can be useful to know when the user’s password was last changed. For example, you might want to enforce a policy of having users (or yourself!) change login passwords after a given period. Alternatively, if you or one of your users is experiencing login difficulties, you might want to check that the password […]

#one liner command line to get last password set times for all users on the mac

# see http://applehelpwriter.com/2018/03/14/6228
echo; echo Password Last Changed:; u=$(dscl . list /Users | egrep -v ‘^_|daemon|nobody’); for i in $u; do printf \\n$i\\t; currentUser=$i;t=$(dscl . read /Users/”$currentUser” | grep -A1 passwordLastSetTime | grep real | awk -F’real>|</real’ ‘{print $2}’); date -j -f %s “$t” 2> /dev/null; done

via how to find when the login password was last changed —

Gmail emails with dots still get to you
GoogleLittle TipsSecurity

Did You Know that Dots Don’t Matter in Gmail Addresses?

Yes, an extra dot in the username part of the email address does not change who gets the email address at Gmail.com. Please be careful to notice that this might not be true of all other email service providers.

For example: john.doe@gmail.com is the same as j.ohndoe@gmail.com or any variation of the position or number of dots before the @ sign. If someone tries to open a new Gmail account with just a dot as a difference between their address and yours, Google will tell them the username already exists.

Caution: if you used Gmail through an organization like school, business, or company, your dots do matter.

More on this in this Gmail help article.

Have you experienced anything that contradicts the above? Please share here in comment.

Beware of Phishing Emails
AntivirusLittle TipsSecurity

Security Warning – Beware of Emails About Uber

Hello, Friends,

Uber has suffered a data breach a year ago, and the address and email information of 57 million people were stolen. Uber paid off the hackers who then supposedly deleted the data, but that cannot be confirmed.

Watch out for phishing emails related to this Uber data theft, for instance that your “Uber account was compromised” and that you need to change your password, or anything else related to Uber that could be suspicious.

Never click on a link in an email for situations like these, always go to the website yourself through your browser’s address bar or a bookmark you have set earlier.

Remember, Think Before You Click!
Wi-Fi Protected Access II (WPA2) Vulnerability Paper
AntivirusMalwareModemsNetworkingRouters

Wi-Fi Protected Access II (WPA2) Vulnerability – All Your Wi-Fi Devices Might Need A Security Patch

UPDATE3: On a website dedicated to the “Key Reinstallation Attacks,” https://www.krackattacks.com/, the researcher who brought attention to this vulnerability describes what it is, presents a demo of the attack against an Android device as client, and suggests practical steps in a rich Q&A article.

UPDATE2: More companies have updates available. Microsoft also has released an update for client devices. (Source: Pileum Corporation)

If you have a Meraki access point, they have released a patch to address this issue. See below link for more information.
If you have an Aerohive access point, they have released a patch to address this issue. See below link.
SonicWALL has announced that their firewalls and access points are not vulnerable to the flaws in WPA2.
Cisco has released patches for some of their products that are affected. You can check for those products and updates as they are released here:
Microsoft has released a patch that provides additional protection on the client workstation. We recommend that this be installed on all workstations immediately.

UPDATE1: Several Wi-Fi AP manufacturers have started developing and releasing Updates. Please check the CERT website below for updates. One of the most recent ones is Meraki access point.

In a research paper titled “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA,” Leuven, Belgium researchers Mathy Vanhoef and Frank Piessens just proved that WPA2 handshake traffic can be manipulated to induce nonce and session key reuse. Here is an overview of the announcement from CERT:

Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point (AP) or client. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames.

The simplest solution is to install updates provided by your Wi-Fi device vendor.

More on this here:

Google Backup and Sync New Feature
BackupGooglemacbookSecurityWindows PC

Google Releases Backup and Sync for Mac and PC

Just as as announced in June 2017, Google just released this July 12 2017 a brand new product called Backup and Sync. In addition to brand new functions like backing up pictures and files from USB connected media, this tool comes to gather the functionalities that were present in Google Photos and Google Drive into one product.

Backup and Sync for Google Photos and Google Drive is available for Mac and Windows comes to move your clutter from your desktop into the cloud. Backup and Sync can be customized to only sync certain folders, to ask you what and where to delete files, and so forth. You can read more about it

With that said, if you are an Enterprise, Business, Education or Nonprofit user, Google made sure to mention that Backup and Sync is not for G Suite users just yet. These will need to wait for Drive File Stream (to be released to “soon” to the public as of the publication of this article).

Google Backup and Sync for Mac

Google Backup and Sync for Mac

Some Security Considerations

Having all your data stored on the cloud could be a good or a dangerous thing, though. If you already used Google Drive or Google Photos you most likely understand the risks attached to having your life in the cyber cloud. The risks include having all your data stolen by anyone with your password if the password is your last line of defense. So, if you are going to use this or any of the cloud storage of personal or corporate data that is not for public release, please add 2-step authentication as part of your security practices. We would recommend it for all of your accounts where possible.