Wi-Fi Protected Access II (WPA2) Vulnerability Paper
AntivirusMalwareModemsNetworkingRouters

Wi-Fi Protected Access II (WPA2) Vulnerability – All Your Wi-Fi Devices Might Need A Security Patch

UPDATE3: On a website dedicated to the “Key Reinstallation Attacks,” https://www.krackattacks.com/, the researcher who brought attention to this vulnerability describes what it is, presents a demo of the attack against an Android device as client, and suggests practical steps in a rich Q&A article.

UPDATE2: More companies have updates available. Microsoft also has released an update for client devices. (Source: Pileum Corporation)

If you have a Meraki access point, they have released a patch to address this issue. See below link for more information.
If you have an Aerohive access point, they have released a patch to address this issue. See below link.
SonicWALL has announced that their firewalls and access points are not vulnerable to the flaws in WPA2.
Cisco has released patches for some of their products that are affected. You can check for those products and updates as they are released here:
Microsoft has released a patch that provides additional protection on the client workstation. We recommend that this be installed on all workstations immediately.

UPDATE1: Several Wi-Fi AP manufacturers have started developing and releasing Updates. Please check the CERT website below for updates. One of the most recent ones is Meraki access point.

In a research paper titled “Key Reinstallation Attacks: Forcing Nonce Reuse in WPA,” Leuven, Belgium researchers Mathy Vanhoef and Frank Piessens just proved that WPA2 handshake traffic can be manipulated to induce nonce and session key reuse. Here is an overview of the announcement from CERT:

Wi-Fi Protected Access II (WPA2) handshake traffic can be manipulated to induce nonce and session key reuse, resulting in key reinstallation by a wireless access point (AP) or client. An attacker within range of an affected AP and client may leverage these vulnerabilities to conduct attacks that are dependent on the data confidentiality protocols being used. Attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames.

The simplest solution is to install updates provided by your Wi-Fi device vendor.

More on this here:

Advertisements
AntivirusMalwareWindows PC

CCleaner 5.33 and CCleaner Cloud version 1.07.3191 Under Malware Attack

In an article on their website, Piriform, a company recently acquired by Avast, published the following apology.

Dear CCleaner customers, users and supporters,

We would like to apologize for a security incident that we have recently found in CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191. A suspicious activity was identified on September 12th, 2017, where we saw an unknown IP address receiving data from software found in version 5.33.6162 of CCleaner, and CCleaner Cloud version 1.07.3191, on 32-bit Windows systems. Based on further analysis, we found that the 5.33.6162 version of CCleaner and the 1.07.3191 version of CCleaner Cloud was illegally modified before it was released to the public, and we started an investigation process. We also immediately contacted law enforcement units and worked with them on resolving the issue. Before delving into the technical details, let me say that the threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we’re moving all existing CCleaner v5.33.6162 users to the latest version. Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm.

Technical description
An unauthorized modification of the CCleaner.exe binary resulted in an insertion of a two-stage backdoor capable of running code received from a remote IP address on affected systems.

While more articles on this subject can be found on Spiceworks, a very commendable article about the incident was published by the The Thalos group who first discovered the breach into Avast’s servers.

Disk ManagementWindows PC

How to Restore Computer to Factory Settings Using Acer eRecovery

When a computer is dead because of software malfunction or operating system failure, there are numerous solutions that can be attempted. Ultimately one of the solutions is to restore the computer to its original state also known as factory settings. This article presents the steps for performing the factory restore using a special partition that comes on Acer computers (we have no affiliation with Acer, but just wanted to make this help note available. If your Acer Veriton computers have a recovery partition, you can launch the eRecovery tool by following these steps.

  1. Power down the computer. If necessary, you can force the computer to power down by pressing and holding the power button until all the lights are off.
  2. Power up the compter and then immediately press and hold the Alt and F10 keys on your keyboard.
  3. After a short moment, the should startup and offer you the choice of booting from a specified partition.
  4. Press enter and then follow the prompts after eRecovery is launched.

Once your system is up and running, you can consider restoring a backup of your system as long as you are sure you would not be reproducing the problem (e.g. putting an infection back on your computer).

Thanks!

Little TipsWindows 10 TipsWindows PC

How to Record and Capture Every Step You Take and Click in Windows – Problem Steps Recorder

Have you ever wondered how to record all the steps that you went through to get to an error in a program you are using on Windows? There is an app for that! Like, literally, though! Microsoft shares the following guide on their support page.

Pro-Tip: What is cool is that you can use this application to record the steps on how to use a new piece of software to your friend or family member who asks. And if you are in enterprise, this is a handy tool for designing a Standard Operating Procedure manual.

To record and save steps on your computer

  1. To open Steps Recorder, select the Startbutton, and then select Windows Accessories > Steps Recorder (in Windows 10), or Accessories > Problem Steps Recorder (in Windows 7 or Windows 8.1).
  2. Select Start Record.
  3. Go through the steps to reproduce the problem you’re trying to diagnose. You can pause and resume the recording at any time.
  4. (Optional) As you record, select Add Comment, use your mouse to select the part of the screen that you want to comment on, type your comment, and then select OK.
  5. When you’re done, select Stop Record.
  6. Review the record of the steps you followed to make sure it shows what you want it to show. Select Save, name the .zip file, choose where to save it, and then select Save. Now you can attach and send this .zip file to the person helping you troubleshoot the problem on your PC. It can be viewed in any web browser.

To adjust settings

  1. In Steps Recorder, select the down arrow next to the Help button, and then select Settings.
  2. You can change the following:
    • Output location.If you don’t want to be prompted for a location and file name every time you save a file, select Browse to set a default location and file name.
    • Enable screen capture.Select No if you don’t want to capture screen shots—for example, if the screen might reveal personal information that you don’t want to share. The app will still record a text description of your steps.
    • Number of recent screen captures to store.The default is 25 screens, so if you need to record more than that, increase this number.

Please note that this application will not record text that you type in fields, some programs will not work with this app if they fill up the screen, the settings you make for your new recording will not be permanent. When you close the Steps Recorder or Problem Steps Recorder app, the settings you made for the session will be lost.

If your Windows System does not have this app or if there are functionalities you need, the site alternative to suggests some options.

Little TipsmacbookWindows PC

How To Re-Open the Tab You Just Closed on Chrome, Firefox, or Internet Explorer

Did you just accidentally close the web browser tab you meant to keep open? You can get it back with a quick shortcut.

On Windows: Ctrl-Shift-T.

On Mac: Command-Shift-T

Bonus: Ctrl-T Opens a new tab that will just sit there waiting for you to do something with it.

That’s it for today! Unless you are interested in exploring more Mac or Windows Keyboard Shortcuts.

Google Backup and Sync New Feature
BackupGooglemacbookSecurityWindows PC

Google Releases Backup and Sync for Mac and PC

Just as as announced in June 2017, Google just released this July 12 2017 a brand new product called Backup and Sync. In addition to brand new functions like backing up pictures and files from USB connected media, this tool comes to gather the functionalities that were present in Google Photos and Google Drive into one product.

Backup and Sync for Google Photos and Google Drive is available for Mac and Windows comes to move your clutter from your desktop into the cloud. Backup and Sync can be customized to only sync certain folders, to ask you what and where to delete files, and so forth. You can read more about it

With that said, if you are an Enterprise, Business, Education or Nonprofit user, Google made sure to mention that Backup and Sync is not for G Suite users just yet. These will need to wait for Drive File Stream (to be released to “soon” to the public as of the publication of this article).

Google Backup and Sync for Mac

Google Backup and Sync for Mac

Some Security Considerations

Having all your data stored on the cloud could be a good or a dangerous thing, though. If you already used Google Drive or Google Photos you most likely understand the risks attached to having your life in the cyber cloud. The risks include having all your data stolen by anyone with your password if the password is your last line of defense. So, if you are going to use this or any of the cloud storage of personal or corporate data that is not for public release, please add 2-step authentication as part of your security practices. We would recommend it for all of your accounts where possible.

Find Your historical DNS record
NetworkingRouters-Modem-FirewallsWeb DevelopmentWordPressWPEngine

How To Find My Old DNS Information Or DNS History

Ever been stuck in a situation where you cannot remember what your last DNS* information was? This may happen while migrating a site from one hosting provider to another, a domain from one registrar to another**, or any of the possible playing around you could find yourself doing with your DNS.

You may easily remember your CNAME records, but trying to find what your SOA, NS, A, AAA, MX, or TXT records*** were in the past can be a tricky exercise unless you are familiar with some really cool tools online like DNSTrails. I just used this tool a few minutes ago and it saved me from a lot of frustration as I wanted to temporarily revert my DNS records to what I just had deleted from my domain registrar.

I am sure there other tools out there, but this one just served me well, so I thought to share the insight with you!

Oh, also, if you ever want to temporarily make your computer point to a specific DNS setting for a specific domain, here are some useful resources:

  1. The Host File Trick on Mac and PC by WPEngine
  2. Editing the Host File on Mac OS X Leopard by WordPress

Finally, just for the sake of completion. Another site I really like is MX Toolbox, this online tool will help you check the propagation status of your DNS, MX, and other Records.

 

——

*DNS means Domain Name System

** Yep! That is actually possible! Just ask your current registrar how to migrate your domain
*** CNAME stands for canonical name and serves to make a domain an alias of another domain, MX stands for mail exchange and lists the mail servers that are to be used for a domain, NS stands for name server and tells which Name Server is authoritative for a given domain, SOA stands for State Of Authority and keeps up with when the domain was last updated and other similar information, A stands for address and is the IP of a given domain, AAAA is an IPv6 address records corresponding to a 128-bit IPv6 address while other addresses are mapped for 32-bit IPv4 addresses, TXT is a way for the domain administrator to enter any text into the DNS record. More on this at PCNames.