Category : Encryption

U.S. unlocks iPhone in San Bernardino Case, without Apple’s Help

applefbiAccording to the New York Times, law enforcement has figured out a way to sidestep the encryption on the iPhone in the San Bernardino case, and they did it without the help of Apple. The U.S. Department of Justice has since dropped legal action against Apple as they no longer need their assistance. The government pushed relentlessly for Apple to help unlock the phone. They even went as far as to say that an Apple created encryption key was the only method for gathering the stored data on the smartphone. We now know this to not be the case.

Apple’s main concern with complying to the government’s cry for help came from an understandable viewpoint. Apple CEO, Tim Cook, said creating a backdoor for this specific case would lead to a slippery slope for future cases with encryption components.

As it turns out Apple is off the hook for the time being, thanks to Cellebrite, an Israeli security firm. This firm provides mobile forensic services and assisted the FBI in unlocking the smartphone.

Withdrawing from prosecution leaves many questions open ended for future encryption cases. Something tells me this won’t be the last time Apple and other private companies will be faced with a difficult decision to make. Should such companies be forced to aid in encryption breaking for law enforcement purposes, or only special cases? What guidelines should be made?

If you would like to educate yourself further about the information presented in this blog post please visit:

http://www.pcmag.com/news/343264/u-s-unlocks-iphone-ends-legal-action-against-apple

Ransomware seeks victims via TeamViewer

Download-TeamViewerAnyone use Teamviewer? If so, sorry to say,  you may have been hacked.

A new ransomware has been discovered appending the .surprise extension to encrypt important files. Further research into the extension revealed the loader had EDA2 ransomware from memory, and was only attacking those who also had TeamViewer installed. The victim logs showed that TeamViewer had been utilized as a means to reach computers. Someone connected via TeamViewer and proceeded to download the encrypted surprise files onto the unsuspecting desktop.

The two TeamViewer IDs used by the attackers were  479441239 and 479440875.

This surprise ransomware is unique in that it has successfully bypassed AV signature definitions as well as behavior detection. Rather than containing the more typical encryption functions seen in ransomware, this surprise ransomware encompassed an encrypted BASE64 encoded string. This string is loaded into memory and functions from there.

The ransomware scans all fixed disks on the computer for files that contain a particular file extension. When it finds a matching file, it will encrypt it with the AES encryption key and append the .surprise extention to it. The targeted file extensions are a hefty list. It will skip any files containing the $ symbol or contain the c:/windows and c:/program strings in the filename.

Bleeping Computer discovered the 3 files the ransomware creates are as follows:

  • %Desktop%\DECRYPTION_HOWTO.Notepad ransom note.
  • %Desktop%\surprise.bat, which executes the vssadmin.exe Delete Shadows /All /Quiet to remove Shadow Volume Copies.
  • %Desktop%\Encrypted_Files.Notepad file that contains a list of encrypted files

Sadly for those encrypted there is no alternative method to gain access to the files at this time without paying the ransom.

If you would like to educate yourself in greater detail about the material presented in this blog post please visit:

http://www.bleepingcomputer.com/news/security/surprise-ransomware-installed-via-teamviewer-and-executes-from-memory/

Ransomware

 

Ransomware Malware Ransomware is the devilish and extremely debilitating program designed to lock and encrypt files in order to extort money from consumers, business owners, and even government officials. It seems that no one is safe in the fight against ransomware. Most ransomware programs are targeted at the most popular operating system, Windows. Ransomware programs can and will target other systems such as Android applications, Mac OS X and possibly even smart TVs in the near future. Not only is this an unsettling forecast for consumers, but also a call to action for preventative measures to protect your most important data files.

What can be done? Most users have learned the hard way that it is better to back up sensitive data to an external hard drive. However, this type of malware is tuned in to this. When a ransomware program infiltrates a computer, it infects all accessible drives and shared networks, encrypting all files found. This makes for a very irritating discovery of locked data across the board.

Rather than rely on the external hard drive method for backups, it is suggested that consumers adopt a new best practice. Ensure at least three copies of sensitive data are made, and stored in two different formats. At least one of these copies should be stored off-site or offline. This way if ransomware locks files away consumers are not forced into a sticky situation of deciding whether to risk paying for the data retrieval or losing the data forever.

What to do when faced with ransomware? Not much can be done once ransomware has attacked. Most security researchers advise not paying for files to be unlocked, as there is no guarantee that the hackers will provide the deception key once paid. Security vendors also worry about the implications for fueling the fire. The more consumers give in and pay for the safe return of their data, the further encouraged ransomware criminals become to continue this practice of extortion.

If I haven’t said it enough already, I will say it again. Prevention is key. Know how ransomware reaches your computer. Be especially careful of email attachments, word documents with macro code, and malicious advertisements. Always keep the software on your computer up to date. It is especially important to ensure that OS, browsers such as Flash Player, Adobe Reader, and Java are always updated when available. Unless you have verified the senders, never enable the execution of macros in documents. Finally and most importantly, perform daily activities from a limited user account rather than an administrative one. And always, always, utilize a well running and up to date antivirus program.

If you would like to educate yourself in more detail about material presented in this blog post please visit:

http://www.pcworld.com/article/3041001/security/five-things-you-need-to-know-about-ransomware.html

Free Password Managing – Good Free Password Managers – Dashlane Password Management | BVA IT Consulting Blog

dashlane-logo-cover_w_500

Are you guilty of using the same password for all your logins? This is typically discouraged especially if you’re attempting to secure sensitive content. With all the diverse apps and websites we now have available to us it’s understandable to not bother to create and remember a different password for every single one.  However, if one password is discovered you leave the flood gates open to everything you want to remain secure.

Dashlane is a free password manager that securely imports your passwords from your browser to a protected password vault. The database is encrypted with AES-256 encryption and only the user has the master password saved in his or her head.   If you are especially paranoid you can utilize a google authenticator for additional security.   Dashlane has the ability to identify weak passwords that might be easily cracked by hackers and creates stronger, more impenetrable passwords for you. It also alerts you when there is a breach and stops potential hackers in their tracks before your security is compromised.

https://www.dashlane.com/passwordmanager

Mandatory SonicOS Firmware Upgrade for your Sonicwall Firewall

Issue Summary
In the past, Dell SonicWALL used industry standard 1024-bit certificates. To comply with Certification Authority/Browser forum requirements based on NIST Special Publication 800-131A, as of January 1, 2014, all web browsers and Certification Authorities (CAs) will no longer sell or support 1024-bit RSA certificates. Certificates with less than 2048-bit key length will need to be revoked and replaced with certificates of higher encryption strength. All current Dell SonicWALL firewalls use versions of SonicOS firmware with the 2048-bit security standard. Recent updates and upgrades of SonicOS firmware use the industry standard and recommended 2048-bit certificate. This is an urgent notification that on January 1, 2014, all web browsers and Certification Authorities (CAs) will no longer support 1024-bit RSA certificates. This change is not driven by Dell SonicWALL, but rather a decision by Certificate Authorities to enforce the use of highly secure certificates. Certificates using the 1024-bit key length will be revoked and must be replaced with certificates of higher encryption strength. If you own a Dell SonicWALL firewall with an older firmware version that does not use 2048-bit certificates you must upgrade the firmware to the latest version or the minimum General Release version which includes the 2048-bit certificate as listed in the Firmware Upgrade Table below by December 31, 2013. Dell SonicWALL is providing the minimum firmware upgrade to all customers regardless of support contract status.

How does this issue affect me?

If you own a Dell SonicWALL firewall with an older firmware version that does not support 2048-bit certificates, the firewall will NOT be able to get real-time license information or the latest security services updates from our back-end systems. Existing security services on Dell SonicWALL firewalls that use 1024-bit certificates will continue to block previously-known threats, but the lack of updates may expose the protected network to new threats and exploits. In addition, you will NOT be able to activate and renew security services.

How can I tell what firmware version is running on my firewall?

Follow these steps to find the firmware version running on your Dell SonicWALL firewall.

  • Log into your Dell SonicWALL firewall
  • Click on “System” in the left-hand navigation
  • Look for “Firmware Version” under the “System Information” heading

What actions do I need to take?

Dell SonicWALL strongly recommends upgrading firewalls running older firmware to the minimum General Release version indicated in the table below. The table lists the affected Dell SonicWALL products and the associated minimum required firmware versions. All General Release versions of the required minimum SonicOS version for your appliance(s) are available on MySonicWALL.com.

Note: Active support is not required to download the minimum General Release version of the firmware listed in the Firmware Upgrade Table below.

When do I need to do this by?

If you have a Dell SonicWALL firewall that does not support 2048-bit certificates you must upgrade the firmware on the firewall by December 31, 2013.

How do I upgrade the firmware on my firewall?

Firmware must be upgraded on your Dell SonicWALL firewall(s) to the latest firmware version or the minimum firmware version as listed in the table below. The latest or minimum required General Release firmware can be downloaded from the MySonicWALL.com Download Center. The following Knowledge Base articles will guide you through the processes for downloading and upgrading the firmware on your firewall.
How to Download SonicOS Firmware
How to Upgrade SonicOS Firmware with Current Preferences on a Dell SonicWALL Firewall

What firmware version do I need to upgrade to?

Follow these steps to determine the required firmware version for your Dell SonicWALL firewall.

  • Find your firewall model under the “Dell SonicWALL Firewall” column.
  • Determine if your firewall is running one of the versions listed under “Currently Running Firmware.”
  • Check the “Minimum Required SonicOS Firmware Version” to see if an upgrade is required. If it is, you will need to upgrade to at least the minimum required version listed in the right-hand column of the table.

FIRMWARE UPGRADE MATRIX

Dell SonicWALL Firewall Current Running Firmware Minimum Required SonicOS
Firmware Version
NSA E5500/E6500/E7500/E8500/E8510
NSA 240/2400/3500/4500/5000
TZ 210/210W
TZ 200/200W
TZ 100/100W
5.3.x.x – 5.6.0.11 or older 5.6.0.12
5.9.0.0 or newer Upgrade not required
5.8.1.0 or newer Upgrade not required
5.8.0.0 – 5.8.0.7 5.8.0.8
NSA 2400MX 5.7.0.0 – 5.7.1.0 5.7.2.0
5.9.0.0 or newer Upgrade not required
TZ 205/205W
TZ 105/105W
5.8.0.0 – 5.8.1.5 5.8.1.6
5.9.0.0 or newer Upgrade not required
PRO 4060/4100/5060 4.2.1.6 Enhanced or older 4.2.1.7 Enhanced
PRO 2040/3060 4.2.1.6 Enhanced or older 4.2.1.7 Enhanced
3.1.6.5 Standard or older 3.1.6.6 Standard
PRO 1260 3.4.1.3 Enhanced or older 3.4.1.4 Enhanced
3.1.6.5 Standard or older 3.1.6.6 Standard
TZ 190/190W 4.2.1.6 Enhanced or older 4.2.1.7 Enhanced
TZ 180/180W 3.9.1.4 Standard or older 3.9.1.5 Standard
4.2.1.6 Enhanced or older 4.2.1.7 Enhanced
TZ 170/170W/170 SP 3.4.1.3 Enhanced or older 3.4.1.4 Enhanced
3.1.6.5 Standard or older 3.1.6.6 Standard
TZ 170 SPW 3.4.1.3 Enhanced or older 3.4.1.4 Enhanced
TZ 150/150W/150W Rev B 3.1.6.5 Standard or older 3.1.6.6 Standard
Product models not affected by this certificate issue include:

  • SuperMassive 9200/9400/9600
  • NSA 2600/3600/4600/5600/6600
  • NSA 250M/250MW
  • NSA 220/220W
  • TZ 215/215W

Not Even NASA’s data is safe!

For those of us who think we are pretty good at keeping our information safe, I would highly suggest you think again. Most leading government organizations have issues on keeping their data secure. Take for instance NASA. According to a recent article in Popular Science, NASA was targeted some 47 times last year by cyber criminals and they were successful 13 times giving hackers full control of critical NASA networks. They even lost the codes to control the International Space Station at one point.

NASA is often a target for cybercriminals and often NASA hardware is stolen. Between 2009 and 2011, 48 mobile computing devices were lifted from NASA or NASA employees. One of which containted those control codes for the ISS. Believe it or not, the device in question was not encrypted, and it appears that a lot of NASA devices are like this.

One would think that NASA, a pioneering government organization would have this type of stuff under wraps considering they have a 1.5 billion dollar a year IT security budget. It gives you the sense that if somebody really wanted to, they could easily get into your computer and get your personal information.

Furthermore, think of all of the companies and business that are not NASA, with much smaller IT budgets, that are targets all the time. Hackers could easily can access to these networks without anyone even knowing it and that often happens. A good recommendation is that you be very cautious with your personal information and where you put it. Doing research into security standards and checking to see if companies have had previous IT breaches.

You can also encrypt your hard drive with Windows BIT Locker or 3rd party software if you would like. You can use software such as Pretty Good Privacy (PGP), TrueCrypt, or CyberAngel.

You can never be too safe with your personal information!