Posts

The problem with Heartbleed

Heartbleed is a much-publicized security flaw in the OpenSSL cryptography library; an update to this OpenSSL flaw was published on April 7th, 2014, which was (coincidentally?) the same day that the flaw was disclosed.

OpenSSL runs on secure web servers certified by trusted authorities; it is estimated that about 17% of secure web servers may be vulnerable to an attack based on the Heartbleed flaw, which could compromise the server’s private keys and end-user passwords and cookies.

Fortunately, most organizations with secure web servers have taken steps to identify and fix this flaw.  And, to date, no known exploitations of this flaw have taken place.

Unfortunately, this flaw has been around for over two years and leaves no traces; if exploited, there would be no ready evidence that anything was wrong.

At the moment, there is not much any end-user can do except to logout of any secure web server that has not been patched.  (See http://filippo.io/Heartbleed/, a site created by Italian cryptographer Filippo Valsorda, which claims that it can identify unpatched servers.)

Http://money.cnn.com/2014/04/09/technology/security/heartbleed-bug/index.html contains an informative article and video by Jose Pagliery at CNN Money.

CryptoLocker Case Study

The following event depicts a real-life malware attack that infected a New England manufacturing firm. The company has chosen to share its story anonymously to help other businesses avoid a similar fate.

The unsuspecting sales rep certainly reacted in a way anyone would expect. He received an email with a voicemail attachment that looked like it came from the company CEO. When the CEO calls, reps jump to attention, and at this particular manufacturing firm based in New England, the business relies on a communication system that sends voicemails as email attachments. So the sales rep had no reason to suspect anything was wrong.

As it turns out, something was very wrong.

Click the link below to read the full article.

Bryley — CryptoLocker Remediation — 2013

Hackers Hijack Email Contacts

Have you received a rogue email from a friend or acquaintance that seems out of character?  For example:  Why is Aunt Mildred calling me “Friend” in her email?  Or, does neighbor Fred really want me to invest in Nigeria?

Odds are, their email accounts – particularly if located at online services like Gmail, Yahoo! Mail, or Windows Live Hotmail – have been hijacked.  (Visit About.com at About.com:Free Email Review for a review of the top 16 free email services by Heinz Tschabitscher.)

With an online service, the email application is cloud-based; the application does not reside locally on the computer, so it is probably the online account that has been compromised.  (Your PC could also be infected, which is discussed later.) Typically, the password is discovered, providing an easy entry to stored emails (which could contain sensitive information) and a contact list that can be exploited.

If this happens to you, login to your account and take these steps:

  • Change your password – Use a complex password with at least eight upper and lower-case characters, numbers and special characters.  (Please See the January 2013 issue of Bryley Tips and Information for the article “Simple passwords = disaster” at Bryley-Tips-and-Information-January-2013
  • Change your Recovery Information (challenge questions) – If the hacker has account access, he/she can retrieve your challenge questions.  Using these questions, he can then reenter the account after you change the password.
  • Set the highest-possible level of security – Select the highest-possible level, even though it adds complexity to the login process.
  • Check related accounts – You might have put passwords into saved emails that the hacker can now access.  Change your passwords and your Recovery Information on all other accounts that might have been compromised.
  • Contact list – Email the folks in your Contact list and tell them:  “I am having an issue with my email account, which I am addressing.  Please contact me if you receive an unusual email that appears to have come from my email address.  Do not open any links within the email itself.”
  • Backup emails and contacts – Backups allow recovery; backup your contacts whenever you add or change a contact.  Backup your emails as often as necessary to keep from losing stored emails.

As with any account, change your password regularly and change your challenge questions periodically.  Visit the About.com article on how to change your Gmail at About.com: Change Your Gmail Password.

For a related article by Leo Notenboom at Ask Leo, please visit Ask-Leo.com: How to stop someone sending email with my address.

If the email application reside locally and connects to a secure site, your PC would be suspect and should be interrogated by virus and malware scanners.  You should also scrutinize your Microsoft Outlook contacts and rename the Contacts folder.

It is still possible that your computer is infected; your account information might have been recovered through a keyboard logger that records your keystrokes and sends them to the hacker.  If so, you need to clean-up your computer before taking the steps above.

DNS-changing malware in the news this week

A well-publicized, DNS-changing malware was detected and temporarily thwarted by the FBI late last year.  The FBI will remove its temporary fix at midnight on Monday, July 9th, which could cause any remaining infected machines to lose their Internet connection.

 

Windows-based PCs managed by Bryley Systems under our Comprehensive Support Program are not at risk.  The risk to all other PCs exists, but most carriers of the DNSChanger malware had been notified previously.

 

To determine if your PC might have this malware, please visitwww.DNS-OK.us, a US site created to check the DNS settings on your computer.  If infected, the banner on this site will be red in color and will alert you.  (A Canadian version of this same test is available athttp://www.dns-ok.ca/. in both English and French.)

 

There are tools to remove this infection, but please feel free to contact us at 978.562.6077 if you require assistance.

 

 

See DNS-Changer Malware for additional information.