Monday, February 27, 2017

Interesting email and domain

I got this email recently.


SPAM. Yet another attempt to gain credentials. Interesting is that the link yields:

http://www.aya-manz.tk/

The Domain Name Service (DNS) indicates the domain is registered in Tokelau. Spell check does not recognize the name of a small group of islands with a total population of 1400.
 However the country code of .tk is the third largest by number of domain names in the world. Any/everyone can register a domain in Tokelau.

 Care should always be used for links in email (e-postcard) and web sites.


Monday, February 20, 2017

WARNING!! iPhone and WIFI wireless

 Your iPhone may connect to WiFi and leak information without your knowledge.

 Recently I was sniffing WiFi at our house. I noted some airline WiFi names. Recall WiFi is just radio. Though we are close to a landing path I did not think WiFi would have the range to be picked up by my radio sniffer. A WiFi sniffer will listen on WiFi radio frequencies and display the name and traffic it sees. Investigating further I found other WiFi names. Hotels, cafes, and others. Those were not in range
 When you associate with a WiFi service at a point other than your house the iPhone places that WiFi name in a Preferred Network List (PNL). When you get within range of a WiFi name on the PNL and you are not associated with another WiFi name, the iPhone or other device may associate with the WiFi name you have used in the past. Convenient. Risky!!
 Why risky?
 With a WiFi sniffer (easily obtained and used) anyone can see the WiFi names in the PNL list as the iPhone keeps beaconing the WiFi names in its PNL to associate with. If one is found it will connect and you get WiFi service. If anyone can see these beacons, they can name their rouge WiFi access point to a name in your iPhone's PNL and your iPhone or other device will associate. Usually without your knowledge or permission.
 This requires your WiFi device to not be associated with another WiFi service.
 Think of attending a computer club meeting at the ballroom. You are not in range of your home, Anyone has setup a WiFi access point with a name in a device's PNL, the device associates, you get service. The person in control of the rogue WiFi access point can and will see all traffic while this association is active.
 Most devices allow you to remove a WiFi service name even if it not in range. It is good security practice to keep the PNL to only the WiFi names you use regularly. With the iPhone you can not see the PNL with names not in range. Thus these names are 'hidden' and thus a potential for risk.

 Until Apple addresses this problem:
 Make it a practice to remove a temporary service when you leave a hotel or other place you have used that WiFi service.
 Use Settings -> General > Reset-> Reset Network Settings.
NOTE: You will have to (re)add your WiFi and other network settings!!

Friday, February 17, 2017

Cyber Security Presentation 2/16/2017



Help me help the Cyber Security SIG

An open letter from the Sun City Cyber Security SIG

 Securing information in the current environment of the Internet is difficult. Daily non-fake news accounts indicate how difficult the tasks can be.  Large corporations, security specialists, national security agencies, and many other have had published compromises of their information and/or security. Many other non-published security incidents have occurred.
 In my training most courses take 40-60 hours of classroom sessions, many hours of lab exercises and practical testing. The courses are narrow in scope so many such courses to base knowledge to tackle the current security scope.
 The Sun City Windows SIG leader has the same issues I face with the Cyber Security SIG. How to convey the topics to those with interest at a level for all? His advice was to understand what you can, ask questions on the rest, and research what you need. I did not get “it” the first time, nor the second, or third. Gaining knowledge in a very rapidly changing environment requires effort.  Most of that effort is my part. I will take more time on laying basic concepts before moving to the more complex material. The sessions of the Cyber Security SIG thus far have been designed to bring important concepts to your attention to make your cyber interactions safer as rapidly as practical.
 Your part is to keep me more informative and less technical. Do this be asking the questions that most everyone else if thinking. We are a small group, we can share.
 Thank you for your interest and attendance. Please use SCCCCyber@gmail.com to enhance your Cyber Security SIG experience.


Tuesday, February 7, 2017

HowTo View Digital Certificates in Browsers - Most of them

 In previous Cyber Security SIG presentations how digital certificates work to encrypt data in transit from browsing web sites was discussed. What was not discussed was how to view the digital certificate so one could determine if trust should be gained by viewing the digital certificate details.
 Thus this blog post.

 I will start with Safari on MacOS.

In this case the site's certificate does not match the site. This mismatch was a popup from Safari with no interaction from the user. Proceeding from this warning should be done with caution.
 So, how to view digital certificates that do not cause a warning popup? From the address bar click on the lock icon.
Then a popup appears so one can show the certificate details.
The details:


For Firefox
 a similar popup warning for a mismatched digital certificate. 
using either circled button will provide ore detail on the issue or problem.
 For sites with no reported problem:

Now click through the green lock icon to access the digital certificate details. The lock icon may be gray, a gray globe, a gray warning triangle, or a orange warning triangle. Clicking on each will provide the detail needed to proceed or exit the site and/or browser.

For chrome a similar method

and for more information use the information icon next to the URL:
Any of the menu items can be used to gain more information on the current page or the Chrome browser.

Microsoft Edge.
 I thought I was missing something when no method I could find allowed viewing the digital certificate. The Edge browser gives warnings, the lock icon changes color, and an effort to verify the site all exist and function. Just no way for an Edge user to view the certificate from the browser. A request to add that capability is open with Microsoft. Until then use Chrome or other browser for certificate investigations.

I'll answer any questions at the Cyber Security SIG meetings.