Thursday, September 21, 2017
Monday, September 18, 2017
CCleaner warning
Reports of some versions of CCleaner are reported to contain malware.
If you have ever downloaded or installed CCleaner v 5.33.6162 or CCleaner Cloud v 1.07.3191 your PC or android device may be infected. The malware harvests data. Some reports indicate the infection was on the 32-bin version only.
This is just one of many reports of a vendor having their products modified at the download site with malware.
Be careful out there.
If you have ever downloaded or installed CCleaner v 5.33.6162 or CCleaner Cloud v 1.07.3191 your PC or android device may be infected. The malware harvests data. Some reports indicate the infection was on the 32-bin version only.
This is just one of many reports of a vendor having their products modified at the download site with malware.
Be careful out there.
Sunday, September 17, 2017
Friday, September 8, 2017
Equifax data breach
If you have not heard by other means, Equifax is reporting a data breach. A large number of people have had their data stolen.
Some words of caution:
Other data breaches in past are not reported until after the fact. In most of these cases the target (sic) is unaware until the data is posted, sold, or the list otherwise comes to the attention of the company. Then the process begins. Is this really our customer data? If so does similar data exist at other sites that could have been compromised? Can we use our logs, records, data to determine when and how this breach occurred? Then the notifications, remediation, and other processes begin.
The Yahoo breaches occurred when it was noted their list was for sale.
No matter of the security placed on the data, the insider threat always remains. A trusted employee walks the data out of the perimeter.
These breaches of personal information will continue. You can't prevent them. So being situationaly aware is probably your only option. Monitor your data, personal information, and Internet presence.
For the Equifax breach you are offered a service to monitor your account.
The Washington Post advises to proceed with caution.
The "Am I affected" web pages asks for personal information, as they should. They would need that information to determine if you were affected. But you are giving personal information to a site that has lost your information at least once. If this was an inside job or if the vulnerability that allowed the breach still exists the fact you've verified the stolen information has value.
To signup for the protection, you wave your rights to join a class action suit in future or take other legal actions. You waive those rights by agreeing to the Terms of Service. These Terms of Service are changing almost hourly, so read, understand, and keep a copy of the Terms of Service you have agreed to if you do agree.
Other advice on the Internet:
Monitor your identity, financial data, etc. via other means - you should be doing this anyway.
Increase awareness for email, phishing, SMS messaging, social media, etc. that might be using the stolen data to abuse any trust relationships.
UPDATE: It is reported that if/when you set an alert or freeze at Equifax you get a PIN to unfreeze or lift the alert. The PIN appears to not be random, but a number based on the date/time of the freeze or alert. a 10 digit pin with low entropy (and easily guessed) is not optimum.
In SIG meetings we mentioned vulnerabilities with Apache struts. The fix for these vulnerabilities usually required a rebuild of the webpage using struts. Not a trivial task with a complex site.
Be careful out there.
Some words of caution:
Other data breaches in past are not reported until after the fact. In most of these cases the target (sic) is unaware until the data is posted, sold, or the list otherwise comes to the attention of the company. Then the process begins. Is this really our customer data? If so does similar data exist at other sites that could have been compromised? Can we use our logs, records, data to determine when and how this breach occurred? Then the notifications, remediation, and other processes begin.
The Yahoo breaches occurred when it was noted their list was for sale.
No matter of the security placed on the data, the insider threat always remains. A trusted employee walks the data out of the perimeter.
These breaches of personal information will continue. You can't prevent them. So being situationaly aware is probably your only option. Monitor your data, personal information, and Internet presence.
For the Equifax breach you are offered a service to monitor your account.
The Washington Post advises to proceed with caution.
The "Am I affected" web pages asks for personal information, as they should. They would need that information to determine if you were affected. But you are giving personal information to a site that has lost your information at least once. If this was an inside job or if the vulnerability that allowed the breach still exists the fact you've verified the stolen information has value.
To signup for the protection, you wave your rights to join a class action suit in future or take other legal actions. You waive those rights by agreeing to the Terms of Service. These Terms of Service are changing almost hourly, so read, understand, and keep a copy of the Terms of Service you have agreed to if you do agree.
Other advice on the Internet:
Monitor your identity, financial data, etc. via other means - you should be doing this anyway.
Increase awareness for email, phishing, SMS messaging, social media, etc. that might be using the stolen data to abuse any trust relationships.
UPDATE: It is reported that if/when you set an alert or freeze at Equifax you get a PIN to unfreeze or lift the alert. The PIN appears to not be random, but a number based on the date/time of the freeze or alert. a 10 digit pin with low entropy (and easily guessed) is not optimum.
In SIG meetings we mentioned vulnerabilities with Apache struts. The fix for these vulnerabilities usually required a rebuild of the webpage using struts. Not a trivial task with a complex site.
Be careful out there.
Subscribe to:
Posts (Atom)