Monday, April 23, 2018

Phone Scam Hitting several Sun City residents

Your customer this is to inform you that Microsoft Windows will be stopped on your computer call toll free 184-469-8833 extension 32 renew the license attention the license key of your computer has been expired call toll free 184-469-8833 extension 32 renew the license Dear customer support of your computer has been expired call toll free 184-469-8833 extension 32 renew Thank you.

Friday, April 20, 2018

Suddenlink Account email spoof

More and more email campaigns designed to entice you to click on a link.
 This one from Suddenlink.
 Use your instinct, your intellect, and your investigative skills to verify any and all links in emails that might require you to enter account information or passphrases.

Wednesday, April 11, 2018

Cutting the Cord Considerations

 Great interest in Cutting the Cord presentations given by the Computer Club. The iDevices SIG has talked about streaming from iPads, using AppleTV, and similar. The Internet of Things gave a full presentation on Cutting the Cord in August 2017 with followups from users using SmartTVs, Roku, Amazon Fire, Sling, Hulu, and similar. Many YouTube videos exist detailing using your Mac as a DVR and other techniques for acquiring content available from Suddenlink cable service.
 This post will cover cyber security concerns, so not over the air antennae, satellite content feeds, or Red Box
 If you have Suddenlink or similar cable service to your house for Cable TV, Internet, telephone land line, etc. the coax cable feeds into your house and the DVR and secondary units to take that coax cable TV signal to your TV, monitor or other display devices. When you add Internet service you get or provide a cable modem to access the Internet TCP/IP signal bandwidth. Most households then add a router or two, a Wireless Access Point (WAP) or more and use this home infrastructure to add all manner of useful devices. Internet door bells, smart phones, security cameras, tablets, and growing.
 Most routers and WAPs have some Internet security built in. Firewalls, WEB proxies and similar.

Over time you add wireless printers, smart TVs, laptops, security cameras, and now devices to stream video content to your display devices. It might surprise you to look at your router or WAP to see how many devices have been added over time. It also might surprise you to see rogue devices on your home network.

 My concerns with adding devices to your home network for video content:

1) If not done explicitly those devices get added to the same Virtual Network (Vlan) as your devices you use for banking, shopping, email, etc. WiFi uses encryption, but only for the data portion of packets. If a wireless device is on the wireless network it can decrypt those packets. For devices on the same Vlan a promiscuous device can "see" all traffic. Most of the streaming devices only need to get to the Internet, not to your home networked devices used for finance. Consider using the "Guest" network feature in most Wireless Access Points and/or routers. The Guest feature places the device on a separate Vlan that can get to the Internet but not the home network on another Vlan. Depending on the WAP the Guest devices do not use the same encryption password used to encrypt the data on wireless traffic packets. To gain access the Guest devices, supply a password on the first WEB attempted access. This Guest access password is not used for encryption. By default the Guest network name is your Service Set IDentifier (SSID) name with a "-guest" string appended.
 In addition to Guest access you can use Media Access Control (MAC) filtering. Each network device has a unique 48-bit address. Various means exist to determine the MAC address for each device. The wireless access point can filter these MAC addresses. The MAC address can be added to the allow list or the deny list.

2) Always on. For the remote control to work to turn these devices on, they have to be on listening to the remote. They are in low power mode, not streaming or performing their many other functions. If you sniff the air looking at the radio used by WiFi streaming devices you will see these devices almost constantly broadcasting packets when they are "off".

3) Plug and Play. If consumers had to configure their firewalls and security devices to get these devices to work "out of the box" the device sales might not be as strong. Consider a very wide variety of consumers firewall/router/wireless access points to configure for manufacturers of streaming devices to contend with. This issue is mitigated with Plug-and-Play to configure the ports needed for Internet access. On your router or Wireless Access Point look for a UPnP  setting. This is from a Linksys WRT 1900AC

4) Bandwidth - yours & theirs.  Video content can only travel as fast as the slowest link in the network packet delivery chain. Adding faster links in the network chain will not help due to the slowest link being a bottleneck. I advise creating a network topology map that includes the advertised link speed to and from each component.
For normal viewing of Internet delivered video content you probably have enough bandwidth with 100Mb/sec. Most of your devices can deliver 100Mb/sec. Internet service via cable modem has bandwidth limitations as well. Like airlines, bandwidth from Internet Service Providers (ISPs) is oversubscribed. If you have neighbors who have several streams of video and large downloads at the same time, your bandwidth will suffer. If one of those neighbors uses some of your bandwidth to satisfy their bandwidth desires... WiFi should be encrypted. Tools exist that can determine the WiFi encrypting passphrase given enough packets to analyse. Video content delivery provides that bandwidth.

5) Data Cap. Check your service agreement with your ISP. If you have a data cap and switch or add Internet video content delivery devices you might encounter a larger charge from the ISP. Even if your agreement does not charge extra for a data cap, your ISP may throttle delivery.

6) Most of the devices like Roku, AppleTV, smart TVs, smart DVRs, and similar are proprietary. The use of CPU, memory, network connection, WiFi settings, etc. are closed source. Thus no third party security assessments are performed. Security for small consumer WiFi devices does not have the economic driver to address security concerns as well as function and performance.

7) Though proprietary for function, most of these devices use embedded operating system and core applications. Those operating systems have both old and new vulnerabilities.

8) To address both of the above two issues, the manufacturer should issue firmware, operating system, and application patches and updates. To deliver these updates the Internet is used. The devices may automatically check, download, and apply updates. Or notify registered owners of the availability of updates. Strongly consider registering your streaming devices to be notified of updates.

9) I would advise to not automatically fetch and apply updates. Reason: anyone can take over or masquerade as a update server and deliver malware content.

10) A lot of processing power is in that small device. The more CPU power in a smaller space generates more heat. During streaming a Roku gets to 112 degrees F. These devices usually run until a timer of inactivity shuts them into power saving mode. Be aware of the power and heat. Provide enough air circulation in confined spaces, provide enough room around device to not scorch a wall. Use care in handling device after using. Protect children from skin contact.

11) Voice. Most of these devices can use voice to control these devices. Most use the Internet to interpret the voice command, then send the command(s) to the device. Recent court cases have allowed subpoena for ambient conversations. Recall "always on". I do not use voice control, nor any home voice control nor activated devices. I can see the lure. Security researchers have found ways to enable microphones on device remote controls even when the user has that function disabled.
Note: The same techniques are used to enable microphones and webcams on laptops and PCs.

Wednesday, April 4, 2018

Advice from SANS Institute on Facebook issues

 The SANS Institute is a company that specializes in information security and system administration. SANS provides a large curriculum of information and cyber security courses, tutorials, and certifications.
 The following is their advice on the Facebook issues raised after disclosure of information used by Cambridge Analytica after a gather by an application.
 My advice differs on the delete your Facebook account point. Once an account is deleted, services often reuse that account after a period of time. Thus someone or something can harvest deleted accounts and re-use them. Not just Facebook, yahoo, gmail, etc. In my opinion it is better to not use, but keep active such accounts.

 SANS message and advice:

Folks, we know and understand many of you have been following Facebook in the news about several big privacy incidents and allegations.  We wanted to provide you with a short summary of what those issues are, and more importantly what you can do to protect yourself.  First, a brief overview.  The US Federal Trade Commission is investigating whether Facebook violated terms of a 2011 settlement when data of up to 50 million users were transferred to Cambridge Analytica, a data analytics firm.  This data was originally collected from a Facebook app called “thisisyourdigitallife”.  The app not only collected extensive data from people who downloaded it, but the app connected data on their friends also.  This incident is raising a lot of questions, to include what other data has been collected by other apps, and how was that data shared.  Below are steps you can take to protect your privacy.  Note that while these steps are specific to Facebook, you should consider following the same steps for any social networking sites you use online.  In addition, Facebook will be making privacy changes in the coming months, as such, some of the links or options listed below may change. 
  1. Delete: If you are truly concerned about Facebook and no longer trust it, the most dramatic step you can take is to Delete Your Facebook Account.  If you do, your information cannot be recovered, so we recommend you download all of your past Facebook activity first from your settings page.
  2. Deactivate: The second option is to Deactivate Your Facebook Account, which is in your General Account Settings. This freezes your online activity to include disabling your profile and remove your name and photo from most things you've shared on Facebook.  However, you will still be able to message people.  Unlike Deletion, with Deactivation you can Re-activate your account, which means your profile and past activity is restored.
  3. Minimize Apps: The issue is not only what data Facebook collects about your activity, but what data any third party apps that connect to your Facebook account, apps such as Clash of Clans or What is Your Inner Age.  Only install apps you need and minimize what they collect.  Why do you think there has been such an explosion of these fun and free apps?  Because they make money harvesting your information. In addition, limit what others share about you with their apps in the “Apps Others Use” section. Finally, delete an app when you no longer need it or no longer trust it.  Not sure what apps you have?  Check out your apps page and review your apps. Every app you have is just one more opportunity for others to collect information about you.  
  4. Logins: Many websites (and apps) give you the option of using your Facebook account to login.  While that is convenient, it just means more data sharing is happening between that website and your Facebook account.  Protect your privacy by using a unique login for each and every account you have.  Can’t remember all of your passwords?  Neither can we, that is why we recommend a Password Manager.
  5. Sharing: Always be careful what you share with others.  If you do not want your parents or boss to read it, you probably should not post it.  Yes, you can use privacy options to control who can read your posts, but remember those can be confusing and change often, so what you thought was privately shared can become publicly available.
  6. Two-factor Authentication: Finally, while not related to privacy, one of the best steps you can take to securing any of your online accounts is to enable two-factor authentication.  This requires a second step to logging into the site.  This very simple step is one of THE most effective ways you can secure your online accounts.
Unfortunately, these steps are not as simple as we would like.  Facebook and other sites do this on purpose, they make money by collecting your information.  We want you to be aware that information is being collected about you and the steps you can take to protect yourself.  Finally, while these steps are specific to Facebook, keep in mind many other free sites have the same issues.

Tuesday, April 3, 2018

smishing phishing via SMS

 You might get SMS messages on your smart phone, tablet, or land line. The method may be new, but the intent is the same. A message designed to get you to respond, click a link, or open an attachment.
As I have mentioned these messages are getting more real than real.
 In this case it would appear someone is attempting to take over your Google accounts and Google is informing you so you can stop that attempt.


When you respond with the 6 digit code Google has sent you, they use that code to respond to Google and resets your Google password for all your Google accounts to the password they supply

 The scheme creates a sense of urgency and panic. Think. 
 Be careful.