Tech Friday

 
  • You should update or disable Adobe Flash immediately:
    • Kaspersky has identified a new Adobe Flash zero day flaw that is being exploited in the wild
    • Kaspersky reported that an attacker known as BlackOasis successfully exploited the flaw on October 10, 2017
    • The Kaspersky team believes that BlackOasis was also behind another zero day attack reported in September 
    • FinSpy, a commercial malware application, is deployed through a Microsoft Word document in the attack
    • FinSpy is usually sold to governments and law enforcement agencies, typically to conduct surveillance on local targets
    • FinSpy surreptitiously connects to command and control servers in Switzerland, Bulgaria and the Netherlands which can then exfiltrate data
    • Kaspersky has identified victims of the attack across the globe including Russia, Iraq, Afghanistan, Saudi Arabia, Iran, the Netherlands and the United Kingdom
    • Kaspersky Lab's Anton Ivanov said this is the third time FinSpy has been used in zero-day attacks
    • Kaspersky wrote that the more recent version of FinSpy has implemented anti-analysis techniques so that it's more difficult to analyze
    • Adobe Flash users are urged to install the patch from Adobe immediately or disable Adobe Flash
    • You can read the Kaspersky press release here: http://www.businesswire.com/news/home/20171016005821/en
  • Windows 10's intrinsic antimalware solution is not enough:
    • Windows has included a built-in antimalware suite known as Windows Defender which also includes a firewall for some time
    • Defender ensures that every Windows PC has some protection and Defender's capabilities and features have advanced considerably over time
    • It's easy to use and always on if another solution is not present
    • A recent PC Magazine review took a hard look at Defender vs other 3rd-party antimalware suites
    • Four labs that test and compare antimalware suites gave Defender average scores whereas several free antimalware suites scored much higher
    • Defender doesn't detect adware and potentially unwanted programs (PUPs, crapware, bloatware) which are lower risk. Most other suites provide the option to detect and remove these
    • PC Magazine reported that while most antimalware can clean and restore and infected file, Defender can only eliminate the whole file
    • PC Magazine gave Defender a low score on blocking malicious URLs which are sites known to host malware
    • Defender earned mediocre scores on blocking Phishing, which is a major attack vector
    • For those who don't want to pay for antimalware protection, but want something better than Defender, PC Magazine has awarded their Editors' Choice designation to Avast Free Antivirus and AVG AntiVirus Free (Avast has purchased AVG)
    • I use AVG AntiVirus Free
    • You can see the full list of PC Magazine's ratings here: https://www.pcmag.com/article2/0,2817,2372364,00.asp
  • Disk wiping, fact vs fiction:
    • More data is being generated and stored than ever before both by people and machines, it’s estimated that in 2012 2,500,000,000,000,000,000 (2.5 quintillion bytes) were created each day
    • Eventually devices become obsolete or die. Whether you refurbish, re-purpose, sell or dispose of these devices, what about the data they contain?
    • Two MIT Graduate students did a study in 2002 and found detailed personal and corporate financial records, numerous medical records, gigabytes of personal email and pornography on 158 used disk drives
      • The disk drives were purchased for less than $1,000 from eBay and other sources of used computer hardware. Only 12 were properly sanitized.
        • Of the disk drives acquired, 129 were functional.
        • On one of the "formatted" disks they found more than 5,000 credit card numbers.
        • One of these drives apparently came from an ATM in Illinois and contained a year's worth of financial transactions
    • Any device that has personal or business data (PII or PHI) should be sanitized before it is surrendered for any reason!
    • Erasing is not enough. Deleting files and/or formatting a drive will NOT actually destroy the data on it
    • There is argument about how many times data must be overwritten to make it unrecoverable, but there are many approaches that can work
    • The type of device, traditional magnetic disk versus solid state disk comes into play in the method
    • Options to sanitize a device or media:
      • For a computer, use a software tool like DBAN, WipeDisk or KillDisk to securely destroy the data
      • Encrypt the disk/device and destroy the key
      • Physically destroy the disk or device with a strong magnet, hammer, torch or shotgun
      • Some recycling companies will wipe data and give you a certificate that it’s been safely destroyed
      • Mobile: Take the SIMM card out and remove any memory cards
        • iOS: iPhone, iPad and iPod have encryption when used with a password. Go to Settings, General Reset to wipe the device.
        • Android: Trickier do to because there are so many versions. Enable encryption. Use Factory reset option
      • Don’t forget to ensure that any removable media (flash drives, external disks, etc) is removed and/or sanitized
    • For more information, read this paper: https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
Brian Thomas

Brian Thomas

Based in Cincinnati, OH, the Brian Thomas Morning Show covers news and politics, both local and national, from a conservative point of view. Read more

title

Content Goes Here