Tech Friday

posted by Brian Thomas - 

  • FBI urges users to reboot routers to stop VPNFilter malware:
    • Malware named VPNFilter has led the FBI to urge users to immediately reboot routers after a report from Cisco indicated that 500,000 infected devices could be destroyed with a single command
    • Cisco's Talos Intelligence researchers found that routers made by Linksys, MikroTik, Netgear, and TP-Link had been infected with VPNFilter
    • The FBI indicated that VPNFilter was developed by the Russian state-sponsored hacking group Sofacy, also known as Fancy Bear and APT28
    • The nasty malware is capable of collecting data that passes through infected routers which includes sensitive information like login credentials
    • Even worse, it allows hackers to remotely erase a portion of an infected router's firmware making it useless
    • Attackers can target a single router or wipe all infected routers at once
    • "The FBI recommends any owner of small office and home office routers reboot the devices to temporarily disrupt the malware and aid the potential identification of infected devices" - FBI
    • The Stage 2 and Stage 3 components of VPNFilter can be removed by rebooting an infected router. The Stage 1 component of VPNFilter remains after a reboot, which could allow attacks to reinfect the device
    • The FBI seized a web site that was being used to control the routers and infected devices are now communicating with it
    • "Owners are advised to consider disabling remote-management settings on devices and secure with strong passwords and encryption when enabled. Network devices should be upgraded to the latest available versions of firmware." - FBI
    • It's not yet known how the attackers infected the routers, but many of the models have known vulnerabilities
    • Symantec wrote "Most of the devices targeted are known to use default credentials and/or have known exploits, particularly for older versions. There is no indication at present that the exploit of zero-day vulnerabilities is involved in spreading the threat"
  • Free VPNs are not worth the risk:
    • Virtual Private Network (VPN) technology uses encryption to allow you to use the internet as if you were on a private network
    • The encrypted connection is often referred to as a "tunnel"
    • A VPN helps protect anonymity and security, especially on public Wi-Fi networks
    • Many corporations require remote users to use a VPN to work remotely because data sent from a client to a server is encrypted in transmission
    • There are VPN services for personal use. They send your encrypted network traffic to a server operated by the VPN provider
    • In addition to keeping your data secure, your real IP address or location is protected, anyone snooping will merely see the IP address and location of the VPN server
    • If you're sending sensitive information, consider using encryption software to secure the data before it's put on the Internet. This will provide an additional level of security
    • While you can pay for premium VPN services, there are many free VPN services 
    • Running a VPN service can be expensive, you need equipment, people and bandwidth, that costs money
    • So before you use a free service, ask yourself, if you're not paying for it, how do they stay in business?
      • Some may collect and sell your data
      • Some may impose a bandwidth cap
      • Some may restrict performance
      • Some may subject you to ads
      • A recent study found that an alarmingly high number of VPN services offered for Android are little more than malware
    • You should thoroughly vet any VPN service you use
    • It's best to pay for a quality service
    • Be sure to read and understand the Terms and Conditions and the Privacy Policy
    • CNET has assembled a list of the best VPNs for 2018 here: https://www.cnet.com/best-vpn-services-directory/
  • Some sounds can cause system crashes:
    • University of Michigan and Zhejiang University security researchers have reported that  specialized sounds can cause damage to hard disk drives
    • They reported that certain audible sounds cause the drive head to "vibrate outside of operational bounds" and "ultrasonic sound causes false positives in the shock sensor, which is designed to prevent a head crash"
    • They were able to demonstrate the attack on hard drives from Seagate, Western Digital, and Toshiba
    • Problems occurring during testing included drives becoming unresponsive on Windows and Linux which required a reboot, and in some instances, a full system crash on Windows 
    • None of the hard disks failed completely, but all of the drives experienced remapped sectors and physical damage was found on at least one drive
    • Researchers indicated that the attack could be carried out via speakers in a device, or by speakers in close proximity
    • The researchers successfully carried out an attack using Chrome which shows that remote execution is possible
    • Some of these techniques were recently demonstrated at the IEEE Symposium on Security and Privacy
    • You can read the full report here: https://spqr.eecs.umich.edu/papers/bolton-blue-note-IEEESSP-2018.pdf
Brian Thomas

Brian Thomas

Based in Cincinnati, OH, the Brian Thomas Morning Show covers news and politics, both local and national, from a conservative point of view. Read more

title

Content Goes Here