Dec 31, 2013

New Leak Outlines How The NSA Hacks Your Computers

National Security Agency Seal
(Photo credit: DonkeyHotey)
An interesting report about one method the NSA's Tailored Access Operations (TAO) team hacks your computers using known vulnerabilities in the Internet as well as hardware and software.

Via AP:
Some of the attacks described by Der Spiegel exploit weaknesses in the architecture of the Internet to deliver malicious software to specific computers. Others take advantage of weaknesses in hardware or software distributed by some of the world's leading information technology companies, including Cisco Systems, Inc. and China's Huawei Technologies Ltd., the magazine reported.

Der Spiegel cited a 2008 mail order catalog-style list of vulnerabilities that NSA spies could exploit from companies such as Irvine, California-based Western Digital Corp. or Round Rock, Texas-based Dell Inc. The magazine said that suggested the agency was "compromising the technology and products of American companies."
That part is really not that shocking, as that is the typical way hackers gain administrator access to your computer. The shocking revelation is one way the NSA gains physical access to new hardware you purchase by intercepting your online computer equipment orders in transit to plant bugs or other spy equipment.
Old-fashioned methods get a mention too. Der Spiegel said that if the NSA tracked a target ordering a new computer or other electronic accessories, TAO could tap its allies in the FBI and the CIA, intercept the hardware in transit, and take it to a secret workshop where it could be discretely fitted with espionage software before being sent on its way.

Intercepting computer equipment in such a way is among the NSA's "most productive operations," and has helped harvest intelligence from around the world, one document cited by Der Spiegel stated.
The article also says that the NSA has the ability to spy on Microsoft crash reports.
One of the most striking reported revelations concerned the NSA's alleged ability to spy on Microsoft Corp.'s crash reports, familiar to many users of the Windows operating system as the dialogue box which pops up when a game freezes or a Word document dies. The reporting system is intended to help Microsoft engineers improve their products and fix bugs, but Der Spiegel said the NSA was also sifting through the reports to help spies break into machines running Windows. One NSA document cited by the magazine appeared to poke fun at Microsoft's expense, replacing the software giant's standard error report message with the words: "This information may be intercepted by a foreign sigint (signals intelligence) system to gather detailed information and better exploit your machine."
So the moral of the story might very well be as simple as purchasing your computer equipment locally, building your own computer and get rid of Microsoft Windows and switch to Linux!

What do you think about this? Let us know in the comments.
Enhanced by Zemanta

Dec 30, 2013

How Secure is Alex Jones's Prison Planet? Not Very


Before I get too involved in this let me first say that I am actualy a fan of Alex Jones and his Infowars site, as well as his Nightly News program on PrisonPlanet.tv. In fact, I have a similar website called Mainwashed where I did a video talking about how to read Infowars to get valuable information.

Check it out:



So now you know that I am a fan, and this is not just an attack on Alex or his team. This is simply to point out a major security flaw I noticed the other night when I was logging into PrisonPlanet.tv to check out the Nightly News show. That security flaw is in how Alex's team has implemented SSL encryption when you login to PrisonPlanet.tv or go to sign up for a subscription.

I'm a Network and Security Manager by trade, so one of my duties at the company I work for is to make sure our websites are secure and PCI/DSS compliant. One of the biggest part of that process is implementing SSL/TLS encryption properly. I have written about how to do that in the past for both Windows and Linux servers. Basically, I know what I'm talking about here.

Anyway, when I logged into PrisonPlanet.tv the other night I happened to notice the SSL icon in my address bar. Like I always do, I checked out the certificate information, but I went a step further and ran a test of the website on SSL Labs. The result? Alex's site got an 'F' rating!

As you can see above, the certificate he uses is fine, but the key exchange they have enabled, as well as the cipher strength is piss poor! Because of this poor implementation their site is vulnerable to a CRIME attack or a BEAST attack.

They have a badge from Authorize.net at the bottom of their login page that says they are secure too:


Well that is clearly not the case is it?

If you are new to PrisonPlanet.tv and were planning on signing up for a subscription, you can still do it securely if you use the PayPal option that they offer:


In conclusion, the PrisonPlanet.tv website is not a secure as it could be. Their SSL implementation is vulnerable to various attacks because is allows the use of weak ciphers and key exchange. If you are going to sign up for a subscription, use the PayPal option.

What do you think of this? Let us know in the comments.

Dec 24, 2013

More Ubuntu Sticker Action Shots

Hello everyone, I was emailed some more pictures of the free Powered By Ubuntu stickers I offer in action! This time the pictures come from Luiz of Brazil!

Here's the first one:


Here is the second picture that is more of a close-up of the keyboard area:


Looking pretty good right? Luiz said that this is his brand new laptop. I think it looks pretty snazzy with the Ubuntu sticker on it. It's certainly better than a Windows sticker right?

If you want some free Powered By Ubuntu stickers you can get them here: (Ubuntu Stickers)

If you get some, be sure to email me some pictures so I can share them with everyone!
Enhanced by Zemanta

Dec 23, 2013

How To Speed Up Immunet Free Antivirus

A while back I wrote about a free for corporate use antivirus solution called Immunet. The cool thing about it is that it has the tried and true ClamAV engine built into it for offline protect when not connected to the Internet. Plus it give ClamAV the power of on-access scanning which is something that ClamWIN does not have.

The problem with Immunet though, despite their claims, is that it is kind of a resource hog. We put it on our user's computers at work for a while, but then we received a lot of complaints about performance issues.

There is a really simple solution though. You see, by default Immunet has two cloud detection engines enabled. One is called Ethos, and the other is called Spero. These require your computer to be connected to the Internet, and they rely on the community to detect malware on your computer. The trick to speeding up Immunet is to disable the cloud detection engines and just leave ClamAV enabled. You can set this in the scan settings:


After doing disabling the cloud engines performance was greatly improved, and my machines were still protected from viruses with ClamAV.

Dec 20, 2013

Up in the Air: Data Continues to Move to the Cloud

Tech enthusiasts salivate over shiny new gadgets and fancy titles, but one of the biggest technological shifts is happening out of sight. Data and programs are slowly migrating to the cloud, a general term to describe web-based servers that users can access anywhere they have an Internet connection. The cloud is raising security levels and lowering operating costs, and soon it will be a $100 billion industry, Forbes.com notes.
Chances are you already use the cloud in some capacity, whether through email or streaming services. Businesses and personal users alike can take advantage of this convenient technology to boost their bottom lines and improve their overall computing experiences.

Old vs. New

In order to understand the cloud, consider life before it. Computing took place on local servers, meaning if you wanted to run a program or store data, you needed the server hardware to support it. Not only was this practice expensive, it was also impractical. If you wanted to scale your operation, you needed more servers, more space and more time. The cloud was a revelation for large-scale computing professionals. With a virtual network, they no longer needed their own hardware. Data lived in remote servers, and professionals could rent more or less space as needed. This lifted the burden of having to set up an in-house IT department and lowered operating costs. Now, cloud computing is following its own lead and scaling to provide this convenience on a global level.

Cloud Computing Providers

Providers are scrambling for a share of this relatively new market. A combination of established tech veterans and up-starts promise the most reliable storage service at the best rate. Google offers customizable cloud storage options starting at $0.063 per GB per month. Game developer Ubisoft used Google's cloud to get its game up and running on the web browser. Lesser-known providers offer unique perks. A review of Just Cloud storage notes that the service is compatible with Windows, Mac and Linux systems. If your system has special requirements, chances are a cloud-computing provider will be able to accommodate your needs.

The Cloud and You

Whether you're a business owner or personal user, cloud computing can enhance the way you store and access data. A small business who deals with a large quantity of data doesn't have the budget to purchase servers and hire IT pros. The cloud offers all the capabilities of high-performance servers without the investment. Not only is it good on the bottom line, this virtual network is also handy on the road. Access documents from that coffee shop across the country as if you were in your office.
Students will appreciate the convenience of cloud computing. With a service like Dropbox, they can load documents to their accounts and access them anywhere. No more losing papers after a hard drive crashes. Cloud computing is the fool-proof way to keep documents secure and accessible. Computing is headed to the cloud. Make the shift and you'll find that the landing is smooth.

Dec 19, 2013

I Was So Wrong About CyanogenMOD For Prism-Breaking Your Android Device

A few months ago I wrote about using CyanogenMOD along with a number of security tools to try to limit the amount of spying the NSA can do on your phone. Sure, some things you can't prevent. Things like the NSA capturing your cell phone location information from towers and such, but my article should have been able to prevent anything from Google (Complicit in the PRISM program) from sending your information to the NSA.

Well I just upgraded my phone to CyangogenMOD 10.2.0 and after the upgrade I went to check my version to ensure the upgrade went okay and I noticed the following:



Yes, you saw that correctly. CyanogenMOD ships with SELinux installed by default. You are probably saying, "so what?"

If you've never heard of SELinux here is a description from the NSA's website (NSA is the creator of SELinux):
As part of its Information Assurance mission, the National Security Agency has long been involved with the computer security research community in investigating a wide range of computer security topics including operating system security. Recognizing the critical role of operating system security mechanisms in supporting security at higher levels, researchers from NSA's Trusted Systems Research Group, formerly the National Information Assurance Research Laboratory, have been investigating an architecture that can provide the necessary security functionality in a manner that can meet the security needs of a wide range of computing environments.
That architecture is SELinux. That's right, the very people I was trying to protect against makes some of the software! That means a very REAL possibility of a backdoor in CyanogenMOD!

Of course CyanogenMOD says this about SELinux:
SELinux is not a backdoor for government agencies to spy on you. It is not PRISM, PROMIS, CARNIVORE, The Great Firewall or any other ominous Big Brother-like initiative.
Oh really CyanogenMOD? Why do you say that? Because the NSA told you so, and they have been so trustworthy lately? Nonsense!

No, if CyanogenMOD really wanted to protect user's data they would scrap SELinux, and go for a true open source alternative like AppArmor.

I guess there really is no good way to try and prevent NSA spying on your personal devices. Not when the NSA is collaborating with most smartphone manufacturers. The only real option is to wait on Ubuntu phones to hit the market. Hopefully that will come to the market sooner rather than later.

Dec 18, 2013

Simple Script To Backup Files From a Linux Server Via SCP and SSH

Tux, the Linux penguin
 (Photo credit: Wikipedia)
I mentioned a little while back that I had replaced all of my Windows machines at home with Ubuntu. Well, one of the machines that I replaced was running a weekly backup job using WinSCP to go out and pull backup files from my personal email server so I would have a copy off site from my cloud hosting provider.

Since that machine is now running Ubuntu, I had to do the same thing, but use a shell script with SCP and SSH instead. SCP pulls the files from the email server, and I then use SSH to clean up the files once I have them copied. The problem is that when you use SSH or SCP you are normally prompted with a password right?

Well to remedy this all you have to do is generate a key pair to use for authentication instead. To do that do the following from a terminal as root (sudo su):
  • ssh-keygen -t rsa
  • ssh-copy-id -i ~/.ssh/id_rsa.pub user@remotehost
If your remote server uses an alternative port for SSH like mine does, you can add the -p option after ssh-copy-id like this:
  • ssh-copy-id -p PORTNUMBER -i ~/.ssh/id_rsa.pub user@remotehost
Please note that when you run ssh-keygen -r rsa just hit enter after all the prompts so no password is necessary. YOU NEED TO MAKE SURE THIS KEY IS SECURED THOUGH. I for one use full disk encryption at home, so this key should be pretty well secured.

Once that is done you can now run SCP or SSH without being prompted for a password. Here are the commands I added to my shell script  to first pull the backup files I wanted, then once I had them downloaded SSH deletes them from the server:
scp -P PORTNUMBER user@remotehost:/bak/*.cpt .
ssh -p PORTNUMBER user@remotehost rm /bak/*.cpt
If you are wondering what the *.cpt extension is, I explained that I first encrypt my backups in a previous post. Also the '.' at the end of the first command assumes you want the files downloaded to you current directory. You need to change that if you want it downloaded somewhere else.

Anyway, now I have my script being run as root weekly via cron on my home computer, and once again I have some peace of mind!

Dec 17, 2013

AT&T Adds New Patent That Can Detect File Sharing and Block Access to File Sharing Sites

AT&T Logo Parody (black background)
 (Photo credit: ElectronicFrontierFoundation)
Do you share files? Do you download files via bit torrent? Do you use AT&T as your Internet provider? Well get ready for their latest patent that allows them to detect file-sharers on their network, perform risk assessment of said files, and limit access to file sharing sites!

From RT:
Internet service provider AT&T recently added a new anti-piracy patent which features technology that can detect file-sharers on its own network, assigning risk assessment to users and potentially limiting alleged pirates’ access to file-sharing sites.

A new patent awarded to the telecom giant’s Intellectual Property division depicts a system that can classify unauthorized file-sharing users, designate them within a “risk category,” and take actions to counter future objectionable behavior.

The patent, titled “Methods, devices and computer program products for regulating network activity using a subscriber scoring system,” seems mostly aimed at combating online piracy - an ongoing target of internet service providers like AT&T, entertainment lobby groups such as the MPAA, and the Obama administration alike. 
In the article there is no mention of using VPN services like TorrentPrivacy to keep your ISP from snooping on your file sharing activities though. I would venture to say that if you are using a VPN service you will probably be safe because those tunnels are encrypted which prevents ISP's like AT&T from seeing what you are really doing.

What are your thoughts on this? Let us know in the comments!



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam