Anti-Ransomware Advice

Here is a really good list of steps to help keep you safe from Ransomeware. The article is long, but stick with it and read all the headings – there are some good ideas you can easily implement. There are also some suggestions that are hard to stomach, but knowledge is power.

The Anti-Ransomware Protection Plan You Need to Follow Today

Personally, I use Time Capsule (network backup solution) for my Mac and it is a bummer to think that Ransomeware could find this network device and encrypt my backups too. I’ve taken to making a monthly snapshot on a USB drive for worst case recovery.

FDIC disabling removable storage

The US FDIC has recently come under fire for a series of insider data leakages. Getting hacked by your own employees is the elephant in the room for every organization. We harden our organizations from outside attacks, but insiders need efficient access to data in order to do their jobs.

FDIC to Enhance Cyber Security after Insider Attacks

One of the big changes happening at FDIC is disabling removable storage like USB keys and drives. I’ll be curious to see how this works from both an efficiency and effectiveness standpoint.

In most of my dealings (with smaller companies), the thought of clamping down on removable media is impractical.  Anyone who has millennials in their workforce know that restrictive technology policies are anathema to these energetic workers. Check out this excerpt from Fortune magazine.

The companies that top Great Place to Work’s first-ever ranking of the 100 Best Workplaces for Millennials stand out for their ability to engage this generation, recognize their talents and give them a significant role where they can make a difference. At these companies, pay, profit sharing, and promotion decisions are executed fairly; everyone gets a shot at special recognition; and workers have a say in decisions that affect them. These workplaces exhibit strong, open, two-way communication; a high tolerance for risk-taking; high levels of cooperation and support among employees; and reduced roadblocks to innovation, such as internal politics.

The best solutions I’ve found for insider threats are training and strong corporate culture. Make sure your employees know the policies and that your culture promotes the benefits of protecting all that information they are entrusted to access.  Protecting your organization from insider leaks with technology is super difficult — and it won’t prevent a determined insider from getting data out.

Most Exploited Bugs

A new major study conducted by Hewlett Packard Enterprise has some really good information. Get your copy here:

http://techbeacon.com/resources/2016-cyber-risk-report-hpe-security

My favorite finding from ReversingLabs is that the most exploited bug in 2015 was the same as in 2014 — it was discovered in 2011 and patched in 2012 and again in 2015. CVE-2010-2568 is an old Windows shell bug with .pif files.  Patch this now!

Not sure exactly what it says about ReversingLabs’ clients that they have all this data and yet can’t deploy this patch.

 

Father of Bitcoin?

Australian Chris Wright has claimed to be Satoshi Nakamoto — the creator of Bitcoin. If true, this puts an end to one of the biggest cyber mysteries of the 21st century.

http://www.economist.com/news/briefings/21698061-craig-steven-wright-claims-be-satoshi-nakamoto-bitcoin

The Bitcoin faithful will spend the next year on conspiracy theories, but I’m guessing the Economist and BBC did their homework before publishing.

If Chris Wright is Satoshi, then I’d love to hear his take on Bitcoin being the payment method of choice for illegal activity like ransomeware and money laundering.

UPDATE May 24, 2016: The hoax is on.  Or is it?  Check out how Wright is keeping the story alive.  Lots of room for belief and disbelief.

How Craig Wright Privately ‘Proved’ He Created Bitcoin

 

Three Lessons from the NFL Draft

It should have been a great night for Laremy Tunsil, the offensive lineman from Ole Miss. He was drafted #13 by the Miami Dolphins in the 2016 NFL Draft.

Unfortunately, his Twitter and Instagram accounts where “hacked”.  Looks to me like somebody got access to his iPhone. Three possible lessons from an information security perspective:

  1. Make sure you have a passcode or biometric security on your phone. Nobody should know your code; not your best friend, not your girlfriend, not your kids, maybe your spouse.
  2. Strong, unique passwords and two factor authentication can prevent somebody who discovers one password (like Twitter), from logging into other accounts (like Instagram). Of course this doesn’t matter if a mean person has your unlocked phone.
  3. Never post anything to social media unless you’d be happy to see it on the front page of the NY Daily News.

http://www.nydailynews.com/sports/football/laremy-tunsil-twitter-shows-man-smoking-bong-nfl-draft-article-1.2618248

There are lots of other lessons to be gleaned from this incident. I’ll leave that to the sports writers.  However, I hope the media shines a spotlight on the system and not just a kid who accidentally disclosed the realities of high stakes college athletics.

Two Factor Auth is Necessary

I just read that Facebook employees can login to their internal systems with only a username and password.  See:

http://www.mirror.co.uk/tech/facebook-hacked-security-researcher-stumbles-7829312

Cyber criminals have so many tools that we need an additional layer of protection.  If Facebook can have hackers lurking inside their network for months, what makes you so sure your network is safe?

I’m advising all my clients and companies to enable 2-Factor Authentication on all systems.  This and strong unique passwords gives me piece of mind that a compromise of my username and password does not expose me to cascading risks in other systems.

Free Security Training

I just got an announcement from Heimdahl Security that they are offering a 7 week, FREE information security course for small businesses. Read more about it here:

Just Launched: Cyber Security for Small Business Owners in Partnership with the London Digital Security Centre

I’ve been following these guys for a while and it seems like they are doing a really good job. I don’t use their products, but the information they provide has been useful.

CryptXXX Ransomware – scary stuff

I’m always watching the boards and blogs for news about new security threats. Today, I read about CryptXXX and it is really scary. This ransomeware is transmitted by drive-by-download but look for phishing scams soon.

Here are the highlights: CryptXXX infects your computer, steals information (potentially BitCoins too), and starts doing industrial strength encryption of your local files AND mounted network shares.

Recommendations:

  1. Have backups and don’t keep them mounted all the time. It would suck to have both your machine and the backups encrypted by ransomware.
  2. Keep everything patched. Disable Flash if you can stand it.
  3. Use an ad blocker to prevent infection from Malvertisting.

See more about CryptXXX here:

https://blog.knowbe4.com/scary-new-cryptxxx-ransomware-also-steals-your-bitcoins

 

OSX Mavericks All Systems Go

I upgraded my MacBook Air 2012 last night and everything went smoothly.  I left my Thunderbolt displayed plugged in but didn’t have any ill side effects.

Initial observations using OSX Mavericks:

  • Everything feels a little faster, starting apps, Finder
  • Everything works – exception being the WP editor in v3.6 – no bullets
  • Parallels 9 and Parallels Access is fine
  • RoboForm is still fine
  • PyCharm needed to install Java 6 SE to start
  • Office 2011 (mac) runs fine

Wonder what it would have cost to have Apple do the ACA website rollout?

 

PyCharm Database View and Google Cloud SQL

PyCharm has really improved my developer productivity.  It has great integration with the Google Apps SDK and with a little tweaking, can support multiple Google Cloud SQL database logins.

The tricky part is managing the stored credentials behind the scenes. Seems like the Google SQL Command Line Tool only supports 1 login at a time. If you are like me and do projects for multiple clients, then you need multiple Google Account logins.

What works pretty easily is swapping out the credential file behind the scenes. Take a look here to find where the Command Line Tool is storing it’s credential:

https://developers.google.com/cloud-sql/docs/commandline#revokeaccess

You can setup the Command Line Tool using your first account, then rename the resulting credential File (or Registry Key in Windows. Setup the Command Line Tool again using your next account, then rename the credential file/key to something else.  Now you can swap your active credential by swapping in the right file/key.  Symbolic links work in Mac/Linux, .reg files to set the right key should work in Windows.

Once you have the right Credential in place, tell PyCharm about the Google Command Line Tool .jar database connector file and you are good to go.  Here’s a picture of my setup.

Setup PyCharm with Google Cloud SQL