According to a report from the Washington Post, the United States Department of Homeland Security has issued an order to all civilian agencies in the federal government to identify any software from Kaspersky Lab on their networks. This is in preparation for a potential outright ban on the use of Kaspersky software in those agencies after 90 days.
For some time now there have been rumblings from the US intelligence and private information security communities about Kaspersky’s alleged links to Russian intelligence agencies. Its founder Eugene Kaspersky, in particular, is understood to have a history of association with Russian intelligence.
Last week’s most notable job was the installation of a new HP DesignJet T520 36″ for Prolann. It wasn’t the biggest, most complex, or most challenging job for the week, but it was a throwback to my previous employment where I used to install earlier model HP DesignJets all the time. Most of those were in the 500 series, to which the DesignJet T520 is the successor.
Several years had passed since I had last set up or even seen a new DesignJet, so there was certainly some nostalgia. The new plotters are smaller, easier to load with rolls or sheets, and have a lot of features, like wired and wireless networking, that were expensive options or unavailable altogether in the days of the 500 series.
In keeping with HP’s tradition, the packaging was carefully engineered to allow easy unpacking and assembly, and the smaller size made most of those operations easier than they used to be. We used to have an old stretcher to put the plotter on until the stand was assembled for us to lift it onto; now the plotter is shipped in such a way that the stand can be attached while the plotter remains in the box, upside down, then the whole thing flipped over (still a two person operation) onto its wheels.
The only hiccup I experienced when setting up this plotter was when it refused to obtain an IP address via DHCP. This was no practical impediment since these things are better assigned statically as had been my intention from the beginning, but it was a bit of a head scratcher that induced me to try a couple of different network cables before I shrugged and put in an address manually.
Next to hardware unreliability, passwords are probably the biggest headache to everyone involved with computers. End users have trouble coming up with secure ones and remembering them. System administrators are constantly having to reset them and trying to come up with policies that walk the tightrope between security and ease of use. Programmers have to code login pages and handle automated password changes. Database administrators have to accommodate all sorts of crazy characters and password lengths. A number of programs and services have popped up to provide secure password generation and even password storage, making passwords even easier to forget.
Naked Security has put out an article that discusses a recent study by researchers from Microsoft Research and Princeton University in which a technique called “spaced repetition” permitted the vast majority of subjects to remember a 56-bit, random, secure password. Now, 21% of participants did admit to writing the password down, but there does appear to be some value in this method.
Recently, a type of malware called ransomware has begun to appear more frequently. Its purpose is to effectively take data hostage and demand a ransom in exchange for returning it. CryptoLocker, for example, does this by encrypting all document files on a computer and mapped network drives, then requiring a payment of roughly $300. Upon confirmation that the payment has been received, the decryption key is then sent to the victim. In some cases, of course, the decryption key may not be sent even if payment is made.
Naked Security has an article about the recent appearance of “Koler,” a variation of ransomware that issues a fake “police warning” and demanding payment of a fine, again about $300. This malware does not, however, encrypt data. It is also fairly straightforward to protect against, as the Android setting “Allow installation of apps from unknown sources” must be enabled for it to infect a device.
IT support scams seem to be all the rage with offshore con artists lately. These fraudsters cold call or simply aggressively advertise to pull victims in and make them believe they are dealing with large, reputable companies like Microsoft or HP. Once they have made contact, they persuade users to give them remote access to their computers. Typically, the agent uses Windows’ built-in Event Viewer to display a list of routine errors (inevitable on any PC) and claims they are viruses that need to be expensively removed.
Some of these agents also allegedly look for and steal private information on their victims’ PCs, all while charging a typical rate of around $300 to “clean out the viruses.”
Ars Technica has run a story about an undercover FTC investigation into one such scamming operation, a company in India called PCCare247. The company employed 115 people at one point and pulled in $4 million in revenue in a single year, just in the United States.
This particular group may be out of action now, but many more are still around. I just recently had a victim of one of these scammers bring in a perfectly virus-free PC for cleaning based on the word of one such agent. In particular, the elderly and younger people who are less computer-savvy are vulnerable. It’s also important when searching for technical support from a particular company to ensure that the link you click on is from that company’s real domain, e.g. hp.ca rather than hp-support.pcsupport.com or something along those lines.
The first well-known fake mobile antivirus software was called Virus Shield, and it was placed in the Google Play Store. Since then, the malware has become progressively more sophisticated. Now, it seems to be using the names of legitimate antivirus software companies.
Kaspersky posted an article five days ago about a couple of these malware packages using their name, one on Google Play and the other, unusually, in the Windows Phone Store. Most major antivirus vendors have mobile versions of their software, but the layout and apparent lack of source verification in mobile app stores, coupled with the sometimes complicated named software vendors give to their products, can make it easy to mistakenly install the wrong app. For example, in the Kaspersky example above, the real antivirus software is called “Kaspersky Internet Security for Android,” while the fake apps were given the much simpler names “Kaspersky Mobile” and “Kaspersky Anti-Virus 2014.”
It seems that the only safe way to obtain mobile antivirus apps is by visiting the vendor’s website and locating it there, rather than trusting any mobile app store.
A number of news outlets are reporting that the US and UK governments have issued a warning advising users of Microsoft’s Internet Explorer web browser to stop using it for now due to a major vulnerability.
There are a number of alternative web browsers available, including Mozilla Firefox and Google Chrome. Both of them have mobile versions and the ability to synchronize bookmarks, add-ons, and other data with multiple devices.
Media are linking this to the End of Support for Windows XP but this appears to be unrelated, as Internet Explorer versions 6 through 11 are affected by this vulnerability. Windows XP supports Internet Explorer only up to version 8. This does mean, however, that any fix for the problem will not be applied to Windows XP, so it is best to use an alternate browser until XP systems can be upgraded.
No word yet on how long it will take for a fix to be released for newer versions of Windows.
The much-covered Heartbleed vulnerability in OpenSSL, has been detected, exploited, patched, and fixed on every major website by now, so it’s the perfect time to change your passwords.
Heartbleed is a security bug that created a vulnerability in OpenSSL’s Transport Layer Security (TLS) protocol implementation, specifically that of its heartbeat extension. The defect permitted up to 64 kilobytes of memory on an affected server to be read with each heartbeat. Worse, the timing of the bug’s disclosure was such that many servers could not be fixed in time to prevent the potential for some level of exploitation.
It is therefore prudent to assume that at least one of your passwords may potentially have been compromised by Heartbleed. The most widely recommended course of action is to change all of your passwords on all websites once the patch is applied to them. At this point, all major and nearly all minor sites will have the appropriate fixes in place. So take the time to change and memorize a new set of passwords now, if you haven’t already done so.
Conveniently, there is a handy test you can run on any URL to verify that it is no longer vulnerable to Heartbleed.
Many of you have heard by now that Windows XP is approaching its “End of Support” date, April 8. A few of you have asked how this will affect your current Windows XP installations and how quickly you need to plan upgrades.
First, don’t panic. The End of Support means only that new security updates will no longer be provided by Microsoft through Windows Update. In the short run, therefore, there will be little impact. As time goes on, however, it will become increasingly important to upgrade or, more likely due to the age of current installations, replace Windows XP computers with new ones running Windows 7 or Windows 8. I recommend planning to complete these upgrades/replacements over the course of the next year.
Most of you have only a few Windows XP installations left, so the impact will be fairly minimal and can be folded into the usual PC replacement cycle. In rare cases there may be critical software on an XP machine that cannot be installed on a later version of Windows. In that case, there are still options. For instance, we could take the computer offline and use it without an Internet connection, or transition the software to a virtual machine to isolate it from other workstations. Please feel free to contact me if you would like to go over any of these possibilities.
The popular remote access software LogMeIn Free will be discontinued in favour of LogMeIn’s paid options, according to a release on the company blog.
Existing users are already being migrated to paid services, but a number of alternatives do exist. TeamViewer is very popular, as is VNC (which comes in several flavours, such as RealVNC, TightVNC, and UltraVNC). Microsoft’s built-in Windows Remote Desktop Protocol can be used for those systems, though it requires a little more setup. The Wikipedia page for remote desktop software gives a very thorough list of options.