Sextortion your child could be next take action

19 December 2014 the BBC http://www.bbc.com/news/technology-30494566 reports on an unfortunate incident where a teenager takes his own life by jumping off a bridge. He had been blackmailed on the internet apparently by a group from the Philippines.
The teenager was tricked into a Skype conversation believing he was talking to a girl his own age, and was tricked into sharing intimate photos, he was then blackmailed. The situation worsened and he ended up committing suicide.

1 gang leader in the Philippines running these types of blackmail operations made 2.3 Million in only 10 months so it is really big business especially for the poorer countries like the Philippines.

It has been reported that there is an explosion in Sextortion on the internet aimed at children http://www.itproportal.com/2015/03/30/sextortion-growing-epidemic-expert-warns/ It has been reported by a research company that the target groups are between 12 and 15 with 14 year old children being the most exploited age group.

With the rise of social media and internet access it is all to easy for children to fall foul of this problem. It starts with an innocent message via email or social media, it then begins with chit chat and then quickly escalates to the sextortionist sending a photo of the opposite sex and asking for one in return. The ultimate aim being to get a photo of a naked child that can be used as blackmail and then attempt to extort money from the child by threatening to expose the photo to friends and family via socail media like facebook.
This unfortunately is not normally an idle threat and it will go ahead. It is all to easy by way of modern technology to be done in a flash at relatively no effort on the sextortionist part.

As you are probably aware by posting a photo to your Facebook page your contacts including your family and friends will get to see this content in seconds.

Therefore it is all important that Kids must think before they click, follow these 5 basic rules to improve saftey online make your kids aware of them.

1. Never share pictures of yourself online that you would not want to be seen by your family, teachers or a total stranger

  1. 2. Set your user profile to private so only real friends get access.
  2. 3. Only chat with friends never a stranger
  3. 4. Never share personal information online like your full name, school, address or phone number
  4. 5. Never meet up with anyone you met online
  5. 6. Report suspected abuse to parent teachers or police

For parents it is important to keep an eye out for changes in your child’s patten for example strange gifts being received through the mail, calls being made to unknown numbers, minimising the computer screen or turning off the monitor when you come in to the room and spending lots of time online alone.

But more important of all talk to your children about the problem so they are made aware of the threat, keeping the communication line open with your kids amy avert a series problem should it start ever escalating..

Sextortion Q&A by interpol is a useful read to make you aware File : Sextortion – Questions and Answers – Interpol.

Home networks not safe

Infosec
Reports this morning that Trend Micro have discovered a Malware strain that can scan your home network by attaching itself to your router then deleting itself..

TROJ_VICEPASS attempts to trick you to install using the disguises itself as an update to flash. The research from trend tells us that it can attach itself to your router by scanning a predefined ip address range 192.168.[0.6].0 – 192.168.[0.6].11 This is generally the default ranges for most home internet routers(modems).

It trys all the default logins to the router and a few others to forces its way onto your router.

Best advice is change the admin username to something other than default, change your password to something other than the default and something not easy to guess. Update all your malware and virus programs and update your Operating systems.

Ill assume this is only a windows problem as the file is a .exe file only runnable on windows OS.

Modifications for LDAP authentication debian and ubuntu

This is an older tip for setting up ldap authentication, as many of mu posts are just my notes from the past it might now be dated. However feel free to try it for yourself ;)

NB: in Configuring libnss-ldap enter

ldap://
click ok

Distinguished name of search base is dc=server,dc=nl
Choose Ldap version 3
For LDAP Account root add cn=admin,dc=server,dc=nl
type in the root password
Check ldap with

NB: you can use dpkg-reconfigure ldap-auth-config to change things

New working configuration for the newest versions of ubuntu
# cat nsswitch.conf

From the Pam auth menu choose unix ldap options only

Add at the top of /etc/pam.d/common.auth

session required pam_mkhomedir.so umask=0022

reboot..

For Debian or older than 9.10 versions of Ubuntu

For older versions we have to stick with the manual configuration option

# cat /etc/pam.d/common-account
#

# cat /etc/pam.d/common-password
#

# cat /etc/pam.d/common-session
#

# UBUNTU: cat /etc/ldap.conf
# OR
# DEBIAN4: cat /etc/pam_ldap.conf
# OR
# RedHat: cat /etc/ldap/ldap.conf
#

# cat nsswitch.conf

NB: With lenny you have to modify /etc/libnss-ldap.conf

bind_policy soft

Save your business thousands of dollars

According to Kaspersky 35% of the worlds businesses do not encrypt data on their computers.

What happens if you lose a laptop or a usb key with important business data on.

In 2007, was fined £980,000, for having their own laptop stolen from an employees house that happened to have un-encrypted details of clients!

A local council was fined £150,000 for lose of data on un-encrypted laptops

According to exacttrak the british government has paid out millions in fines.

All over loss or breach of data.

So this is not a light issue it is a serious problem, one that can be solved fairly easy, by encrypting the data on the laptop disk or the usb key.

Apple mac computers make it easy to encrypt to usb or disk, the system allows you to create a secure partition on disk or usb stick and anything written is not viewable by anybody else.

IN the past a lot of people used truecrypt on many Operating systems to give them secure data, unfortunately this stopped developement a year or two back and left a void of good public encryption software, and although the software is still available from truecrypt its unclear to the position and safety of the product. However there is the ciphershed project that are hopefully bring back truecrypt all modernised and updated well worth keeping an eye on that one.

And an apart project brings another view on truecrypt veracrypt

There are of course proprietary and commercial solutions from the likes of symantec but the open source version makes it almost not possible to not encrypt data.

Cybercrime focuses on small businesses, keep safe

Modern hackers generally try to exploit and attack computer systems that are not updated or patched, this does not count the thousands of script-kiddies that run the scripts created by the developer-hackers or the attacks reported to come from funded organisations be that crime organisations or government organisations.

In the past hackers where through to only concentrate on the big business, most will probably remember what happened when sony was attacked! and more recent the issue with lenovo and smart fish incident. These big hacks are making big news and highlights security issues and cybercrime to the general public. Most of the big companies employee staff to watch their network and to react to a security threat, some dont take it as serious and these tend to be the organisations that get hit.

However, there is a reported trend for hacking focus to shift to smaller companies.

Standard Virus protection these days runs out to about 20-100 euros depending on supplier and brand. Unfortunalty, security researchers have claimed that AntiVirus protection alone in some cases is only roughly 20% effective at protecting a computer from modern day hacking methods.

Security can be a huge investment for anybody to do correctly and safely, many smaller companies do not have the resources to secure themselves and their business from these types of attacks and makes them easy prey. Its bad enough if you have your website attached and defamed what if your an online merchant https://www.pcisecuritystandards.org/smb/ shows a list of things that a small business should be aware of its a mine field.

Symantec, said in 2012 that small business attacks were up by 30%, and mobile attacks where up 58% and these figure continues to grow day by day.

Security specialists claim that the highest percentage of discovered attacks are via web browsing activities and email. In fact these two tools are the mainstay for most businesses and if they are not protected you are really asking for trouble.

The basics of security for any small company is fairly simple first make sure you have a firewall in place and configured correctly to block all incoming traffic except to public services, it is generally my preferred way to block all outgoing ports except the ones you need open as well to block Denial of service attacks.

It is imperative that you have a modern continually updated virus protection solution for all computers connected to your network, even if you are using linux or Mac its best not to skimp here. Second is a well known malware detection and removal product also dont skimp here, most malware is in fact just annoying like in adware and such causing pop ups and the like some are not however and can lead to major problems remember lenovo, this is the worst kind confidential data leaking to the public domain…..
The next line of defence is web filtering, not so you can monitor your staff but that the websites know to host hacking software are blocked before you lose valuable data.

Once all this basic system is running you must keep on top of it updating the software regularly and checking the logs daily to make sure nothing goes un-noticed!. Go out and employee somebody to do this or get a reliable managed services provider that can take care of this.

If you go for an onsite employee, figure roughly anything between 45,000 – 110,000 euros per year for a IT Security expert in house. Add to this about 80-150 euros for the anti virus and malware software for each PC and server on your network. Web-filtering/Email spam filtering can be done on site but normally this is provided by a third party cloud supplier this is going to be in the region of 15 to 20 euros per user protected

And if you have done this you can feel reasonably safe performing your day to day work.

The other option is a managed service provider for a monthly fee will take care of all of this for you and provide you a daily/weekly/monthly report of the status of your network and PCs without the need to pay fixed staff costs.

Good luck and stay safe..

Superfish vulnerability adware pre-installed on computer systems

Through the years computer manufactures in a bid to provide, “more for less”, tend to package together software with their hardware. This software usually fits fairly well with the PC and is normally quite useful to the new pc owner.

However sometimes this does go wrong, as in the recent events when a company pre-loaded software on to a range of their notebooks, and it was discovered that it was in fact adware.

Adware, can be defined as any software package that as the ability to automatically display unwanted advertisements with the end intention to generate revenue for the owner of the adware software. Advertisement can be displayed anywhere at anytime on the ‘infected’, machine, and is generally quite annoying. Adware, also has the possibility of running in-built functionality this is generally used to allow the adware author to focus advertisements based on your browser history. But basically it can analyse the internet websites you visit with your internet browser.

In this case adware developed by an American advertising company, was found to be a potential security threat for its users as it allowed potential cyberattacks including inception of passwords and sensitive data traversing through the webbrowser. 20th Feb 2015, American Homeland Security has recommended that people using Lenovo notebooks remove this software completely from their machine to avoid potential cyberattacks.

What is quite disturbing here is that the underlying libraries used by this adware is also used with a family security product called KeepMyFamilySecure. During research it turns out that there are many software packages currently known to be effected by this issue.

Vendor Status Date Notified Date Updated

  • Atom Security, Inc Affected 20 Feb 2015 20 Feb 2015
  • KeepMyFamilySecure Affected 19 Feb 2015 20 Feb 2015
  • Komodia Affected 19 Feb 2015 20 Feb 2015
  • Kurupira Affected – 20 Feb 2015
  • Lavasoft Affected 20 Feb 2015 20 Feb 2015
  • Lenovo Affected 19 Feb 2015 20 Feb 2015
  • Qustodio Affected 19 Feb 2015 20 Feb 2015
  • Superfish Affected 19 Feb 2015 20 Feb 2015
  • Websecure Ltd Affected 20 Feb 2015 20 Feb 2015
  • ##How to clean it up

    Somebody has setup a quick check for your browser you can goto Check Superfish.

    Lifehacker has provided a manual way to remove the VisualDiscovery software:

    My recommended, alternative method is to use Emsisoft malware tools

    Or you can of course do the removal manually for the VisualDiscovery software, this doesn’t cover other infections though, so beware that you might not be safe.

    How to scan for and remove Superfish from your computer manually

    If you suspect you have the adware Superfish on your computer, perform a scan with the free Emsisoft Emergency Kit which flags the adware on your computer. To remove Superfish, perform the following steps:

    Press the Windows key + “R” to open the run window.
    Type “certmgr.msc” and hit Enter to open the Windows Certificate Manager.
    Navigate to “Trusted Root Certification Authorities” and its sub-element “Certificates” in the folder tree to the left.
    Check for the certificate entry “Superfish, Inc” on the right side of the window.
    Select it and press the Delete key or right-click and select “Delete”.
    Now, your browser doesn’t trust made-up SSL certificates of that adware anymore and you’re on the safe side.

    vsftp

    From notes november 2010, but hopefully still working ;)

     

    Here you can setup a secure ftp server on Debian.

     

    #apt-get update && apt-get install vsftpd

    #cat /etc/pam.d

    auth required pam_pwdfile.so pwdfile /etc/ftpusers
    account required pam_permit.so

    #htpasswd -d -c /etc/ftpusers testuser1

    #mkdir -p /srv/ftp
    #chown -R ftp /srv/ftp
    #chgrp -R ftp /srv/ftp

     

    #cat /etc/vsftpd.conf

    #seccomp_sandbox=NO

    listen=YES
    anonymous_enable=NO
    local_enable=YES
    virtual_use_local_privs=YES
    write_enable=YES
    secure_chroot_dir=/srv
    pam_service_name=vsftpd
    guest_enable=YES
    user_sub_token=$USER
    local_root=/srv/ftp/$USER

    allow_writeable_chroot=YES
    chroot_local_user=YES
    connect_from_port_20=YES
    hide_ids=YES
    local_umask=022
    guest_username=ftp
    #Logging
    xferlog_enable=YES
    log_ftp_protocol=YES
    setproctitle_enable=YES
    data_connection_timeout=500
    allow_writeable_chroot=YES

    httpaswd -d /etc/ftpusers name_of_user

    cd /srv/ftp
    mkdir name_of_user
    chown -R ftp name_of_user
    chgrp -R ftp name_of_user

     

    Vulnerability in Microsoft software

    So very important this one..

    Basically if your using any windows operating system with VPN or signed into active directory in a public place or travelling in hotels and such there could be somebody in the middle looking at your data!

    This kinda pretty much covers most business and business traveler.

    Make sure you update you Servers and desktops

    https://technet.microsoft.com/library/security/MS15-011