Superfish vulnerability adware pre-installed on computer systems

Through the years computer manufactures in a bid to provide, “more for less”, tend to package together software with their hardware. This software usually fits fairly well with the PC and is normally quite useful to the new pc owner.

However sometimes this does go wrong, as in the recent events when a company pre-loaded software on to a range of their notebooks, and it was discovered that it was in fact adware.

Adware, can be defined as any software package that as the ability to automatically display unwanted advertisements with the end intention to generate revenue for the owner of the adware software. Advertisement can be displayed anywhere at anytime on the ‘infected’, machine, and is generally quite annoying. Adware, also has the possibility of running in-built functionality this is generally used to allow the adware author to focus advertisements based on your browser history. But basically it can analyse the internet websites you visit with your internet browser.

In this case adware developed by an American advertising company, was found to be a potential security threat for its users as it allowed potential cyberattacks including inception of passwords and sensitive data traversing through the webbrowser. 20th Feb 2015, American Homeland Security has recommended that people using Lenovo notebooks remove this software completely from their machine to avoid potential cyberattacks.

What is quite disturbing here is that the underlying libraries used by this adware is also used with a family security product called KeepMyFamilySecure. During research it turns out that there are many software packages currently known to be effected by this issue.

Vendor Status Date Notified Date Updated

  • Atom Security, Inc Affected 20 Feb 2015 20 Feb 2015
  • KeepMyFamilySecure Affected 19 Feb 2015 20 Feb 2015
  • Komodia Affected 19 Feb 2015 20 Feb 2015
  • Kurupira Affected – 20 Feb 2015
  • Lavasoft Affected 20 Feb 2015 20 Feb 2015
  • Lenovo Affected 19 Feb 2015 20 Feb 2015
  • Qustodio Affected 19 Feb 2015 20 Feb 2015
  • Superfish Affected 19 Feb 2015 20 Feb 2015
  • Websecure Ltd Affected 20 Feb 2015 20 Feb 2015
  • ##How to clean it up

    Somebody has setup a quick check for your browser you can goto Check Superfish.

    Lifehacker has provided a manual way to remove the VisualDiscovery software:

    My recommended, alternative method is to use Emsisoft malware tools

    Or you can of course do the removal manually for the VisualDiscovery software, this doesn’t cover other infections though, so beware that you might not be safe.

    How to scan for and remove Superfish from your computer manually

    If you suspect you have the adware Superfish on your computer, perform a scan with the free Emsisoft Emergency Kit which flags the adware on your computer. To remove Superfish, perform the following steps:

    Press the Windows key + “R” to open the run window.
    Type “certmgr.msc” and hit Enter to open the Windows Certificate Manager.
    Navigate to “Trusted Root Certification Authorities” and its sub-element “Certificates” in the folder tree to the left.
    Check for the certificate entry “Superfish, Inc” on the right side of the window.
    Select it and press the Delete key or right-click and select “Delete”.
    Now, your browser doesn’t trust made-up SSL certificates of that adware anymore and you’re on the safe side.

    Posted in Security | Tagged , , | Leave a comment

    Really cool Cyber threat map

    Having a quick browse around for malware and virus related information I found this map, showing the global cyber threat, as I thought it was real cool I am sharing.. ;)

    Ok this time I have actually added the link so you can see it.. I will get used to wordpress soon. Promise

    http://cybermap.kaspersky.com

    Posted in General | Leave a comment

    vsftp

    From notes november 2010, but hopefully still working ;)

     

    Here you can setup a secure ftp server on Debian.

     

    #apt-get update && apt-get install vsftpd

    #cat /etc/pam.d

    auth required pam_pwdfile.so pwdfile /etc/ftpusers
    account required pam_permit.so

    #htpasswd -d -c /etc/ftpusers testuser1

    #mkdir -p /srv/ftp
    #chown -R ftp /srv/ftp
    #chgrp -R ftp /srv/ftp

     

    #cat /etc/vsftpd.conf

    #seccomp_sandbox=NO

    listen=YES
    anonymous_enable=NO
    local_enable=YES
    virtual_use_local_privs=YES
    write_enable=YES
    secure_chroot_dir=/srv
    pam_service_name=vsftpd
    guest_enable=YES
    user_sub_token=$USER
    local_root=/srv/ftp/$USER

    allow_writeable_chroot=YES
    chroot_local_user=YES
    connect_from_port_20=YES
    hide_ids=YES
    local_umask=022
    guest_username=ftp
    #Logging
    xferlog_enable=YES
    log_ftp_protocol=YES
    setproctitle_enable=YES
    data_connection_timeout=500
    allow_writeable_chroot=YES

    httpaswd -d /etc/ftpusers name_of_user

    cd /srv/ftp
    mkdir name_of_user
    chown -R ftp name_of_user
    chgrp -R ftp name_of_user

     

    Posted in Linux | Tagged | Leave a comment

    Vulnerability in Microsoft software

    So very important this one..

    Basically if your using any windows operating system with VPN or signed into active directory in a public place or travelling in hotels and such there could be somebody in the middle looking at your data!

    This kinda pretty much covers most business and business traveler.

    Make sure you update you Servers and desktops

    https://technet.microsoft.com/library/security/MS15-011

    Posted in General | Leave a comment

    Using an encrypted usb key for gpg and ssh keys

    This is one form the archives but probably still useful to somebody..

    Ok this is the way I store my gpg and ssh keys on an encrypted usb stick, this is really only relavant to linux users using laptops however there is an element of geek factor so ill
    go ahead and explain how its done..

    first we need to find the model of stick you are using insert and use dmesg to find the details:

    You should see something like this in this case I have used 1 large partion you can use many partitions but what what you are interested in is the sdc: sdc1 information the Model and the distributer in this case Distributer = Kingston Model = DataTraveller

    Next create a file in /etc/udev/rules.d called 60-udev.rules :

    in this I am saying that my usbstick will get mounted as /dev/mydev/usbstick each time it is put in the computer.

    Now, I will create a LUKS partition on the ZIP disk. As root I run:

    Next you need to set up a directory you want to mount the stick as in my case /data2/private

    To make it easier I have two scripts one to mount and one to unmount the stick but first we need to put a filesystem on the stick. First mount the virtual file area

    So now we need to mount it..

    and of course unmount it

    So we now have an encrypted usbstick with a filesystem. All we do now in move your ~/.gnupg and ~/.ssh directories

    to the filearea and link them from your home directory

    Posted in General | Leave a comment

    speedtest

    Every now and then is is handy to check the speed of an internet connection.

    There a lots of websites around the internet that allow you to do this but each has their issues here is a handy script I found on the internet that does just that

    its a python script so fairly portable, it will work on linux and MacOSX.

    Basically copy this script to your cli run it and wait ..:0

    # vim:ts=4:sw=4:expandtab</pre>

    Posted in Sysadmin | Leave a comment

    How I replicate my Bash enviroment circa 2008

    Being a linux guy at heart, I normally use the bash environment, each time I logged in to a different server I needed to setup a completely new environment for bash. here is my original from 2008 ;)

    At the top of your .bashrc script add this:

    Each time you change something make sure you change the version and the date..

    in your ~/bin directory create a bash script called profileupdate

    $ cat profileupdate

    Next create a file in ~/etc called accounts The format of this file is @

    You need to make sure that you have added you ssh key to all of these accounts

    $ ssh-copy-id @

    You will have to give your password

    make sure you can login with no password issue ssh @ you should login with your key only.

    If this is a success then you are almost there.

    run ~/bin/profileupdate

    quantrill@pa2sq:~/bin

    $ ./profileupdate

    ** quantrill@servername1 **
    ssh: connect to host servername1 port 22: No route to host
    Failed to create authorized_keys2 file on quantrill@servername1!

    ** quantrill@servername2 **
    desert256.vim 100% 10KB 10.2KB/s 00:00
    .vimrc 100% 23KB 23.4KB/s 00:00
    .bashrc 100% 2984 2.9KB/s 00:00

    here servername1 failed check ssh keys and if you can connect
    servername2 was a success.

    Posted in Sysadmin | Tagged | Leave a comment

    Linux under subversion control

    Below is the procedure to put linux machines under subversion control

    First on the subversion server create a directory

    All the work now is done on the workstation or server you wish to have under subversion control

    First import the initial repository contents

    Next checkout a copy from the subversion server, makesure you use a different name for the working-directory (simons-test-etc)

    Now move and copy to allow the subversion controlled directory to become the primary directory on the machine

    Check its under svn control

    Make sure you can still use sudo!

    Thats it the machine is now under subversion control any changes in the configuration can be tracked, this is the method/process however I am working on a centralised way in which we can track configuration changes.

    Posted in Linux, Sysadmin | Leave a comment

    Cross compiling aprx for 32bit from 64bit host

    I run aprx I-Gate for RF feed to aprs.is to support the local area network.

    I develop on a 64 bit version of debian (Testing) but run the node on a 32bit version of stable. Here is my setup and package requirement

    On the stable system you need to add the testing repo to the sources list

    And install glib for the version on testing. This is to allow the cross compiled version to run without updating the host node to testing

    On the 64 bit machine you need to supply 32bit compile flag to the autoconf tool

    then its just a case of copying over the compiled binary to the host

    restart the node and you now have the running version without the need to compile on a machine with low resources.

    Posted in Ham Radio, Linux | Leave a comment
    • about.me

      Simon Quantrill

      Simon Quantrill

      Staying on top of IT

      I am a seasoned Information Technologist, I am an expert in putting Infrastructure and Technology with Open Source, tools & projects strategically and securely to work within the business model and financial confines of modern day enterprise.

      As IT Operational manager, I have created a state of the art computing centres for multi site businesses

      More recently to provide an enviroment for Metocean consultancy, Weather Forecasting, Search and Rescue Services and Vessel Response Consultancy to the Oil and Gas industry.

      I pride my self on being able to work under pressure and keep to committed project timelines in whatever is thrown at me. My strengths really show through when in the the middle of a ‘good challenge’.

      I am an avid user of Debian Linux and know my way around most open source product e.g. postfix, bind, mysql, postgrl, apache wordpress etc etc. I have a background in Electronic and Computer Engineering starting my career tinkering with the subsea electronics on R.O.V systems. I moved fairly quickly into IT starting with Networking, Security and intergration. I have always taken on challanging projects and have enjoyed find out how things work, and of course helping others understand.

    • Subscribe to my blog using email:

      Enter your email address:

      Delivered by FeedBurner