I just met with the team at TKIowa and am thoroughly impressed with the array of right sized technical staffing and solutions they offer. I’ve been in the Iowa City area offering technical services for over 30 years, and in all that time haven’t seen such a comprehensive and organized shop. Although TKIowa is a relative newcomer it’s to their advantage because they have avoided the extra baggage of legacy technologies and overhead.
As a web designer, I’m always interested to see what the competition is doing. I know of a few really nice web design teams in the Iowa City area and surrounding communities. Today I added TKIowa to that list. The principal of the business, Mo, showed me a few of their recently completed sites and the work is really exceptional.
It’s not enough to simply have a responsive or mobilized site these days. You want design and interactivity that are attractive, engaging, and result in desired outcomes — be that donations, sales, new members, subscribers, followers, or whatever your goal is. The team at TKIowa builds simple, elegant, effective sites that produce results. I’d highly recommend considering them for a site renovation.
What really impressed me from my visit was possibly the most important aspect of it all, and that is the natural talent Mo has to create a vibrant productive workplace with the essential tools needed for his team. He’s clearly someone who has a natural entrepreneurial gift and talent for managing a successful business. Some business leaders have an open door policy. Mo simply tears down all the doors, and creates an open transparent team-focused workplace. [Learn More…]
The latest wave of fake user accounts on Facebook are more difficult to identify just through the friend request itself. The fake users are conducting social engineering campaigns by creating profiles in a certain city, and then trying to friend people in that city. They may also put other information in their About page that makes it more likely for people to trust them, such as having attended a local school or recently visited a local coffee shop. Here are signs of a fake profile:
Their profile has only a few posts on the timeline.
There are spammy advertising-like posts on their timeline.
Their About page has very little information.
They claim to work for Facebook on their About page.
Although you supposedly have friends in common, you’ve never heard of the person.
The person has only a few profile pics.
The profile pics are suggestive.
The person has multiple profile pics, but of different people.
Their Facebook friends have unusual or seemingly fake names.
And #10, the most common: You’re a middle-aged man and the person you’ve never met who wants to friend you is an attractive girl in her 20s or 30s… and, the friends you have in common are all of your other middle-aged male friends, but no women (since they knew it was a scam and didn’t accept the Friend request in the first place).
What You Can Do
Fake users may ask to be friends with you on Facebook. Even if you have friends in common, be careful not to friend anyone until you’ve spent at least a few minutes checking their profile. You may want to send the person a message and ask them why they were wanting to connect. If you identify a fake account, click the three dots menu icon and select Report to report the user account as shown below. By spending a few minutes, you can protect hundreds of social media friends and contacts.
Why People Create Fake Facebook Accounts
To build fake personas on Facebook which can be sold on the black market for big money.
To buy or use fake personas on Facebook to sell or promote things.
Once trust or acceptance is garnered, they use the profiles to post links to malicious websites that will infect people’s computers and/or steal passwords.
To launch social engineering campaigns via Facebook asking friends to ‘answer these ten questions about yourself’ — in order to gather personal information about people for the purpose of identity theft or hacking into people’s accounts.
A government computer security news alert issued on 22 October 2015 offered this simple advice:
“Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.”
There are a lot of countermeasures to prevent or reduce the impact of malware, hackers, and viruses. Yet, none are as simple and sophisticated as creating and using a standard user account.
Configuration
Here’s how to configure a standard user account.
In Control Panel (for Windows) or System Preferences (for Apple), go to Users.
Create a new administrative-level user account. You’ll need to make sure you’re giving this new account administrative rights. The account should have a password as well — one that you won’t forget.
Create a new visitor account with limited access (standard user) for any friends and family who might be using your computer.
Login to the new administrative-level account.
Go to Control Panel > Users.
Set your original user account to be configured as a Standard account.
Logout
Login to your personal account.
Usage
On a day-to-day basis, use your newly configured personal account with limited rights. That way any virus or hacker who has access to your account can’t perform any administrative tasks.
Once a week, or as frequently as seems necessary, login to the administrative account and perform all updates.
Caution
For some versions of Windows, a new user account is created with standard rights by default. So for an administrative account you’ll need to specifically go in and set the rights to administrator. You need to be careful not to end up with no administrative account left on the computer. If that happens, it becomes unusable (at least not updatable).
Be careful to only perform updates and software installation in the administrative account. Don’t install questionable software or visit any unusual websites.
The Bitdefender suite of antivirus and computer security programs recently received the rating of best product in class for Consumer Reports as well as a number one rating from other software reviewers such as articles in PC Magazine and PC World. Those using the product will enjoy its speed and simplicity. However, there are some errors and problems you’ll likely encounter when using their product and website.
Update: 7 October 2015
We received a nice response from a representative at Bitdefender regarding the concerns we’ve identified below. Hopefully we’ll see some fixes soon. Here’s their response:
7 October 2015
We apologize for any negative experience you have encountered with our products or our support. Your feedback is appreciated, and will be directed to the appropriate team for review, to enable us to improve our support and services.
If you wish to give us another chance, we would be more than happy to assist you and we will strive to provide you with the best support possible. We value all our customers thus you have all our attention if you have any other questions or need additional help.
Thank you for taking the time Greg, and please do not hesitate to contact us if you need further details from us.
Have a nice day!
Best regards,
Ionut Tacu
Bitdefender Support Team
Update: 25 September 2015
We finally received a reply from Bitdefender regarding some of our questions. Apparently the Bitdefender Central and MyBitdefender are two separate portals that do similar things. It’s possible to register with both portals. The other questions on this page remain unanswered. One of our questions was with regard to earning commissions on referrals. We did get an answer to that. So, we’re now an official Bitdefender partner and reseller, which provides some additional motivation to see that the company gets these issues resolved. However, after signing up as an affiliate, the submission confirmation page indicated that we’d receive an email with login information. That never arrived. We’re still waiting for answers to the other questions below.
Your Account Needs to be Activated Error
When you login to the My Bitdefender portal, you’ll likely see a notification stating, “Your account needs to be activated. Click here to receive an email with the activation link.” Most of the time, clicking where indicated doesn’t generate an email. If you ever get an email with an activation link, clicking the activation link never works to activate your account so the notification never goes away. Below is an example of the notification.
License Transfer Issues
Within the 2015 version of Bitdefender, when you click on the ‘days left’ link, you’d have an option to deactivate a license on a computer that you planned to discard, sell, or give away. However, as of the 2016 version, this is no longer an option. So, a crashed computer or system that you otherwise don’t have access to any longer will result in you losing one of the license installs that you paid for.
The screen shots below show how you can unregister with the 2015 version.
Click on the ‘days left’ link in the lower left shown here.
Then click on the Unregister button shown below.
The Unregister option has been removed from Bitdefender Total Security 2016. Whenever companies remove useful features, consumers generally complain and are frustrated.
Problems Installing Legitimate Programs
As of 11 October 2015, when on an Apple computer with Bitdefender 2016, an attempt to install Skype would not work. When copying the Skype program to Applications as instructed by the Skype installation, the progress bar would remain stuck at 0% complete. No indication was provided to suggest that Bitdefender was blocking the copy/install process. However, when Bitdefender Autopilot was turned off, Skype instantly copied to the Applications folder successfully.
Subscription Days Remaining Error
The screenshot below is from a Bitdefender installation on an Apple computer that has 266 days remaining in the subscription. However, in the lower right corner it’s reported that there are zero days left in the subscription. Some people might think they need to purchase a new subscription, so they will click on the Buy button and mistakenly purchase another subscription.
Bitdefender Central, as shown below, confirms that there are 266 days remaining for the above installation. Bitdefender Central maintains a real-time connection with the Bitdefender client software installed on the computer, so if there were any issues, they should showup in the Bitdefender Central display.
Support Request Page Failure
If you attempt to submit a support request ticket on the Bitdefender contact page you’ll likely be frustrated by the fact that their submit button doesn’t work. The Java code fails. This can be a problem for those wanting support. We’ve tested this on Windows and Apple computers running multiple operating system variations and using different browsers. With some browsers the CAPTCHA authentication works, and a photo-based quiz shows up to confirm you’re not a robot, but on others the CAPTCHA doesn’t work. Even when the CAPTCHA works, the Submit button still doesn’t work. This may happen after you’ve submitted one request successfully and a second request isn’t permitted. However, no message indicates why the submit isn’t working.
Affiliate, Reseller, Partner Program
Bitdefender has an affiliate / reseller / partner program. When you’re approved, you have access to a partner portal. However, the software available through the portal is last year’s software, and there doesn’t seem to be an easy way to generate simple advertisements and links (as with other affiliate programs). On October 5, an email sent to partnerprogram@bitdefender.com received an out-of-office auto reply stating, “Thank you for your message, please note that I will be out of office until 12th October. I will have limited access to my emails and they will not be forwarded.” So, apparently the one person in charge of the partner program is on vacation.
Update: It seems that Bitdefender has a partner program for support and separate affiliate programs for those wanting commissions on sales. At least of the affiliate networks is OneNetworkDirect.com where you can signup and then get advertising links to Bitdefender and other programs.
Password Reset Emails Never Received
If you attempt to login to one of the portals such as central.bitdefender.com and click the reset password link, you’ll be told that an email is going to be sent, but it never gets sent. This was documented on 22 September 2015.
Missing Operating Systems
Some of the glaring errors and oversights with the Bitdefender website make one a bit concerned about whether or not they have sufficient staffing. For example, on the contact page, the dropdown lists of operating systems are about a year old with Apple at 10.9 and Windows at version 8.1 the latest operating systems are missing. This is something that most companies would update as soon as they become available. Below is a screenshot of the operating system dropdown menu.
404 Error – Page Not Found
After uninstalling Bitdefender Total Security 2016 in Windows, your browser will launch attempting to take you to a landing page with an uninstall survey for those who’ve uninstalled. However, the landing page isn’t there, so you’ll get an error similar to the one below. Click the image for a larger view.
My Bitdefender or Bitdefender Central Confusion
It’s not clear whether or not a person should be using the My Bitdefender web portal or the Bitdefender Central web portal to manage their account. The Login button on the Bitdefedner.com website currently takes users to Bitdefender Central. However, if you had previously paid for a subscription, it won’t automatically show up there. You’ll be asked to provide a previously purchased license number, but you won’t find any in order confirmation emails or invoices from Bitdefender. The only way to activate the Bitdefender Central portal is to install a copy of Bitdefender on a computer and use your account email and password already on file for the My Bitdefender account.
Bitdefender Central is very simplistic compared to the My Bitdefender dashboard. While the My Bitdefender dashboard gives you the option to remove a licensed computer, the Bitdefender Central portal does not have such a feature. So, old computers you’re disposing of will count against your license and (until they get this fixed) you’ll never get those licenses back. They become non-transferable.
Below are some screen shots for comparison. Click any image for a larger view.
Based on the highest number of targeted operations discovered by FireEye threat prevention platforms in 2013, the top ten industry vertical targets are listed below. Each of these verticals possesses substantial intellectual property value, and often plays an important role in national security affairs.
Education: universities are home to cutting-edge research and emerging technology patents; unfortunately, their networks are large and porous.
Financial Services: most financial transactions today are conducted via the Internet, whether between people, businesses, or governments.
High-Tech: some hardware and software are used by millions of people; they can offer attackers an exponential return on investment.
Government: these bodies organize nations, determinepolicy,enforcelaw,andmanage national security affairs.
Services/Consulting: large companies often have long supply chains and large contractor bases; at the political level, this includes think tanks.
Energy/Utilities: in physics, energy is required for any kind of “work,” including starting engines, turning on city lights, or launching a missile.
Chemicals/Manufacturing: chemistry is the study of matter, and bridges all of the natural sciences, including their relationship to energy.
Telecom (Internet, Phone & Cable): this category encompasses all long-distance communications, by electrical signals or electromagnetic waves.
Healthcare/Pharmaceuticals: this category encompasses the development of medications and the provision of medical care.
Aerospace/Defense/Airlines: this category includes the development of spacecraft with myriad commercial and military applications.
Computers are increasingly used to store financial data, healthcare information, and the keys to our personal identity. When files are placed in the recycle bin, and the recycle bin is emptied, those files can still be easily recovered. This is good news if you need to restore a file that was mistakenly deleted. It’s bad news if you donate or discard your computer and someone else recovers files you thought were long gone. It’s not sufficient to just format a hard drive or perform a complete system restoration. There will still be files left on the drive that could be recovered.
Hard Drive Erasing Cost
We provide drive erasing services at a cost of $70 per computer/drive, assuming the drive is installed in a desktop or laptop computer. If you have a drive that’s already removed from a computer, the cost is $50 per drive. We offer a quantity discounts for additional drives.
We set aside about an hour for the following:
Reserve a time slot for the computer drop off, or provide pickup of the computer.
Remove the drive from the computer.
Install drive in docking station.
Perform erase procedure. This can take several hours depending on the speed and storage capacity of the drive.
Confirm the drive has been securely erased by attempting file recovery using advanced data recovery processes.
Install the drive in the computer.
Reserve a time slot for pickup of the computer. Or, provide delivery of the computer.
Do It Yourself
We provide the list of tools and instructions below for those wanting to perform drive erasing on their own.
What You’ll Need
Here’s the list of what you’ll need for erasing a drive.
Computer Tool Kit ($20) – You’ll need the necessary tools to remove the drive from the computer. Depending on the computer, a basic computer tool kit should be sufficient, although some require advanced tips. Additional speciality tool kits are listed at the bottom of this page.
Drive Docking Station ($40) – You’ll need to connect the bare drive to a working computer. A drive docking station is an easy way to do this. The Sabrent external drive bay works well.
Erasing Software (Free – $40) – There are many utilities available for securely erasing a drive, such as Eraser Secure Data Removal Tool by Heidi Software. See below for a more comprehensive list. If you’re using an Apple computer, drive sanitizing is built-in and available under the Disk Utility when erasing (click the Security Options button).
Available Computer ($200) – You’ll need a computer available for the task of erasing drives. While the task could run in the background of a computer you use regularly, it’s best to have a dedicated computer to ensure nothing interferes with the process. It takes a long time to securely erase drives, so whatever computer you choose will be running, and shouldn’t be restarted, until the process is complete. If you use a laptop computer for the task, you’ll have the benefit of the internal battery to keep the process going in the event of a power outage. However, some laptop computers aren’t designed to operate continuously for extended periods of time. So, a desktop computer is probably a better choice. If you use a desktop computer for the task, you’ll want to have a backup power supply listed below.
Backup Power Supply ($100 – $220) – An uninterruptible power supply (UPS) provides a constant source of power for the erasing procedure. A good unit might cost $100 to $200 for a high quality pure sinewave UPS system.
Hard Drive Erasing System ($300 – $400) – As an alternative to items 2, 3, and 4 above, you might consider purchasing a hard drive erasing system. The StarTech 4-bay system is a good choice. Others are also available.
Drive Erasing Instructions
These are the steps for securely erasing a computer hard drive.
Remove the drive from the computer.
Install drive in docking station.
Perform erase procedure. This can take several hours depending on the speed and storage capacity of the drive.
Confirm the drive has been securely erased by attempting file recovery using advanced data recovery processes.
Install the drive in the computer.
Additional Specialty Tools
Here are some useful tool kits for this and other projects. Some computers, like Apple laptop computers, require special drivers.
Here are some possible, but not ideal, alternatives for data sanitizing.
Get a free software program to erase unused drive space. However, there may still be existing files or settings that aren’t removed.
Physically destroy, smash, or drill through the drive. This method isn’t ‘green’ since the drive isn’t usable again, and parts that might be properly repurposed or recycled may get damaged.
With the past few days, there have been multiple coordinated attacks on our national technology infrastructure. According to a report by the Washington Post, “FBI officials believe the attacks required expertise.”
A report in USA Today states: “Repeated and successful attacks on fiber-optic cables in California have security experts warning the Internet’s physical infrastructure is ‘basically unsecured’ and vulnerable to both casual and determined attackers.”
The map below, provided by 9 News, shows numerous Comcast outages across the nation.
Today, New York Stock Exchange was taken offline, the Wall Street Journal website was taken down, and United Airlines was shut down with flights grounded from coast to coast.
One would hope that it took a sophisticated army of cyber criminals to bring down United Airlines. Yet, United Airlines claims that the nation-wide outage was due to a router failure. If we are to believe them, it’s more troubling is to think that a single point of failure, of a single component, caused a major airline to shut down.
If our infrastructure is so shoddy and fragile that it fails without any human intervention, what would happen if people tried to take it down?
The same can be said for the New York Stock Exchange and the Wall Street Journal website. It would be more comforting to know that those outages were part of a coordinated attack.
Given the rise in high-profile attacks, it would be wise for everyone to increase their own security efforts for personal and business computing.
You may think that you’re a much less important target for hackers than an air traffic controller, bank president, or nuclear power plant worker. However, any hacked account or computer is typically only a few relationships removed from a high level target. It’s estimated that we’re all about six degrees of separation from anyone else. Which means that every target is equally important to a hacker. Additionally, hackers work on building aggregate networks of hijacked computers for launching attacks on critical infrastructure.
Here are some resources for proactive security measures you can take:
Account Security. Be sure your accounts are setup with complex passwords and two-step authentication. Read our document on Email Safety and Online Account Security.
Data Redundancy. Make sure your critical data is in three places: local hard drive, backup hard drive, and cloud storage. Make sure you have a regular backup plan and don’t leave your backup drives connected to any computer since new viruses attack files on all attached drives. Be sure to have more than just a backup of your current files. Keep backup of your file versions in the event that current files become corrupted and then overwrite your only backup.
Computer Security. Use a high quality paid subscription antivirus and security program such as Bitdefender or Kaspersky.
Credit Card Security. A debit card that pulls directly from your bank account, can leave you with no money in the bank if it’s stolen. That can result in bounced checks and other fees. However a credit card creates a firewall between you and thieves. If your card is stolen, you can report it and have it cancelled.
Consider having several credit cards so you can use one for online transactions and higher risk purchasing while traveling. Use one for regular monthly bills. It’s less likely to get stolen if it’s only used for a few recurring monthly bills. That way, if a more exposed travel/high-risk card is stolen. You simply need to cancel it, but won’t need to contact a dozen merchants to provide them with a new number.
For an extra measure of security, consider purchasing no-fee American Express Prepaid Reloadable credit card for online purchases. In this way, you won’t need to give out your primary credit card numbers. You can use these cards for one time payments, or refill them for ongoing use.
Financial Security. Use a service like Equifax to monitor your credit activity.
Identity Security. Use a service like LifeLock to secure your personal identity.
Password Safety. Consider using a password manager like 1Password that uses local encrypted storage of your password list. Do not store this in the cloud and do not synchronize through the Internet. Synchronize through your local network only. Maintain a copy of your passwords on your computer and also on a mobile device with biometric security (fingerprint reader). Alternatively, you can write your passwords and account information on paper and store them in a fireproof and waterproof safe. Using a multi-function home copier, you could make a backup copy and leave it in a safe place.
Redundancy. Maintain a second computer with a backup of your essential files and contacts. Have it configured to function for printing, network, email, and other functions in the event that your primary computer goes down. Create a non-computer-reliant system for your daily tasks. In other words, for all the tasks you rely on your smartphone or computer, figure out a pen and paper solution.
Social Media Security. Be vigilant when using social media. Don’t accept friend requests from people you don’t really know. It would mislead your friends into accepting a friend request from a person they think you know and approve of.
Brief Summary: All Apple computers (prior to v10.10.3) are vulnerable to the 46 security exploits described below. Update to the latest version of Yosemite immediately.
Overview:
Multiple vulnerabilities have been discovered in Apple MAC OS X and Apple Safari. Mac OS X is an operating system for Apple computers. Apple Safari is a web browser available for Mac OS X and Microsoft Windows. These vulnerabilities can be exploited if a user visits or is redirected to a specially crafted webpage, or opens a specially crafted file, including an email attachment, using a vulnerable version of OS X.
Successful exploitation could result in an attacker gaining the same privileges as the logged on user, remote code execution within the context of the application, and bypass of security systems. Failed attacks may cause a Denial of Service condition within the targeted delivery method. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Affected Software:
Apple Mac OS X Yosemite prior to v10.10.3
Apple Mac OS X Mavericks v10.9.5
Apple Mac OS X Mountain Lion v10.8.5
Apple Safari v8.0.5, 7.1.5, and 6.2.5
Description:
Multiple remote code execution vulnerabilities have been discovered in Mac OS X that could allow remote code execution. These vulnerabilities can be exploited if a user visits or is redirected to a specially crafted webpage or opens a specially crafted file. Details of these vulnerabilities are as follows:
Apple Mac OS X Yosemite prior to v10.10.2 is prone to privilege escalation due to an issue with checking XPC entitlements (CVE-2015-1130).
Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 have multiple vulnerabilities in Apache prior to versions 2.4.10 and 2.2.29 including one that may allow a remote attacker to execute arbitrary code (CVEs 2015-1066, 2013-5704, 2013-6438, 2014-0098, 2014-0117, 2014-0118, 2014-0226, and 2014-0231).
Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion 10.8.5, and OS X Mavericks v10.9.5 ATS (Apple Type Services) are prone to multiple input validation issues in fontd which may allow a local user to execute arbitrary code with system privileges (CVEs 2015-1131, 2015-1132, 2015-1133, 2015-1134, and 2015-1135).
Apple Mac OS X Yosemite prior to v10.10.2 is prone to a cross-domain cookie issue which may result in cookies belonging to one origin may be sent to another origin (CVE-2015-1089).
Apple Mac OS X Yosemite prior to v10.10.2 is prone to a cross-domain HTTP request issue which may result in authentication credentials being sent to a server on another origin (CVE-2015-1091).
Apple Mac OS X Yosemite prior to v10.10.2 is prone to an input validation issue which may result in the execution of arbitrary code by visiting a maliciously crafted website (CVE-2015-1088).
Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a use-after-free issue in CoreAnimation which may result in the execution of arbitrary code by visiting a maliciously crafted website (CVE-2015-1136).
Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to multiple memory corruption issues in the processing of font files, which may result in the execution of arbitrary code by processing a maliciously crafted font file (CVE-2015-1093).
Apple Mac OS X Yosemite prior to v10.10.2 and OS X Mavericks v10.9.5 are prone to an issue with NVIDIA graphics driver’s handling of certain IOService userclient types, which may allow a local user to execute arbitrary code with system privileges (CVE-20215-1137).
Apple Mac OS X Yosemite prior to v10.10.2 is prone to an input validation issue in the hypervisor framework which may allow a local application to cause a denial of service (CVE-2015-1138).
Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a memory corruption issue in the handling of .sgi files which may result in the execution of arbitrary code by processing a maliciously crafted .sgi file (CVE-2015-1139).
Apple Mac OS X Yosemite prior to v10.10.2 is prone to a memory corruption issue which may allow a malicious HID (Human Interface Device) to cause arbitrary code execution (CVE-2015-1095).
Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a buffer overflow issue which may allow a local user to execute arbitrary code with system privileges (CVE-2015-1140).
Apple Mac OS X Yosemite prior to v10.10.2 is prune to a kernel memory content disclosure issue which may allow a local user to determine kernel memory layout (CVE-2015-1096).
Apple Mac OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5 are prone to a heap buffer overflow in the IOHIDFamily’s handling of key-mapping properties which may allow a malicious application to execute arbitrary code with system privileges (CVE-2014-4404).
Apple Mac OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5 are prone to a null pointer deference issue in the IOHIDFamily’s handling of key-mapping properties which may allow a malicious application to execute arbitrary code with system privileges (CVE-2014-4405).
Apple Mac OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5 are prone to an out-of-bounds issue in the IOHIDFamily driver which may allow a use to execute arbitrary code with system privileges (CVE-2014-4380).
Apple Mac OS X Yosemite prior to v10.10.2 is prone to an issue in the handling of virtual memory operations within the kernel which may allow a local user to cause unexpected system shutdown (CVE-2015-1141).
Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a race condition in the kernel’s setreuid system call which may allow a local user to cause a system denial of service (CVE-2015-1099).
Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to setreuid and setregid system calls not dropping privileges permanently which may allow a local application to escalate privileges (CVE-2015-1117).
Apple Mac OS X Yosemite prior to v10.10.2 ICMP redirects were enabled by default, which may allow an attacker with a privileged network position to redirect user traffic to arbitrary hosts (CVE-2015-1103).
Apple Mac OS X Yosemite prior to v10.10.2 is prone to an issue processing TCP headers which may allow an attacker with a privileged network position to cause a denial of service (CVE-2015-1102).
Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to an out of bounds memory access issue which may allow a local user to cause unexpected system termination or read kernel memory (CVE-2015-1100).
Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to improper treatment of some IPv6 packets which may allow a remote user to bypass network filters (CVE-2015-1104).
Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a memory corruption issue in the kernel which may allow a local user to execute arbitrary code with kernel privileges (CVE-2015-1101).
Apple Mac OS X Yosemite prior to v10.10.2 is prone to a state inconsistency issue in the handling of TCP out of band data which may allow a remote attacker to cause a denial of service (CVE-2015-1105).
Apple Mac OS X Yosemite prior to v10.10.2 is prone to an input validation issue in LaunchService’s handling of application localization data which may allow a local user to cause the Finder to crash (CVE-2015-1142).
Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a type confusion in LaunchService’s handling of localized strings which may allow a local user to execute arbitrary code with system privileges (CVE-2015-1143).
Apple Mac OS X Yosemite prior to v10.10.2 is prone to a memory corruption issue in the handling of configuration profiles which may allow the processing of a maliciously crafted configuration profile to cause unepxted application termination (CVE-2015-1118).
Apple Mac OS X Yosemite prior to v10.10.2 is prone to weak key generation in ntpd when an authentication key is not configured which may allow a remote attacker to brute force ntpd authentication keys (CVE-2014-9298).
Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to multiple input validation issue in OpenLDAP which may allow a remote unauthenticated client to case a denial of service (CVEs 2015-1545 and 2015-1546).
Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to multiple vulnerabilities in OpenSSL 0.9.8zc, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphers (CVEs 2014-3569, 2014-3570, 2014-3571, 2014-3572, 2014-8275, and 2015-0204).
Apple Mac OS X Yosemite prior to v10.10.2 and OSX Mavericks v10.9.5 are prone to an Open Directory Client issue which may allow an unencrypted password to be sent over the network when using Open Directory from OS X Server (CVE-2015-1147).
Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to multiple vulnerabilities in PHP, including one which may lead to arbitrary code execution (CVEs 2013-6712, 2014-0207, 2014-0237, 2014-0238, 2014-2497, 2014-3478, 2014-3479, 2014-3480, 2014-3487, 2014-3538, 2014-3587, 2014-3597, 2014-3668, 2014-3669, 2014-3670, 2014-3710, 20214-3981, 2014-4049, 2014-4670, 2014-4698, and 2014-5120).
Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a memory corruption issue in the handling of iWork files which may allow an opened, maliciously crafted iWork file to execute arbitrary code (CVE-2015-1098).
Apple Mac OS X Mountain Lion v10.8.5 is prone to a heap buffer overflow which may allow viewing a maliciously crafted Collada file to lead to arbitrary code execution (CVE-2014-8830).
Apple Mac OS X Yosemite prior to v10.10.2 is prone to an issue that may allow a user’s password to be logged to a local file (CVE 2015-1148).
Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to an issue that may allow tampered applications to launch (CVEs 2015-1145 and 2015-1146).
Apple Mac OS X Yosemite prior to v10.10.2 is prone to a memory corruption issue in WebKit that may result in arbitrary code execution after visiting a maliciously crafted website (CVE-2015-1069).
Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to an issue in Safari that may allow users to be tracked by malicious websites using client certificates (CVE-2015-1129).
Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to an issue in Safari that may allow user’s browsing history in private browsing mode to be revealed (CVE-2015-1128).
Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to an issue in Safari that will cause the incomplete purging of a user’s browsing history (CVE-2015-1112).
Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to multiple memory corruption issues in WebKit that may result in unexpected application termination or arbitrary code execution after visiting a maliciously crafted website (CVEs 2015-1119, 2015-1120, 2015-1121,2015-1122, and 2015-1124).
Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a state management issue that may result in a user’s browsing history in private mode being indexed (CVE02015-1127).
Apple Mac OS X Yosemite prior to v10.10.2, OS X Mountain Lion v10.8.5, and OS X Mavericks v10.9.5 are prone to a an issue in WebKit’s credential handling for FTP URLs that may result in resources of another origin being accessed after visitng a maliciously crafted website (CVE-2015-1126).
Security Update 2015-004 (available for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5) also addresses an issue caused by the fix for CVE-2015-1067 in Security Update 2015-002. This issue prevented Remote Apple Events clients on any version from connecting to the Remote Apple Events server. In default configurations, Remote Apple Events is not enabled.
Successful exploitation could result in an attacker gaining the same privileges as the logged on user, remote code execution within the context of the application, and bypass of security systems. Failed attacks may cause a Denial of Service condition within the targeted delivery method. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Solution/Recommendations:
We recommend the following actions be taken:
Upgrade to Apple Mac OS X Yosemite 10.10.3 immediately after appropriate testing.
Apply appropriate updates provided by Apple to vulnerable systems immediately after appropriate testing.
Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
Remind users not to download, accept, or execute files from un-trusted or unknown sources.
Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
Ransomware malware viruses infect a computer and make the user’s files inaccessible by encrypting them. In some cases the computer is left only partially usable. The user is given some instructions on how to get their files back. Usually this involves communicating directly with someone who will ask you for money before they will let you have access to your files again. They may also promise to fix the computer so that it will function again.
It is estimated that there are presently over 250,000 kinds of ransomware viruses. In 2013, just one of these viruses alone resulted in the extortion of an accumulated $3 million from all its victims before it was taken down by authorities. (source)
Ransomware Prevention
Some antivirus software providers, such as Kaspersky, promise that their software can protect against ransomware. This statement is on the Kaspersky website:
“To protect your computer from ransom malware, download and install Kaspersky Internet Security 2015. The application provides high-level protection against ransom malware.” (source)
Avoid Pop-Up Messages. Another important prevention measure is to be very careful with any unusual pop-up messages. Avoid clicking until you can be certain that the message is legitimate, or simply shut down the computer and restart.
Take Email Precautions. One way of getting ransomware is clicking on links in spam emails. Services like Gmail from Google examine all emails flowing through their system and monitor for malicious activity. So, for example, let’s say there is a fake message claiming to be from FedEx about a package that couldn’t be delivered. Google would likely identify that email as not having authentically been sent from Federal Express. So, it would end up in your spam folder with a notice, “We couldn’t verify that this message was really from the claimed sender” or “We’ve identified other messages like this one that are malicious.”
Use AntiVirus Software. Most antivirus software should prevent virus-like activity even from viruses that were previously unknown. Comprehensive Antivirus software can warn you of known malicious websites. In this way, they make browsing the web safer.
Use an Apple Computer. There are currently over 17 million known Windows computer viruses. The current number of Apple viruses are currently very limited. Apple computers are susceptible to security problems found in Adobe Flash and Java, so it’s important to stay updated. There have been a few fake Apple programs people have been deceived into installing, such as Mac Defender. A report of Apple viruses over the past 10 years is only a few pages long. (source) So, while Apple computers are not completely immune to viruses, they may be a better choice for security minded people.
Ransomware Protection
As described above, there are some preventative measures you can take. Ransomware protection are measures you can take to protect and limit the potential damage of a Ransomware attack.
Backups. Some backup programs run daily to maintain a backup of all your files. This is helpful, except in cases where your files have become corrupted or maliciously encrypted. In some cases, a good backup can be overwritten by a bad one. Also, a connected backup drive is accessible to viruses that might try to erase or encrypt files. In these cases, it may be best to maintain a separate manual backup of your files on a drive that remains disconnected from your computer in a safe place.
Cloud Synchronization. If you use a service like Dropbox to maintain a synchronized cloud copy of your files, make sure you have the ability to access previous versions of your files in the event they get damaged.
Crypto-Ransomware is a family of malware that takes files on a PC or network storage, encrypts them, and then extorts money to unlock the files. … These encryptor malwares will encrypt pictures, documents, and videos, and then leave a ransom note in each directory after encrypting at least one file in that directory. They also typically attempt to do this to mapped network drives [or attached backup drives] as well. … Ransomware-encrypted files for most variants cannot be recovered at all. The encryption keys are not stored on the system. There is one variant which can be recovered, which is discussed below. … W32/VirRnsm-A infects files and changes them to .exe files, including the virus code. It still allows the file to open initially so it has a chance to spread. After a while it locks out the files. The good news is that these files, unlike most ransomware, can be recovered and cleaned by Sophos. A full system scan will fix and recover your files.” (source)
With so many variations of ransomware, it’s unlikely that encrypted files could be recovered unless they happen to be the result of the W32/VirRnsm-A variant.
Yet, some tools from Kaspersky (listed below) suggest that decryption may be possible if you have an original file that’s not encrypted and can compare this to an encrypted file.
Further Reading
Below are ransomware information pages from various sources.
Decrypt CryptoLocker – This portal will email you a master decryption key along with a download link to a recovery program that can be used together with the master decryption key to repair all encrypted files on your system. (read more)
Here are some software tools that might help with removal and/or recovery of files.
Kaspersky WindowsUnlocker – The Kaspersky WindowsUnlocker utility is designed to disinfect registries of all operating systems installed on the computer (including operating systems installed on different partitions or in different folders on one partition) and disinfect user registry trees. Kaspersky WindowsUnlocker does not perform any actions with files (in order to disinfect files you can use Kaspersky Rescue Disk).
RakhniDecryptor – utility for removing Trojan-Ransom.Win32.Rakhni
RannohDecryptor – If the system is infected by a malicious program of the family Trojan-Ransom.Win32.Rannoh, Trojan-Ransom.Win32.AutoIt, Trojan-Ransom.Win32.Fury, or Trojan-Ransom.Win32.Cryakl, all files on the computer will be encrypted. To decrypt files affected by Trojan-Ransom.Win32.Rannoh, Trojan-Ransom.Win32.AutoIt, Trojan-Ransom.Win32.Fury, Trojan-Ransom.Win32.Crybola or Trojan-Ransom.Win32.Cryakl, use the RannohDecryptor utility.
RectorDecryptor – Kaspersky Lab specialists have developed a special utility for decrypting the data encrypted by Trojan-Ransom.Win32.Rector. Cybercriminals use Trojan-Ransom.Win32.Rector for disrupting normal performance of computers and for unauthorized modification of data making it unusable. Once the data has been “taken hostage” (blocked), its owner (user) receives a ransom demand. The victim is supposed to deliver the ransom in exchange for pirate’s promise to send a utility that would restore the data or repair the PC.
XoristDecryptor – There is a utility to confront malware of the family Trojan-Ransom.Win32.Xorist, Trojan-Ransom.MSIL.Vandev – XoristDecryptor. Malware of the family Trojan-Ransom.Win32.Xorist, Trojan-Ransom.MSIL.Vandev is designed for unauthorized modification of data on a victim computer. It makes computers uncontrollable or blocks its normal performance. After taking the data as a “hostage” (blocking it), a ransom is demanded from the user. The victim is supposed to deliver the ransom to the pirate, who is promising to send in return a program which would release the data or restore normal performance of the computer.
Instructional Videos
These videos refer to variants of ransomware. They may not be specific to your own experience, but the general information presented should be helpful. These videos provide an insight into the variety of ransomware and what the recovery solutions might be.
A cryptography firm has identified over 400 security vulnerabilities in the Android operating system widely used in smart phones and tablets. They also identified data leaving Android devices going to various unknown destinations at a rate of about 80 to 90 times per hour. These security concerns are compounded by the fact that rogue cell phone towers (like malicious routers) can take control over devices. Popular Science reports, “Every smart phone has a secondary OS, which can be hijacked by high-tech hackers.”
Iowa City Technology Services 