January 2nd, 2014
Windows users have a tool included on their systems that sends a report to Microsoft any time an error occurs. This is to help Microsoft create patches and updates that resolve issues, but as Gregg Keizer of Computer World reports, these error reports are also helping hackers find vulnerable targets.
The problem with error reports is that they’re unencrypted. This means that anyone able to intercept that data on its way to Microsoft will be able to discover a wealth of information about the user and their computer. Information included in errors reports include what software is installed, what version of the operating system is running, the latest patches and updates installed, devices and peripherals plugged into the computer and reports on recent application and operating system crashes. This information has been described as “a blueprint” for how to attack a user and where security vulnerabilities exist.
The most common way to hackers to intercept this information is a ‘man in the middle’ attack, which allows a hacker to ‘sniff’ or monitor all activity conducted over your internet connection and steal any data transmitted.
A German newspaper recently reported that the NSA has already been stealing crash reports to make their attacks more intelligent. While this threat is unlikely to target too many individual users, businesses are certainly at a significant risk.
Windows sends error reports by default, but they can be turned off. Security experts, however, advise against this measure. The reason error reports are valuable to hackers is the same reason they’re valuable to your IT department. They highlight vulnerable areas of your network and help you patch them.
Instead of losing this diagnostic tool, improve it. Rather than sending reports directly to Microsoft, you can direct them to an internal server and encrypt the information before sending it on. This way, even if the report is intercepted, it won’t be able to be deciphered.
If you need to improve the security at your business, or have been the victim of a cyber attack and need help fixing the damage, call Geek Rescue at 918-369-4335.
January 2nd, 2014
Staying safe online requires the right security tools. It also requires the right knowledge of common threats. Knowing how criminals typically attack your computer educates you on how to prevent those attacks. Roger A. Grimes at Computer World published his list of the most devious attacks currently being used and how to protect yourself from them.
There a plenty of public places where people typically use free, public WiFi. Unfortunately, networks in places like coffee shops, libraries and airports are also common targets for hackers. They’re able to set-up fake wireless access points, or WAPs, that fool users. Users connect using a network with a believable name, but are actually giving a criminal access to all the data they transmit. This is an easy way for hackers to steal passwords, banking information and more. To protect yourself, be extremely wary of public WiFi. Don’t enter any financial information or visit any sites that require a password.
Cookies have been used by websites for years to make your browsing experience faster and more convenient. These text files store information so you don’t have to log-in every time you visit the same site, or otherwise streamline your experience. That information is dangerous if stolen, however. Hackers use a number of methods for stealing cookies. When they’re successful, they’re able to immediately gain access to certain sites and sometimes even gain payment information. Make sure that if you have cookies enabled, you’re only using HTTPS websites that use the latest encryption methods.
This is not only a common attack method, but also a simple one. Hackers use some social engineering to gain more downloads of malicious files and tempt more users to open those files. No one would want to download ‘malware.exe’, but when the file name is something more salacious or relevant to the user, many can’t resist. Some even use false file extensions to confuse users. The full file name may be ‘image.jpeg.exe’. The file is an executable application, not an image, but ‘.jpeg’ fools many users. To protect yourself, don’t download files that sound too good to be true and only download from trusted sources. If you aren’t expecting a file to be emailed to you, don’t open any attachments. Also, be sure to scan anything you download with your antivirus program before you open it.
Windows users have a DNS-related file named ‘Hosts’ in their ‘Drivers’ folder. Typically, there’s no reason for a normal user to interact with ‘Hosts’. It contains domain names that a user has visited and links them to their IP addresses. This is a way around having to contact DNS servers and perform recursive name resolution every time a popular site is visited. But, this opens the door for hackers to enter their own malicious entries into ‘Hosts’. By changing the IP addresses linked to common domain names, a hacker can redirect users to a spoofed version of a legitimate site. These malicious sites usually look very similar to the original, but are used to steal your data. This is a difficult attack to spot. If a site looks different than usual, avoid it. Don’t enter any information on a site that looks different than you’d expect. If you suspect you’re being maliciously redirected, examine your ‘Hosts’ file.
These are only a small collection of ways criminals can steal your data and infect your computer. For help improving your security, or fixing the effects an attack has had on your system, call Geek Rescue at 918-369-4335.