Tag Archives: security

ZOOM.US

Zoom has been heralded as the solution to use for online meetings during the COVID19 lockdown, but When looking more in depth, Zoom presents multiple security risks.

Its use has been approved for use by government and business. Cabinet meetings are using this tool at least in the UK and New Zealand.

Security issues

However the use of Zoom services seem to expose users to many security issues:

How Zoom.us is organised
How Zoom is working
source: https://theintercept.imgix.net/wp-uploads/sites/1/2020/04/zoom-enc.jpg

Precautions

Zoom is exceptionally usable and a very convenient way to hold meetings. However the participants need to be aware that their privacy is likely to be compromised, and that the content of the meeting is probably accessible by other people.

More information

CitizenLab has conducted an in-depth analysis of the service, advising not to use the services of Zoom if you need privacy and confidentiality, especially for

Governments worried about espionage

Businesses concerned about cybercrime and industrial espionage

Healthcare providers handling sensitive patient information

Activists, lawyers, and journalists working on sensitive topics

Alternative Solutions

There are alternative solutions available, and you might be interest at the analysis conducted by Computerworld.

Found on Twitter: a UK cabinet meeting on Zoom
UK Cabinet meeting on Zoom
source: https://pbs.twimg.com/media/EUcf6P7WkAETelu?

CCNA Security

Blended and Distance CCNA Security Course

A preparation course to the CCNA Security  certification (640-554 IINS) will start in Auckland in  July 2015. This course can be made available in blended and/or distance format, depending on the numbers and geographical location of potential interested students.

The content of the course is described in a previous post

Blended? Distance?

Blended and distance allow you to complete the course out of normal business hours (evening/week-end)

How to register your interest

To register your interest or obtain further details, you need to get in touch via the contact page. We are looking forward hearing from you.

 

Major Operation Against Cybercrime in the UK

Alleged Cybercriminals arrested

The National CyberCrime Unit at NCA has recently launched a major operation against Cybercriminals in the UK.  The operation lasted one week, and seventeen people were arrested. These people are suspected of using software designed to steal data from other people’s computer. This is part of a worldwide operation that has taken place worldwide against the set of malware tools named Blackshades.
The most used tool in the suite is called Remote Access Tool, and allows the crooks to take a computer over remotely. Other capabilities of Blackshades include being able to control the video camera, microphone, and to record the keys being pressed on the keyboard, allowing for example to record an internet banking session, password included. It is estimated that more than 200,00 password have been stolen via Blackshades worldwide.

How are PCs infected?

Users get their PCs infected by following a link that can be located for example in a spam email, a twitter post or a Facebook post. The installation is invisible to the user.

How can you protect yourself?

Do not follow links in an email if you do not know the sender. Do not trust your Facebook friends when then publish a link: either their account might have been hacked, or if they might have shared with you a link that  has already infected their machine.

 

Another Chrome Security Concern

The Password Security Concern.

We already knew that storing any passwords on Google Chrome was dangerous , and the method to do this is widely available, as for example on this video.

The Microphone Concern.

It has now come to light that people can eavesdrop on you by accessing your microphone, without you being aware of it. It is not a simple process, but Guya.net describes it very well . Chrome is using outdated technology, which can be abused to have a web site accessing your microphone without any warning.

© Nguyen Thai | Dreamstime Stock Photos

Computer bugs
© Nguyen Thai | Dreamstime Stock Photos

The bug has been reported to Google, and let’s hope that a fix come soon. Or may be you might want to swap to another browser.

What browser are you using, and why?

The Constant Evolution of the Cybercrime Industry

Interesting analysis on BetaNews , based on a report from McAfee

The cybercrime industry is refining its techniques to steal data

Browser Passwords

Passwords Storage

Are you saving passwords for your favourite web sites in your browser? If yes, think twice. If you are using Chrome, this is not a secure at all. Have a look at this article published recently. I am not a frequent user of Internet Explorer or Safari,  and am not aware of their password storage strategy used.

How to secure passwords?

The issue is that you have to remember many usernames and passwords for various internet sites.

Solution 1: Use one or two usernames and passwords for everything.

And what happen if one of your password is compromised? The “hackers” will run software that will automatically try those on a great number of sites. This was the issue that prompted Telecom NZ to ask their users to change all their passwords, without really explaining the reason behind it. All what we knew was some accounts were accessed without the knowledge of the users, and were sending spam with links towards websites.

Solution 2 : Stick with saving Credentials within the browser.

The physical security of the equipment is not a problem, and no-one will ever be able to get physically to your PC. However, old fashion desktop PCs also get stolen. Do you really know what happen to your PC when your dispose of it? It is also a bad idea to use this strategy on mobile devices, as they tend to frequently be lost, forgotten or stolen.

Solution 3: Use a Safer Browser

Firefox is safer in that area, at it allows you to protect your database of username and passwords. with a master password. However, do not use a 3 letter password, as it could easily be cracked. It is better to aim for 8 or more letters

Solution 4 : Use a Password Management Software

What is a password management software? It is usually a small application that run on your computer, tablet or phone that enable you to:

  • create complex password
  • register them, associating them with the web site URL and a username
  • sometimes it links with your browser to save you typing anything.

The application create a small file that is either open with a password, a key file or a combination of the two. You can store the file or files on a hard drive or a USB stick. An other possibility is to store them on a network or  cloud drive to be able to get access to it from everywhere with multiple devices.

You can afford in that situation to create and memorize a long password, as it is the only one you will have to remember. But don’t go away on holiday and forget it!  There will be no way to recover the content of your file.  An other bad idea would be to write the password on a Postit note somewhere (by the monitor for example). I have seen people writing their master password on a piece of paper, they sticking it underneath the keyboard.

If you are using a key file, do not forget to back it up somewhere. it is also highly recommended to make a copy of you encrypted database file somewhere. Files can get corrupted. Drives can die, and they tend to do this at the most inconvenient time.

Two recommended password management software can be found on http://keepass.info/ and https://lastpass.com/

Keepass

Keepass image from http://keepass.info/

Are you using of any password management software? Is there anything else you would recommend?

Why using lastpass?

 

Unsecured WiFi Mapped Out.

Buying a wireless router for your home WiFi network, or having it sent to you free of charge by your ISP should guarantee a secure network.

Unfortunately, this is not the case and the list of default passwords for each brand of equipment is well known. If you have a wireless PC or laptop, you just need to look at the list of available networks in the area, and the type of encryption used. The first piece of information is giving you the manufacturer of the router. Few people know how to change the SSID from the default settings, never mind the authentication of the encryption on the network. This means that in a lot of cases, the wireless network can be access by anyone with little or no effort.

In most countries wardriving is legal( looking for open networks). What is illegal is to use the discovered network.

Why is the problem with open WiFi? You could be sharing the data on your computer, reveal your credential for internet banking (for example), and be legally liable for anything illegal taking place from your network .

When are manufacturers and ISPs going to start producing or supplying equipment that can either properly secure itself ? May be what is needed is equipment with a proper set of instructions usable by the general public.

NetSafe has been wardriving in  the suburbs of Wellington, and the results are sobering. Have a look at this article describing the results.

www.stuff.co.nz

NEWTOWN’S WiFi NETWORKS