Share on Social Media:

HACKERS DEFEATED BY MICROSOFT

Image result for hacker images

Hackers defeated… This is always good news, right?

We’ve often been critical of Microsoft. Its operating systems have usually been buggy and slow, and they seem to require multiple patches to work properly. Occasionally, though, the brainchild of Bill Gates functions exceptionally well. When it does, we want to give it proper credit.

With this in mind, we call your attention to last night’s announcement by Microsoft regarding a potential security threat. Earlier in the day, a group of hackers called The Shadow Brokers released a suite of Windows ‘exploits’ which could have enabled hackers to compromise computers operating on multiple versions of Windows. But Microsoft had already moved to forestall the attacks.

In a blog entry posted last night, Microsoft described the attacks and its responses. Microsoft had repelled one, ERRATICGOPHER, before the release of Windows Vista. Another, ETERNALCHAMPION, it had patched along with two unrelated vulnerabilities.

Yesterday’s Microsoft Security Bulletin spelled out the company’s responses to The Shadow Brokers. On March 14, it patched ETERNALBLUE, ETERNALROMANCE, and ETERNAL SYNERGY. The company didn’t bother patching three others. These were: EXPLODINGCAN, ENGLISHMANDENTIST, and ESTEEMAUDIT. Microsoft left these alone because it couldn’t simulate the attacks on any systems it supports. This evidently means any systems it provides updates for- Windows 7 or newer.

The hackers apparently made the mistake of testing their exploits on a ‘clean install’ of Windows. A ‘clean install’ is a version without recent security updates. The hackers then, had no idea how their attacks would fare on properly updated systems.

We’ve mentioned this before, but it bears repeating. Update your computer’s operating system often. Be especially vigilant when you hear about critical threats.

(To find out more about computer security, follow this blog. For the strongest internet connection, talk to us. We can help.)

Share on Social Media:

AVOID GETTING HACKED

Was it the Russians?

We learned last week that someone hacked Democratic National Committee servers, then leaked embarrassing e-mail to WikiLeaks. The ensuing media firestorm had DNC officials on the defensive, and intensified friction between the Sanders and Clinton camps. The DNC blamed the Russians for the breach, though evidence of their involvement is meager and circumstantial.

You might believe this has nothing to do with you. Since you don’t have to worry about international spy rings, you don’t need to concern yourself with cybersecurity. Right?

It would be dangerous to assume that you’re safe. Governments, including our own, could turn their attention to you if they think you have information they need. Corporate interests, criminal gangs, and individuals might spy on you for the same reason. If you work for a company with valuable intellectual property, you face a higher likelihood of becoming a target. How, then, can you avoid being victimized by hackers?

Protecting your computer files begins with educating yourself. According to CrowdStrike, a cybersecurity firm, the DNC breach was a case of ‘spear-phishing’. Spear-phishers exploit familiarity with their victims. These hackers know at least a little about their intended victims. It may be their names, e-mail addresses, or references to social events, friends, or family members. The spear-phisher pretends to be someone his intended victim knows.

Spear-phishing e-mail comes from forged (‘spoofed’) addresses, and appears to be from someone the intended victim knows. For example, it may seem to be from a colleague or a supervisor.

Spear-phishing attacks can be difficult to avoid because they appear to come from trusted sources. Successful spear-phishers usually begin with ‘social  engineering’. This is research of the victim’s social media profiles and online activity. The ‘social engineer’ attempts to learn as much as possible about the victim, his friends, and his employer.

How, then, can you avoid falling prey to such attacks? First, monitor your online activity. Take an especially close look at your presence on social media. Are you giving too much information away? Does the world at large need to know your cat’s name, where your mother lives, or all the awards you won in elementary school? Visit TakeThisLollipop.com to track how much you’re sharing. It may make your hair stand on end.

Second, think before responding to e-mail. If someone you know sends a message that’s out of character, be suspicious. Be especially careful with requests for urgent response or wire transfers of money.  If you’re unsure, call or text the apparent source for confirmation. Avoid downloading attachments to messages you weren’t expecting.

Finally, ask your employer to do more. Businesses can block e-mail from unfamiliar sources with authentication software. ValiMail is one e-mail security firm that enables organizations to control who sends e-mail under their names.

With a few simple precautions, you can avoid hacking of your e-mail. Stay alert, and your files should be secure.

And avoid getting close to Vladimir Putin. He’s a rascal.

Share on Social Media:

FACES IN THE CROWD

Facial recognition software has come a long way in just a few years. Law enforcement agencies sometimes use it an an investigative tool. Some corporations use it as a screening tool; the faces of their employees are their ‘keys’ to company buildings. ‘Smart cameras’ recognize their faces and activate automated door to admit them.

There is a sinister aspect in facial recognition software, though. The people of Russia, for example, are finding out that it can be used for underhanded purposes. No matter where a person goes, anyone with the right connections or enough resources can track him down by picking his likeness out of a crowd photo.

FindFace, an advanced facial recognition platform launched a mere two months ago, enables 70% reliability in recognition of individual faces in photographs of crowds. The FindFace software compares the images to photos on Vkontakte, a social network popular in Russia and other states that were once in the Soviet Union. Vkontakte hosts more than 200 million accounts.

The Findface platform has seen phenomenally heavy use, given that it’s only two months old. It has already conducted more than three million searches of its database of about a billion photographs.

According to The Guardian, a London newspaper: “In future, the designers imagine a world where people walking past you on the street could find your social network profile by sneaking a photograph of you, and shops, advertisers, and police could pick your face out of crowds and track you down via social networks.”

Alexander Kabakov, one of the founders of FindFace, said that its facial recognition service could enhance dating and romance. “If you see someone you like”, he said, “you can photograph them, find their identity, and then send them a friend request.” If this seems a bit creepy to you, Kabakov said the platform need not involve surreptitious street photography. “It also looks for similar people”, he said. “So you could just upload a photo of a movie star you like, or your ex, and then find ten girls who look similar to her, and send them messages.” Well, okay, then. You have nothing to worry about, right?

A 70% success rate may not seem especially impressive, but with a bigger database, better software, and one or two hardware upgrades, the system’s accuracy could approach 100%. All faces, in all public places, will be vulnerable.

Despite Kabakov’s breezy insouciance about it, FindFace is a serious potential threat to privacy and freedom. The platform could be a boon to stalkers, rapists, and vengeful ex-lovers. Advertisers would find it valuable for targeting ads by viewer interest and location. Despotic regimes and political activists could use it to identify opposition demonstrators, exposing them to harassment, intimidation, assault, or even murder. FindFace even admits being willing to consider an offer from the FSB, the Russian security bureau that succeeded the Soviet KGB and that employs many of the same rough methods.

Kabakov brushes aside privacy concerns, insisting that we must accept living under nearly constant surveillance. “In today’s world we are surrounded by gadgets”, he said. “Our phones , televisions, fridges, everything around us is sending real-time information about us. Already we have full data on people’s movements, their interests, and so on. A person should understand that in the modern world he is under the spotlight of technology. You just have to live with that.”

There is no perfect way to protect our privacy. With every advance in computer and internet technology, it becomes even more difficult. If strangers can recognize us by tracing our likenesses in crowd photos to our social media accounts, our only sure protection lies in remaining homebound. No faces are completely safe. All faces may betray their owners.

We are not completely helpless, though. There are a few steps we can take to enhance our privacy.

Follow a few common-sense security protocols any time you’re online. And consider wearing dark sunglasses whenever you leave your house.

(Do you need better computer security? Do you need a more reliable internet connection? Talk to us. We can help.)

Share on Social Media:

REPLACING THE PASSWORD

Security is one of our most important concerns in use of the internet. Carelessness can expose our devices to malware and hacking, and we risk our bank accounts and our identities.

The password is a partial solution, our best attempt to limit the risk in internet use. It’s not a perfect defense, though, and it brings its own drawbacks. Passwords that are easy to remember may also be easy for hackers to guess. More difficult passwords we can forget more easily, and we can be locked out of our devices or our secured sites. With multiple passwords, we compound the burden on memory.

In the future, even the best, most complex passwords may not be adequate defenses. As hackers gain access to ever more processing power, brute force attacks could overcome even our most sophisticated encryption efforts. What, then, can we do?

In the long run, replacing the password may be our only realistic chance of protecting our data, our money, and our identities. But what will you replace your password with?

One of the most promising new security protocols is use of biometric data. Replacing your password with a fingerprint, a facial scan, or an iris scan would save having to remember a complex code. A hacker can’t duplicate your features, your fingerprint, or your retinas. It wouldn’t matter how much processing power he had. Without physical access to your computer, he couldn’t break the code.

Dell, Microsoft, Digital Persona, and a few other vendors sell fingerprint scanners for computer security. All sell at retail for less than $80.00. One sells for less than $20.00. After installing your scanner, you can log in just by pressing your finger in the designated slot. You’ll never need a login password again.

Iris or retinal scanners are commonly used for airport and military security. They are too expensive for most consumer uses, but this is expected to change. Improvements in sensor technology will drive prices downward.

One of the most important technologies replacing the password will be machine learning. Ray Kurzweil, one of the most famous computer scientists, as well as a prominent author, inventor, and futurist, said that in the future “the machine will learn you”. Advanced software algorithms will learn the habits of computer users. Eventually, your computer will know your patterns of use and the cadence of your keystrokes. Your computer could detect attempted hacking simply because the hacker’s use patterns will differ from yours. No other security protocol will be necessary.

For now, replacing your computer passwords with more advanced security tools requires time, effort, or money. Before long, you won’t need to expend extra effort or money, as all computers and (legitimate) websites will have adequate security tools built in.

Meanwhile, you may have to rely on your memory.