Author Archives: Paul Rosarius

Avoiding the Bogging Down of Servers

Avoiding the Bogging Down of Servers

Unfortunately, there has been a lot of talk of cyber attacks and ones specifically on servers that can leave thousands of people without internet access. With the vastness of the internet, it has become increasingly easier for cyber-criminals to carry out attacks.

The type of attack most associated with a server attack is something called a DDoS (distributed denial of service). It is like standing in line somewhere and then a bunch of people who aren’t shopping coming in and standing in front of you in line. There are trying to block you from doing anything.

What’s interesting regarding the attacks is that the DDoS can happen easier based off employee errors who are using the servers. Too much traffic and wrong settings can cause an overbearing weight put on the server. The company we partner with for our antivirus, Panda, has a few tips to avoid DDoS attacks.

Tips to avoid DDoS attacks

In order to prevent this from happening, the experts at Google offer some advice:

  • First, make it so that the initial 60 second delay doubles with each failed request, so that the second attempt is submitted after 120 seconds, the third after 240 seconds, and so on. That way, the number of requests piled up will be lower when the server returns to normal.
  • They also recommend that the app keep count of the number of reconnection attempts that each user has made, so that the most urgent requests are given priority when the server gets back to normal. This way, the requests that have been waiting the longest will be attended to first, while the rest continue waiting. A traffic bottleneck will therefore be averted, along with unwanted downtime caused by a DDoS attack launched against yourself.

-AY

Source: Panda Security. “How to avoid bogging down your own servers.” Web. 5 December 2016.

Mass Data Breaches are Common in Large Companies

Mass Data Breaches are Common in Large Companies

There is a statistic going around that states that 97% of large companies are victims of substantial data breaches. Although it is not uncommon for cyber criminals to go after individuals, a majority of the time they are after large corporations. The bigger the company and risk, the bigger the reward unfortunately.

A lot of companies also host their own business emails that employees use to sign in not only to the company email, but also for things like LinkedIn, which was breached just a few months ago. All these professionals also use the same password for various platforms that makes the situation worse and seemingly easier for criminals to get into.

It’s important when signing up for anything except a business email, to use a different email address and start putting together several different, unique, and even complex passwords to avoid the risk of a mass data breach within the workplace.

-AY

Source: Panda Security. “97% of Large Companies are Victims of Mass Data Breaches.” Panda Mediacenter. 2 November 2016. Web.

New Malware is Attacking Google Accounts

New Malware is Attacking Google Accounts

So far it looks like over a million Google accounts have been infected with malicious software. The so-called attacking campaign is being called Gooligan and is actively infecting 13,000 new devices and accounts on a daily basis. The infection allows for information theft on things like Google Play, Gmail, Google Drive, and more.

The interesting part, however, is that the attackers are not after personal information, and instead looking to force Google users to download apps that are a part of an advertising scheme that generates over $300,000 a month. Google themselves has stated that the culprits are not after information, but to simply promote various applications.

The apps being used come from outside sources not involved with Google Play, but the few that have made their way into Google’s store has since been deleted.

-AY

Source: Solsman, Joan & Nieva, Richard. “Google accounts hit with malware — a million and growing.” Web Blog Post. 30 November 2016. Web.

Non-Removable SSD in the new MacBook?

It seems to be a reoccurring theme within Apple. Creating devices that are generally meant to be replaced and not usually repaired. With the release of the new MacBook Pro, the most commonly replaced component, the SSD, is now being fixated into the computer.

The new MacBook Pros feature a new Touch Bar and with these new models the SSD is now putting in storage chips that are soldered and fastened onto the logic board of the computer. Basically what this means, is if you want to replace the storage of your MacBook Pro, you must replace the logic board in its entirety.

Also, if the logic board in your computer goes bad, then all the data that is stored on the chips…is lost. Data recovery is essentially going to be impossible. Although Apple has a seemingly reputable name behind its company, be mindful if you’re thinking about purchasing this new MacBook Pro.

-AY

Source: Humphries, Matthew. “15-inch MacBook Pro Uses Non-Removable SSD.” Web Blog Post. 16 November 2016. Web.

Already Time for Holiday Shopping?

With the famous Black Friday deals just on the horizon, it can be difficult to decide what deals and discounts to go after. If you or anybody on your Holiday gift list is interested in technology, then the online retailer, Newegg, may be the place for you.

Starting November 21, Newegg is offering amazing deals on TVs, phones, tablets, and much, much more. One of the most notable discounts is a brand new Acer Laptop that offers savings up to $320. Of course there is going to be lots of other deals on everything, but hey, we are technology company after all!

-AY

Source: Graziano, Dan. “Newegg’s Black Friday Deals Start November 21.” Web Blog Post. 11 November 2016. Web.

Tech Companies are Offering Election Help

With Election Day here, the world is on the edge of their seats waiting for the final word on who the new President of the United States is going to be. Thankfully, a few tech giants are here to help keep everyone up to date.

Google, Twitter and Facebook have all released services to help with the voting process as well information on voting results. The services include locations of where you can vote and some companies like Uber and Zipcar are offering free rides or rentals to go vote.

This has certainly been an interesting election filled with fierceness, strong opposition, and overwhelming tension between the two Presidential Candidates. These companies and leaders including President Obama are making an effort to get as many voters casting a ballot as possible.

So, if you’re looking for help or up-to-date results, check out Google, Twitter, or Facebook for all kinds of great information!

-AY

Source: Collins, Terry. “Tech giants offer up last-minute Election Day Help.” Web Blog Post. Cnet. 7 November 2016. Web.

Facebook May Be Building a Phone

Within Facebook there is a secret division called Division 8. Division 8 has recently been acquiring some heavy hitters within the technology world. These new Facebook hires are sparking some serious speculation of what this team could be working on. From one of the new employees, who is remaining under-the-radar, he has been indicating that it is mobile and possible modular.

Division 8 was originally thought to be a place were Facebook could prototype an array of new technologies. But, after looking at job postings and their mission statement, it seems that it is more about hardware. From the various postings, it seems that they are hiring heads of sectors within Division 8 that could potentially fall under the categories of industrial design, mechanical engineering, electrical engineering, device software, applications and services, and more.

That being said, many of the major names that have been hired used to be apart of the team that was creating the modular phone that allowed the user to swap out parts of the phone whenever they pleased. Many believe that this notion could mean that Facebook is  kick-starting this idea once more and turning it into a reality.

-AY

Source: Hollister, Sean. “Is Facebook secretly building a phone?” Web Blog Post. Cnet,4 November 2016. Web.

Scary Hacker Stories for Halloween

Ransomware is simply defined as any sort of malicious software that locks a device until a certain sum of money is paid. This year alone, hackers have been utilizing such Ransomware to gain large sums of money from all sorts of outlets.

Some of the major victims of these attacks were hospitals, political figures, and even yahoo. In a specific case, the Hollywood Presbyterian Medical center was essentially held hostage unless they paid $3.4 million dollars to the hackers. What’s even more horrific is that this hospital was one of 13 others that were also attacked.

Another major target of Ransomware attacks is political figures and I’m sure a particular case from 2016 comes to mind. Highly classified and sensitive emails were released post Democratic National Committee as well as the Democratic Congressional Campaign Committee. These leaks caused fear and panic not only to those involved, but also to the general public. These hackers have the capability of manipulating its victims and causing a ripple effect that leads to the general population.

Hackers are becoming increasingly more powerful and sneaky. With new tools being created on a regular basis, it is getting harder and harder to combat these attackers. It’s important to be careful of the websites you visit and what you click on, you never know what may be lurking inside.

Stay safe and have a great Halloween!

-AY

Source:

Hautala, Laura. “Slasher or Hacker? These 2016 hacks gave us nightmares.” Web Blog Post. Cnet, 29 October 2016. Web.

Samsung’s Profits Burn Because of Note 7

It was popular news for everyone not long ago. Videos, pictures, and other forms of publishing showed the Galaxy Note 7 blowing up and bursting into flames. It was supposed to be the device that allowed Samsung to rebound back into the mobile tech race. Unfortunately for them, this catastrophic event put them in negative view of the public eye.

Because of the overwhelming amount of recalls that transpired, the Note 7 was subsequently stopped from any more production. Consequently, the profits severely plummeted. The mobile division of Samsung, who is responsible for the Note 7 saw a 96% decrease in profits during their third quarter. This is there lowest profits in nearly 8 years and ultimately caused a sense of panic within the company.

The cause of the exploding devices is still unknown which is causing a delay in the production of any new phones (Galaxy S8). But, the former mobile kingpin told outside sources that they can expect a Note 8 at some point next year.

Source:

Musil, Steven. “Samsung earnings burned by Galaxy Note 7.” Web Blog Post. Cnet, 26 Oct. 2016. Web. 27 Oct. 2016.

GPS technology is more at risk from cyber attack than ever before, security expert demonstrates at VB2016

GPS technology is more at risk from cyber attack than ever before, security expert demonstrates at VB2016
Posted by Virus Bulletin on Sep 14, 2016

[Original Post: HERE]
An interview with VB2016 presenter Oleg Petrovsky of HPE Security research.

108×153-Oleg-Petrovsky.jpgMeeting Oleg Petrovsky, a senior anti-malware researcher at HPE Security research, is an experience. This tall, softly spoken fellow, now based in New York State, has a bright and unforgiving curiosity.

Oleg’s keenness of mind shines throughout his VB2016 paper. This is a researcher on a mission: raise awareness of the inherent vulnerabilities in the GPS system and provide recommendations and advice to help others uncover and prevent attacks.

Oleg will describe and categorize GPS attack methods that can be achieved with a limited budget and with a high rate of repeatability, including delayed retransmissions, record and playback, and direct signal synthesis.

During the presentation a number of countermeasures against GPS spoofing will be discussed, proposed and demonstrated.

With VB2016 in Denver less than a month away, VB chatted with Oleg to get a better understanding of why this research is so important to society.

Virus Bulletin: What attracted you to this subject, Oleg?

Oleg Petrovsky: GPS technology is not new. The latest version of GPS infrastructure has been widely used by the military since the 1990s. Over the past 15 years, with the advent of cheaper and more sensitive GPS receivers, GPS technology has secured its place in many civilian applications.

One notable aspect has to do with the core functionality. Twenty-year-old technology is still in use. The problem is that the civilian portion of it was not designed to deal with the current GPS threat landscape.

It is important to realize how vulnerable GPS is to malicious attacks. The possibility of attacks on GPS systems has been theorized since the early 2000s, but it has largely been left to state-sponsored actors or academic researchers to unveil its vulnerabilities due to the costs involved.

This was fine until affordable Software Defined Radio (SDR) technologies became generally available. That’s when the possibility of GPS attacks turned into a very real threat.

VB: Can you just give us a quick recap on GPS technology and how it is used?

OP: Most people don’t stop to think how dependent they have become on GPS technology.

GPS technology is already incorporated into many ubiquitous services that are taken for granted, with increasingly more applications leveraging it.

Power grid nodes are one example. They partially rely on GPS atomic clocks for the power grid networks synchronization. The same applies to the cell phone towers and real-time financial markets transaction services.

Another interesting example is the Automatic Identification System (AIS) used for tracking ships at sea. As part of its service, it relies on GPS to determine the location of a vessel.

More recent examples of GPS use include unmanned aerial and ground systems, self-driving cars, car tracking units used for mileage monitoring and insurance purposes, augmented reality games, and more.

VB: And why would you say that GPS technology is vulnerable?

OP: GPS technology in its current form dates back to the early 90s, and many things that were considered to be secure back then are no longer fit for purpose.

In addition, the GPS core was predominantly conceived for military applications. The military portion of the GPS signal is still way more secure than its civilian counterpart. It seems that the GPS for civilian use hasn’t been as important to secure.

Despite a number of academic articles and proof-of-concept demonstrations, we’re still largely unaware of GPS-attack vectors. I thought it would be a good idea to raise awareness of the subject and show how easily an attack can be carried out using limited and readily available resources.

I also would like to start a discussion in the community on possible mitigations of such threats.

To encourage research investment, I plan to show a few demonstrations recorded earlier in a controlled environment, such as hijacking a consumer drone by spoofing the GPS signal with a moderately priced equipment setup.

[Removed picture]

VB: That will be a great demo to see. But what type of person today would use GPS technology for nefarious purposes?

OP: There are many scenarios in which altering GPS signal can lead to disastrous consequences, such as taking a ship or a drone off-course, or disrupting a power or a cell service grid.

Adversaries can fake a geographical location for a number of personal gains, such as altering mileage, location and speed tracking devices for insurance purposes; gaining an edge in augmented reality games; and falsifying evidence pertinent to law enforcement organizations.

Adversaries could range from state-sponsored terrorist cells to avid Pokémon Go players.

VB: Have you presented at VB before?

OP: Last year I presented on the security of unmanned aerial systems. Interestingly enough, I theorized that an attacker could take control of a drone by spoofing the GPS signal in its flight path. This led me to this year’s presentation.

VB: A question from left field now: which five people across history would you invite to the ultimate dinner party?

OP: That is a tough one! I don’t think I would be able to manage a party with these Titans, but I certainly would have loved to learn from them, and even have them as my mentors. In no particular order, and amongst many deserving others: the Dalai Lama, Richard Feynman, Jeri Ellsworth, Richard Branson and Roger Waters.

VB: I love the idea of the Dalai Lama and Richard Branson conversing – imagine the topics that would come up! One last question: what do you do to relax when not out saving the world?

OP: I play a bit of guitar, learn to dance the Argentine tango, and do some rock climbing when I have time.

[]

Contact us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Questions, issues or concerns? I'd love to help you!

Click ENTER to chat