Category Archives: Media and Technology

Vol. 10, No. 23 – Aug 16 – Aug 29, 2017 – Tech Today

Tech Today with Ken May

Backup and recovery

If you use a computer or mobile device long enough, sooner or later something will go wrong, resulting in you losing your personal files, documents, or photos. For example, you may accidently delete the wrong files, have a hardware failure, lose a device, or become infected with malware, such as ransomware. At times like these, backups are often the only way to rebuild your digital life.

Backups are copies of your information stored somewhere other than on your computer or mobile device. The first step is deciding what you want to back up. There are two approaches: (1) backing up specific data that is important to you; or (2) backing up everything, including your entire operating system. If you are not sure what to back up or want to be extra careful, back up everything.

Second, you must decide how frequently to back up. Common options include hourly, daily, weekly, etc. Other solutions offer “continuous protection,” in which new or altered files back up immediately each time you save a document.

There are two ways to back up your data: physical media or Cloud-based storage. If you are not sure which approach to use, you can use both at the same time. Physical media is devices you control, such as external USB drives or network devices. The advantage of using your own physical media is it is very quick. The disadvantage is if you become infected with malware, it can spread to your backups. Also, if you have a disaster, such as fire or theft, it can result in you losing not only your computer, but the backups as well.

Cloud-based solutions are online services that store your files on the Internet. An advantage of Cloud solutions is their simplicity–backups are often automatic and you can usually access your files from anywhere. Cloud backups can help you recover from malware infections, such as ransomware, as many Cloud solutions allow you to recover from pre-infected versions. The disadvantages are it can take a long time to back up or recover very large amounts of data.

Finally, don’t forget your mobile devices. Your mobile app configurations, recent photos, and system preferences may not be stored in the Cloud. By backing up your mobile device, not only do you preserve this information, but it is easier to transfer your data when you upgrade. An iPhone/iPad can back up automatically to Apple’s iCloud. Android, or other mobile devices depend on the manufacturer or servicer provider. In some cases, you may have to purchase an app for backups.

Backing up your data is only half the battle; you must be sure that you can recover it. Check periodically that your backups are working by retrieving a file and making sure it is the same as the original. Also, be sure to make a full system backup before a major upgrade (such as moving to a new computer or mobile device) or a major repair (like replacing a hard drive) and verify that it is restorable.

Vol. 10, No. 19 – June 21 – July 4, 2017 – Tech Today

We all WannaCry
by Ken May

On Friday, May 12, a new ransomware, called WannaCry, began circulating throughout the United Kingdom and Spain, rapidly infecting over 400,000 exposed workstations and servers at healthcare, financial, and other business sectors. This ransomware stood out for several reasons, including being the largest ransomware attack in history, and the first widely spread ransomware worm.

I had an exciting time analyzing this as it happened. I was in San Diego for the SANS Security West 2017 Cybersecurity conference as a facilitator. We all piled into a room late one night for an emergency session, while we shared data and studied what was happening in real time. Because of some of the connections I made there, I later was able to provide some assistance to the FBI Special Agent in charge of the WannaCry investigation.

The ransomware infection is Version 2.0 of WanaCypt0r (also known as WCry, WannaCry, and WannaCryptor). Unlike previous instances, this version takes advantage of the SMB vulnerability outlined in Microsoft Security Bulletin (MS17-010). This vulnerability was first exploited by the ETERNALBLUE malware, revealed by the ShadowBrokers leak in March, and targeted the Microsoft MS17-010 SMB vulnerabilities. SMB (Server Message Block) is a protocol primarily communicating on port 445 and is designed to provide access to shared resources on a network. Last fall, Microsoft propounded system administrators to disable SMB Version 1 on systems.

According to an FBI FLASH Alert, the WannaCry ransomware infects initial endpoints via a phishing campaign or compromised RDP (remote desktop protocol). Once the ransomware gets into a network, it spreads quickly through any computers that don’t have the patch applied. The worm-like capabilities are the new feature added to this ransomware.

New instances of this ransomware worm dramatically decreased following the activation of a “kill-switch” in the ransomware. A security researcher going by the Twitter handle @MalwareTechBlog noted an unregistered domain (www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com) in a sample of the malware. WannaCry checked to ensure non-registration of the domain at some point prior to infection. According to the researcher, this was likely intended as a way to prevent analysis of the malware in a sandbox. If the domain is registered, WannaCry exits the system, preventing further infection. While this doesn’t benefit victims already infected, it does curb further infection. Of course, shortly after that, a new variant began making the rounds.

At least three separate Bitcoin wallets, controlled by unknown criminals were identified as part of the ransomware campaign. As of May 25th, a total of 302 payments totaling over $126,000 had been transferred. All in all, a shockingly small amount.

Some interesting notes:

  1. This was patched by Microsoft back in March, so anybody who got infected is over 2 months behind on installing security updates.
  2. 98% of the victims were running Windows 7.
  3. It’s estimated that there are currently over 1 million computers connected to the internet, according to scans, that are still vulnerable, and still haven’t been updated.

Install those updates, folks!


What Is WannaCry? Analyzing the Global Ransomware Attack

Robots descend on Ventura

The future of the world is in the hands of these kids.

Article and photos by Richard Lieberman

Teams faced off at FIRST (For Inspiration and Recognition of Science and Technology) Robotics regional competition at Ventura College. Teams from Ventura County, Chile and Hawaii compete in the FIRST Robotics competition.

The local team is Team 3925 from Ventura County. The team is comprised of seven different local high schools competing against 42 high school teams, including teams from Newbury Park High,  Construction and Engineering charter high school in Camarillo and the Ventura County Career Education Center, where students from six county high schools make up the team.

This event called FIRST Steamworks incorporating a Steampunk theme. The student designed robots are required to pick up an item then throw it, climb and then hang on a tower and to carry an item and place it on a platform.  The teams were given a starter kit to help design and build their robot. Students were allowed six weeks to build, program and test their robots.

More than 5,000 teams, totaling 78,000 students world-wide are taking part in the FIRST Robotics competition this year. Aiding the students were teachers, and mentors from the programming, engineering, manufacturing field to help students design their robots and form their business plans. All team participants have the option to apply for twenty-two million dollars in scholarships from more than 200 colleges and universities.

Event chair Velma Lomax said “This is what I love so much, it’s not just about robotics and competing, it’s about everything these kids learn” There are regional competitions that will move on next month to western competitions in Houston, then on to eastern competitions in St. Louis and a final world championship in New Hampshire in July.

Lomax added “These kids are in business fields, they design their own brochures, they do all of their own promoting, their own fundraising. They don’t get money from anyone. These kids are amazing and every child can fit in. Additionally, Lomax said “They call it a varsity squad for the mind, another important thing they learn is time management.”

Three teams who won the regional with their robots are Team 114 from Los Altos high school, Team 3925 from Career Education at Ventura High School, includes members from Ventura High School, Buena High School, and Foothill Technology. Ventura’s team 3925 won a spot to advance to the upcoming competitions.

“It’s a lot of components this year, event chair Velma Lomax said.” She added  “It’s an interesting competition.”


Vol. 10, No. 14 – April 12 – April 25, 2017 – Tech Today

Tech Today with Ken May

How the ISP Law Change Affects Your Privacy

On Tuesday, March 28th, Congress sent proposed legislation to President Donald Trump that wipes away landmark online privacy protections, the first salvo in what is likely to become a significant reworking of the rules governing Internet access. The legislation would kill a set of Obama-era privacy regulations for internet service providers created by the Federal Communications Commission last October.

The most notable part of the rules, which has not yet taken effect, would require broadband providers such as Verizon, Comcast, and AT&T to obtain explicit consent before selling their customers’ web-browsing histories, app-usage data, and other personal information to advertisers and other third-parties. The vote is concerned with some recent changes to what the internet is in the eyes of the American government.

In February of 2015, The Federal Communications Commission (FCC) reclassified ISPs as “common carriers,” which means they traffic in utilities. This effectively put the internet in the same category as telephones, water, gas, and other necessary components for living in terms of how it’s regulated. This allowed the FCC to enforce net neutrality laws, which force all ISPs to provide access to all kinds of content on the internet equally. (In the past, ISPs would slow down users’ traffic when visiting certain websites or sharing files to discourage them from engaging in these acts.) Classifying the internet as a utility also meant ISPs had to follow the privacy guidelines previously written for telephones. This legislation would effectively roll back many of these changes, allowing ISPs to do whatever they want with their users’ browsing data.

So, this is a complicated issue. What’s the easiest way to get my privacy back?

Well, states could try to implement some form of the FCC rules for their own residents. ISPs might conceivably change their practices nationwide if enough states do so, or customers in some states could have fewer privacy protections than customers in other states.

“As on climate change, immigration and a host of other issues, some state legislatures may prove to be a counterweight to Washington by enacting new regulations to increase consumers’ privacy rights, a New York Times article said this week. The Times article mentioned laws in California, Connecticut, Nebraska, and West Virginia and proposals for new laws in Illinois, Hawaii, and Missouri, but none of these laws and proposals was specifically targeted at ISPs.

But let’s assume that doesn’t happen. Now what?

Last year, Opera, the little browser that everyone seems to forget about, rolled out a free VPN. It’s easily the simplest, cheapest, and most reasonably private way to access a VPN that will circumvent your ISP right now. It does come with a slew of caveats though. An Opera spokesperson said that the VPN is a no-log service, which is good, however, while Opera is a Norwegian company and therefore acts under Norwegian law, SurfEasy, the company that provides the VPN service, is a Canadian company, and Canada is known to hand over intelligence data. Regardless, using the VPN means you’re agreeing to SurfEasy’s Privacy Policy. Opera was also purchased by a Chinese consortium last year, so any data Opera does collect could be accessible by that company at some point. Also, keep in mind, only the web browsing you do in Opera will go through their VPN. It’s not perfect, but it’s a good step forward. Hopefully, we see something similar implemented in other browsers.

h/t Business Insider, Game Informer, Lifehacker, Ars Technica


The Lester Tong Visualization Center

3-D demonstration held at College Applied Science Center.

On March 23 a dedication of the Lester Tong Visualization Center at Ventura College Applied Science Center was held.  This 75-seat classroom utilizes a state-of-the-art 3-D dual rear projector system onto an 8′ tall glass “touch screen” where the viewing audience wear powered 3-D glasses.  A 3-D demonstration was held.

Lester Tong worked at the Ventura County Community College District Office and in the Information Technology department at Ventura College for over 30 years. He was dedicated to serving the campus and the community.  Retiring in 2016, Mr. Tong continues his devotion to service in Ventura County by volunteering at various non-profit organizations.

The son of Cantonese immigrants, Lester became a first-generation college student, receiving his B.S. in Business Administration from Pacific Union College in 1971. Lester attributes his success in life to the education he received. He is grateful for an education which created many opportunities for him, including his career at Ventura College.

His passion for education inspired him to leave a lasting impact at Ventura College by creating an endowment for the Ventura College Promise, a program that covers the enrollment costs for the first year at Ventura College.

The District Board of Trustees unanimously authorized the naming of the Ventura College Visualization Center: The Lester Tong Visualization Center.

Vol. 10, No. 12 – March 15 – March 28, 2017 – Tech Today

Tech Today with Ken May

How did Amazon take down the internet?

On Tuesday, February 28th, an Amazon cloud server, specifically an AWS cluster of servers in the US-EAST-1 region, stopped responding. Sites and web apps like Mashable, Trello, Giphy, Quora, Netflix, Spotify, Slack, Pinterest and Buzzfeed, as well as tens of thousands of smaller sites all were suddenly down or slowed to a crawl. To the average person, all we saw was that a ton of sites and apps in common usage were not working. How does this happen?

It was so bad that Amazon wasn’t able to update its own service health dashboard for the first two hours of the outage because the dashboard itself was hosted on AWS.

“This is a pretty big outage,” said Dave Bartoletti, a cloud analyst with Forrester. “AWS had not had a lot of outages and when they happen, they’re famous. People still talk about the one in September of 2015 that lasted five hours,” he said.

The reason this affected so many sites is because Amazon’s AWS platform hosts virtual servers used by all of these businesses. Amazon’s S3 cloud storage systems were also affected. SO, even a site not running on an AWS server might have issues if it’s data was on S3. For example, a business might store its videos, images or databases on an S3 server and access it via the Internet.

As it turns out, it was all due to human error. A simple typo. As Amazon explains it, some of its S3 servers were operating rather sluggish, so a tech tried fixing it by taking a few billing servers offline. A fix straight from the company’s playbook, it says. “Unfortunately, one of the inputs to the command was entered incorrectly and a larger set of servers was removed than intended.” Whoops.

As for why the problem took so long to correct, Amazon says that some of its server systems haven’t been restarted in “many years.” Given how much the S3 system has expanded, “the process of restarting these services and running the necessary safety checks to validate the integrity of the metadata took longer than expected.”

Cyence, an economic modeling platform, shared some data that show the ramifications:

-Losses of $150 million for S&P 500 companies

-Losses of $160 million for U.S. financial services companies using the infrastructure

Apica Inc., a website-monitoring company, said 54 of the internet’s top 100 retailers saw website performance slow by 20% or more.


Amazon apologized for the issue and said that it has put schemes in place to avoid the same problems caused by human error in the future. Let’s have this stand as a reminder to have adequate failover systems in place! Never put all your eggs in one basket.

Vol. 10, No. 10 – February 15 – February 28, 2017 – Tech Today

Cybersecurity While Traveling
by Ken May

While your network at home or at work may be secure, you should assume that any network you connect to when traveling cannot be trusted. You never know who else is on it and what they may be doing. Here are some simple steps that go a long way to protecting you and your data before you travel:

  • The safest information is information you don’t have. Identify what data you need and only bring that information. This can significantly reduce the impact if your devices are lost, stolen, or impounded by customs or border security.
  • Lock your mobile devices with a strong passcode. if it’s stolen or lost, people cannot access your information on it. Also, enable full disk encryption. For most mobile devices, this is automatically enabled when you use a screen lock.
  • Install or enable remote tracking software. Some kinds can even remotely wipe the device.
  • Update all your devices’ applications, and anti-virus software before leaving. Many attacks focus on systems with outdated software.
  • Do a complete backup of all your devices. This way, if something does happen to them while traveling, you still have all of your original data in a secured location.

Once you begin your travel, ensure the physical safety of your devices. For example, never leave your devices in your car where people can easily see them, as criminals may simply smash your car’s window and grab anything of value they can see. While crime is definitely a risk, according to a recent Verizon study, people are 100 times more likely to lose a device than have it stolen. This means always double-check that you still have your devices when you travel, such as when you clear security at the airport, leave a taxi or restaurant, check out of a hotel room, or before you disembark from your airplane. Remember to check that seat back pocket.

Accessing the Internet while traveling often means using public Wi-Fi access points, such as ones you find at a hotel, a local coffee shop, or the airport. There are two problems with public Wi-Fi: you are never sure who set them up and you never know who is connected to them. As such, they should be considered untrusted. In fact, this is why you took all the steps to secure your devices before you left.


In addition, Wi-Fi uses radio waves, which means anyone physically near you can potentially intercept and monitor those communications. For these reasons, you need to ensure all of your online activity is encrypted. For example, when connecting online using your browser, make sure that the websites you are visiting are encrypted. You can confirm this by looking for ‘HTTPS://’ and/or an image of a closed padlock in your address or URL bar. In addition, you may have what is called a VPN (Virtual Private Network), which can encrypt all of your online activity when enabled. This may be issued to you by work, or you can purchase VPN capabilities for your own personal use. If you are concerned that there is no Wi-Fi you can trust, consider tethering to your smartphone. Warning: this can be expensive when traveling internationally. Check with your service provider first.

Vol. 10, No. 6 – December 21, 2016 – January 3, 2017 – Tech Today

How to securely dispose of your mobile device
by Ken May

Mobile devices, such as smartphones, smartwatches, and tablets, continue to advance and innovate at an astonishing rate. As a result, some people replace their mobile devices as often as every year. Unfortunately, too many people dispose of their devices with little thought on just how much personal data is on them. If your mobile device was issued to you by your employer or has any organizational data stored on it, be sure to check with your supervisor about proper backup and disposal procedures before following the steps below.

Typical information can include:

  • Where you live, work, and places you frequently visit
  • The contact details for everyone in your address book and applications, including family, friends, and coworkers
  • Call history, including inbound, outbound, and missed calls
  • SMS (texting), voice, and multimedia messages
  • Chat sessions within applications like secure chat, games, and social media
  • Location history based on GPS coordinates or cell tower history
  • Web browsing history, search history, cookies, and cached pages
  • Personal photos, videos, audio recordings, and emails
  • Stored passwords and access to personal accounts, such as your online bank or email
  • Access to photos, files, or information stored in the Cloud
  • Any health-related information, including your age, heart rate, blood pressure, or diet

Regardless of how you dispose of your mobile device, such as donating it, exchanging it for a new one, giving it to another family member, reselling it, or even throwing it out, you need to be sure you first erase all of that sensitive information. You may not realize it, but simply deleting data is not enough; it can easily be recovered using free tools found on the Internet. Instead, you need to securely erase all the data on your device, which is called wiping. This actually overwrites the information, ensuring it cannot be recovered or rendering it unrecoverable. Remember, before you wipe all of your data, you most likely want to back it up first. This way, you can easily rebuild your new device.

The easiest way to securely wipe your device is use its “factory reset” function. This will return the device to the condition it was in when you first bought it. We have found that factory reset will provide the most secure and simplest method for removing data from your mobile device. The factory reset function varies among devices:

  • Apple iOS Devices: Settings | General | Reset | Erase All Content and Settings
  • Android Devices: Settings | Privacy | Factory Data Reset

In addition to the data stored on your device, you also need to consider what to do with your SIM card. When you perform a factory reset on your device, the SIM card retains information about your account and is tied to you, the user. If you are keeping your phone number and moving to a new device, talk to your phone service provider about transferring your SIM card. If this is not possible, for example, if your new phone uses a different size SIM card, keep your old SIM card and physically shred or destroy it to prevent someone else from re-using it. Also, be sure to remove any SD cards, if you have them.

If you are not sure about any of the steps covered in this article, take your mobile device to the store you bought it from and get help from a trained technician. Finally, if you are throwing your mobile device away, please consider donating it instead. There are many excellent charitable organizations that accept used mobile devices.

References: SANS Ouch 12/16 Newsletter,

Vol. 10, No. 4 – November 23 – December 6, 2016 – Tech Today

Why did the internet go down in October?
by Ken May

Last month, a malicious person or group took down numerous popular websites in a massive distributed denial-of-service (DDoS) attack against the domain name service provider Dyn. DDoS attacks are neither new nor very sophisticated. To do this, the attacker sends a massive amount of traffic, causing the victim’s system to slow to a crawl and eventually crash. There are some variants on this method, but basically, it’s a datapipe-size battle between attacker and victim. If the defender has a larger capacity to receive and process data, he or she will win. If the attacker can throw more data than the victim can process, he or she will win.

The attacker can build a giant data cannon, but that is prohibitively expensive. It is much smarter to recruit millions of innocent computers on the internet. This is the “distributed” part of the DDoS attack, and pretty much how it’s worked for decades. Cybercriminals infect innocent computers around the internet and recruit them into a botnet. They then target that botnet against a single victim.

You can imagine how it might work in the real world. If I can trick tens of thousands of others to order pizzas to be delivered to your house at the same time, I can clog up your street and prevent any legitimate traffic from getting through. If I can trick many millions, I might be able to crush your house from the weight. That’s a DDoS attack — it’s simple brute force.

The Dyn attacks were probably not originated by a government. The perpetrators were most likely hackers mad at Dyn for helping Security Researcher Brian Krebs identify — and the FBI arrest — two Israeli hackers who were running a DDoS-for-hire ring. Recently, there has been some evidence about probing DDoS attacks against internet infrastructure companies that appear to be perpetrated by nation-states. But, honestly, we don’t know for sure.

The botnets attacking Dyn and Brian Krebs consisted largely of unsecure Internet of Things (IoT) devices — webcams, digital video recorders, routers and so on. This isn’t new, either. We’ve already seen internet-enabled refrigerators and TVs used in DDoS botnets. But again, the scale is bigger now. In 2014, the news was hundreds of thousands of IoT devices — the Dyn attack used millions. Analysts expect the IoT to increase the number of things on the internet by a factor of 10 or more. Expect these attacks to similarly increase. That leaves the victims to pay. This is where we are in much of computer security. Because the hardware, software and networks we use are so unsecure, we have to pay an entire industry to provide after-the-fact security.

Reference: SecurityIntelligence, accessed 11/01/2016

Vol. 9, No. 24 – August 31 – September 13, 2016 – Tech Today

Four Leaders in the Ransomeware Game
by Kenneth May-Swift Chip

You’ve heard of CryptoLocker, right? Sure, it’s the media favorite, but there are a lot of other players these days that are worth more than an honorable mention. As an MSP, you know how important it is to stay current on the sheer breadth and depth of these types of threats—not to mention their individual characteristics—in order to keep clients protected. Let’s take a look at the lineup.

 1. CryptoWall 4.0

The CryptoWall family seems to turn out a winner with every generation. Like its predecessor, the 4.0 version of CryptoWall uses phishing emails to distribute. This should come as no surprise, since phishing remains the single most effective way to deliver a payload. But this latest iteration doesn’t play by the old rules; not only are the victim’s files encrypted, the names of the files are randomized so the victim no longer knows which file is which. By creating so much confusion about how much file damage there really is, the new CryptoWall increases the chances that victims will pay out.

CryptoWall 4.0 also includes a free decrypt demo, which convinces victims that the decryption routine they need to get their files back is easy, and that paying the ransom will actually get their files back.

  • Phishing email attachment is source of payload
  • Randomizes victim’s filenames to create confusion
  • Offers free decrypt demo to add credibility

2. PadCrypt

What sets this new ransomware apart from the pack is its willingness to interact with the public; PadCrypt includes a chat interface embedded into the product. The process of getting a Bitcoin wallet address, filling it with coins, and sending payment securely can be complicated, so this chat feature adds a more human support element, helping the perpetrators ensure that their victims remit ransom payments promptly. (Isn’t that nice?)

  • First ransomware with chat support
  • Communicates via Darknet to avoid being traced
  • “Helps” even less savvy victims pay up

3. TeslaCrypt

TeslaCrypt was something of an up-and-comer, specifically targeting gamers by encrypting the files they need for their games. This included saves, any mods, and profiles like DayZ. Because TeslaCrypt was being sold on the Darknet by non-authors, the original authors chose to release its master key to the public to permanently diffuse the threat. As diverse and competitive as the ransomware sphere seems to be, however, we might end up seeing this player again next season.

  • Accounted for ~11% of distributed ransomware
  • Attacked over 200 extensions on newer variants
  • Specifically targeted gamers (Valve, Bethesda, Unreal Engine files)
  • Got around 3rd party defense to deliver polymorphic payloads at root level

4. RaaS (Ransomware-as-a-Service)

RaaS isn’t really a player, per se, but it was created for criminals by criminals to open the playing field to hackers of all skill levels. With RaaS, almost anyone can design encrypting ransomware payloads and then distribute them from their existing botnets. Hackers pay for this service by handing off a cut of their spoils to the RaaS author.

  • Enables almost anyone to make ransomware
  • Portal for malware generation is exclusively in Darknet (typically invite-only)
  • Intended for less-skilled cybercriminals who rent botnets
  • The malware author who created the portal takes a commission


Although the number of players keeps growing, and their skills and strategies keep getting more advanced, there are steps that we can take to maximize defense and help clients win hands down. Educating yourself and your customers about the various offensive strategies and types of exploits favored by today’s ransomware is key—as well as setting up a winning defense with next-generation endpoint protection that utilizes collective threat intelligence to hit hard and proactively protect against constantly-evolving malware.