Category Archives: Media and Technology

Vol. 11, No. 14 – Apr 11 – Apr 24, 2018 – Tech Today with Ken May

Stingrays in DC?

The federal government has formally acknowledged for the first time that it has located suspected and unauthorized cell-site simulators in various parts of Washington, DC.

The revelation, which was reported for the first time by the Associated Press, was described in a letter recently released from the Department of Homeland Security to the offices of Sen. Ron Wyden (D-Oregon).

“Overall, [DHS’ National Protection and Programs Directorate] believes the malicious use of IMSI catchers is a real and growing risk,” wrote Christopher Krebs, DHS’ acting undersecretary, in a March 26, 2018 letter to Wyden.

The letter and attached questionnaire say that DHS had not determined who is operating the simulators, how many it found, or where they were located.

DHS also said that its NPPD is “not aware of any current DHS technical capability to detect IMSI catchers.” The agency did not explain precisely how it was able to observe “anomalous activity” that “appears to be consistent” with cell-site simulators.

The devices, which are also known as ‘stingrays’ or IMSI catchers, are commonly used by domestic law enforcement nationwide to locate a particular phone. Sometimes, they can also be used to intercept text messages and phone calls. Stingrays act as a fake cell tower and effectively trick a cell phone into transmitting to it, which gives up the phone’s location.

Given that cell-site simulators have been used for years at home, it would be naive to think that malevolent actors, including criminals and foreign governments, would not attempt to set up stingrays in major American cities, particularly the capital.

DHS’ answers also say that the agency is “aware” of the use of stingrays in other US cities, although it did not name them.

“NPPD is aware of anomalous activity outside the [National Capital Region] that appears to be consistent with IMSI catchers,” Krebs also wrote. “NPPD has not validated or attributed this activity to specific entities or devices. However, NPPD has shared this information with Federal partners.”

In 2015, various federal law enforcement agencies, including the FBI, said that, in most circumstances, they will require a warrant when they use a stingray. Some states also impose similar requirements.

In 2014, the Federal Communications Commission began a task force into the “illicit” use of stingrays in America, but the investigation doesn’t appear to have produced any public reports or taken any meaningful actions.

There is currently no way for regular cellphone users to tell if their calls are being intercepted by one of these stingrays.

Vol. 11, No. 12 – Mar 14 – Mar 27, 2018 – Tech Today with Ken May

Top Tips to Securely Using Social Media

Overview

Social media sites, such as Snapchat, Facebook, Twitter, Instagram, and LinkedIn, are amazing resources, allowing you to meet, interact, and share with people around the world. However, with all this power comes risks–not just for you, but your family, friends, and employer. In this newsletter, we cover the key steps to making the most of social media securely and safely.

Posting

Be careful and think before posting. Anything you post will most likely become public at some point, impacting your reputation and future, including where you can go to school or the jobs you can get. If you don’t want your family or boss to see it, you probably shouldn’t post it. Also, be aware of what others are posting about you. You may have to ask others to remove what they share about you.

Privacy

Almost all social media sites have strong privacy options. Enable them when possible. For example, does the site really need to be able to track your location? In addition, privacy options can be confusing and change often. Make it a habit to check and confirm they are working as you expect them to.

Passphrase

Secure your social media account with a long, unique passphrase. A passphrase is a password made up of multiple words, making it easy for you to type and remember, but hard for cyber attackers to guess.

Lock Down Your Account

Even better, enable two-factor authentication on all of your accounts. This adds a one-time code with your password when you need to log in to your account. This is actually very simple and is one of the most powerful ways to secure your account.

Scams

Just like in email, bad guys will attempt to trick or fool you using social media messages. For example, they may try to trick you out of your password or credit card. Be careful what you click on: If a friend sends you what appears to be an odd message or one that does not sound like them, it could be a cyber-attacker pretending to be your friend.

Terms of Services

Know the site’s terms of service. Anything you post or upload might become the property of the site.

Work

If you want to post anything about work, check with your supervisor first to make sure it is okay to publicly share.

Follow these tips to enjoy a much safer online experience. To learn more on how to use social media sites safely, or report unauthorized activity, check your social media site’s security page.

Vol. 11, No. 10 – Feb 14 – Feb 27, 2018 – Tech Today with Ken May

Securing the home

Several years ago, creating a cybersecure home was simple. Today, technology has become far more complex and is integrated into every part of our lives, from mobile devices and gaming consoles to your home thermostat and your refrigerator. Here are simple steps for creating a cybersecure home.

Almost every home network starts with a Wi-Fi network, controlled by your Internet router or a separate, dedicated wireless access point. They both work the same way: by broadcasting wireless signals. Securing your wireless network is a key part of protecting your home. We recommend the following:

• Change the default administrator password to your Internet router or wireless access point. The admin account is what allows you to configure the settings for your wireless network.

• Ensure that only people you trust can connect to your wireless network. Do this by enabling strong security.

Currently, the best option is to use the security called WPA2. By enabling this, a password is required for people to connect to your home network, and once connected, their online activities are encrypted.

• Ensure the password used to connect to your wireless network is strong and that it is different from the admin password.

• Many wireless networks support what is called a Guest Network. This allows visitors to connect to the Internet, but protects your home network, as they cannot connect to any of the other devices on your home network. If you add a guest network, be sure to enable WPA2 and a unique password for the network.

The next step is knowing what devices are connected to your wireless home network. Almost anything can connect to your home network today! Once you have identified all the devices on your home network, ensure that each one of them is secure by having automatic updating enabled on them. By enabling automatic updates, your devices are always running the most current software, which makes them much harder for anyone to hack into.

The next step is to use a passphrase for all your accounts. This is a type of password that uses a series of words that is easy to remember, such as “Where is my coffee?” or “sunshine-doughnuts-happy-lost”. The longer your passphrase is, the stronger. Use a different passphrase for each device and account. This way, if one password is compromised, all your other accounts and devices are still safe. We recommend you use a password manager, which is a special security program that securely stores all your passwords for you in an encrypted, virtual safe.

Finally, enable two-step verification whenever available. It uses your password, but also adds a second step, such as a code sent to your smartphone or an app on your smartphone that generates the code for you. Two-step verification is probably the most important step you can take to protect yourself online, and it’s much easier than you think.

Sometimes, no matter how careful you are, you may be hacked. If that is the case, often the only way you can recover your personal information is to restore from backup. Make sure you are doing regular backups of any important information and verify that you can restore from them. Most mobile devices support automatic backups to the Cloud.

Vol. 11, No. 7 – Jan 3 – Jan 16, 2018 – Tech Today with Ken May

What is Cryptocurrency? Part 1: Blockchain

There’s so much talk about Bitcoin, Ethereum, Litecoin and other cryptocurrency in the news right now, it might seem overwhelming. Everyone is proclaiming it’s the future and we should all be invested in it, but what the heck even is a Bitcoin? To understand Bitcoin, and Cryptocurrency as a whole, first we need to discuss the underlying technology concept: blockchain.

From a cruising altitude, a blockchain might not look that different from things you’re familiar with, say Wikipedia.

With a blockchain, many people can write entries into a record of information, and a community of users can control how the record of information is amended and updated. Likewise, Wikipedia entries are not the product of a single publisher.

However, while both run on the internet, Wikipedia is built using a client-server network model. A user with permissions associated with its account can change Wikipedia entries stored on a centralized server.

Whenever a user accesses the Wikipedia page, they will get the latest ‘master copy’ of the Wikipedia entry. Control of the database remains with Wikipedia administrators.

Wikipedia’s digital backbone is like the highly protected and centralized databases that governments or banks or insurance companies keep today. Control of centralized databases rests with their owners, including the management of updates, access and protecting against cyber-threats.

The distributed database created by blockchain technology has a fundamentally different digital backbone. This is also the most distinct and important feature of blockchain technology.

Wikipedia’s ‘master copy’ is edited on a server and all users see the new version. In the case of a blockchain, every node in the network is coming to the same conclusion, each updating the record independently, with the most popular record becoming the de-facto official record in lieu of there being a master copy.

Transactions are broadcast, and every node is creating their own updated version of events.

It is this difference that makes blockchain technology so useful – It represents an innovation in information registration and distribution that eliminates the need for a trusted party to facilitate digital relationships.

Defining digital trust

Trust is a risk judgement between different parties, and in the digital world, determining trust often boils down to proving identity (authentication) and proving permissions (authorization).

Put more simply, we want to know, ‘Are you who you say you are?’ and ‘Should you be able to do what you are trying to do?’

Authentication is not enough. Authorization – having enough money, broadcasting the correct transaction type, etc. – needs a distributed, peer-to-peer network as a starting point. A distributed network reduces the risk of centralized corruption or failure.

This distributed network must also be committed to the transaction network’s recordkeeping and security. Authorizing transactions is a result of the entire network applying the rules upon which it was designed (the blockchain’s protocol).

Authentication and authorization supplied in this way allow for interactions in the digital world without relying on (expensive) trust.

In fact, the idea that cryptographic keys and shared ledgers can incentivize users to secure and formalize digital relationships has imaginations running wild. Everyone from governments to IT firms to banks is seeking to build this transaction layer.

Authentication and authorization, vital to digital transactions, are established as a result of the configuration of blockchain technology.

h/t https://www.coindesk.com/information/what-is-blockchain-technology/

Vol. 10, No. 3 – Nov 8 – Nov 21, 2017 – Tech Today with Ken May

What’s new in Windows 10 Fall Creators Update

After a little more than two years, Microsoft has finally settled into a rhythm with its new, fast-paced development for Windows 10.

What Microsoft’s marketers are calling the Fall Creators Update (officially version 1709) began arriving on desktop PCs on 10/18 via Windows Update and will soon be available for download at all the usual places.

This is the fourth feature update to Windows 10 in a little over two years. And that pace will continue, with new feature updates (essentially full upgrades) due on a predictable twice-yearly cadence going forward. As with previous feature updates, there are no last-minute surprises in this update. It’s been developed in the open, with dozens of preview releases to members of the Windows Insider Program.

Every Wi-Fi connection now has a prominent option to configure whether it’s part of a public or private network, as shown here. In previous versions, that option was difficult to locate.

Similarly, the venerable Task Manager has several small improvements, including options that allow you to track GPU activity on a per-application basis and more convenient grouping of related processes. This release also incorporates changes designed to improve the experience of running Windows on high-DPI displays; built-in utilities like Registry Editor and Snipping Tool are no longer blurry when moving between multiple displays running at different scaling factors.

The Power Throttling feature makes its debut in this release, offering a simple slider-based option that lets you tune Windows 10 for better battery life or better performance. The built-in Windows 10 apps also include major improvements in this release.

Windows Update has also evolved significantly in the two years since Windows 10’s initial release. When new updates are available, you’ll see an interactive toast notification that doesn’t interrupt whatever you’re doing now. In addition, the Windows Update display now offers detailed information about the status of individual updates, so you don’t have to wonder whether anything’s happening in the background.

The long list of improvements to the security architecture of Windows 10 starts with a momentous change. The horribly insecure SMBv1 protocol is being removed from clean installs of Windows 10. (The SMBv1 components will continue to be included on upgrades where they are already installed.)

The Windows Defender Security Center, which was introduced in an earlier feature update, has two major additions. The first is Exploit Protection, which offers many of the mitigations that were previously part of the separate Enhanced Mitigation Experience Toolkit (EMET).

The Fall Creators Update also debuts an anti-ransomware feature called Controlled Folder Access, which is also available through the Windows Defender Security Center, under Virus & Threat Protection Settings. When this feature is enabled, only approved apps can access Windows system files and data folders. (You can customize the list of data folders and whitelist specific apps, using the instructions in this online documentation: Protect important folders with Controlled folder access.)

If your business needs help updating to this version, call Swift Chip at 1-866-326-2008.

Finally, there’s Windows Defender Application Guard, a security feature that uses Hyper-V virtualization to create sandboxed browser sessions using Microsoft Edge. For now, this feature is available only in Windows 10 Enterprise edition.

There are many other useful new features and updates as well, so this looks like a must-do free upgrade!

Vol. 10, No.1 – Oct 11 – Oct 24, 2017 – Tech Today with Ken May

News about the massive Equifax data breach has been unrelenting since the credit bureau publicly disclosed its lapse at the beginning of September. It’s difficult to keep up with all the company’s blunders, not to mention the complicated fiscal policy and regulatory debates the incident has fueled. But weeks later, most consumers in the United States are still just trying to figure out what the whole thing means for them, and how to steel themselves against identity theft and fraud.

Equifax will be extending the enrollment period for its credit monitoring and freezing services through January. Credit monitoring sends you alerts so you can catch any suspicious activity early, while credit freezes actually lock down your credit files so institutions you don’t already do business with can’t access your data without specific permission from you and special PIN numbers. A freeze significantly reduces the chance that a fraudster will be able to do things like take out a line of credit in your name. Personal identity security advocates have long favored freezes, but acknowledge that the measure isn’t necessarily for everyone (say, someone who anticipates applying for student loans) since it is fairly rigid and restrictive.

It is worth utilizing one or both of these tools, but at the end of the free year 143 million social security numbers (not to mention other valuable data) will still have been compromised in the breach, necessitating ongoing defense. “We generally tell people that if an entity is offering a free service they should strongly consider taking advantage of it,” says Eva Velasquez, president of the nonprofit Identity Theft Resource Center. “Consumers have to demand security over convenience so that businesses will respond. Just don’t be the low hanging fruit. Anything is better than nothing long term.”

The free monitoring and freezes have a short time span, perhaps because they are services Equifax wants to resume capitalizing on as quickly as possible.

The third service Equifax is rolling out, a so-called “credit lock” tool, will debut in January, and will be a more flexible option through which consumers can lock and unlock access to their credit data whenever they want.

Experts agree that to protect themselves, consumers need to see past the gimmicks and noise to the long game of utilizing what Equifax and other companies that have experienced data breaches provide while planning to supplement as needed. If your data is compromised in multiple breaches over time you may be able to daisy chain years of free services together. And everyone can pull and review one complete credit report per year for free from AnnualCreditReport.com. Additionally, consumers need to be aware that credit monitoring, locks, and freezes alike don’t protect against things like tax fraud and medical fraud, in which identity thieves can file bogus tax returns on your behalf to claim your refund or jeopardize your insurance coverage by scamming your provider.

Vol. 10, No. 25 – Sept 13 – Sept 26, 2017 – Tech Today with Ken May

What Are Password Managers?

One of the most important steps you can take to protect yourself online is to use a unique, strong password for every one of your accounts and apps. Unfortunately, it is most likely impossible for you to remember all your different passwords for all your different accounts. Reusing the same password for different accounts is dangerous, because once someone compromises your password, they can access all your accounts. A simple solution is to use a password manager. These are programs that securely store all your passwords, making it easy to have a different password for each account. Password managers make this simple, because instead of having to remember all your passwords, you only must remember the master password.

Password managers work by storing all your passwords in a database, which is sometimes called a vault. The password manager encrypts the vault’s contents and protects it with a master password that only you know. When you need to retrieve your passwords, such as to log in to your online bank or email, you simply type your master password into your password manager to unlock the vault. In many cases, the password manager will automatically retrieve your password and securely log in for you. This makes it simple to have hundreds of unique, strong passwords, since you do not have to remember them.

Most password managers include the ability to automatically synchronize your password vault’s contents across multiple devices that you authorize. This way, when you update a password on your laptop, those changes are synchronized to all your other devices.

When you first set up a password manager, you need to manually enter your logins and passwords. Afterwards, the password manager can detect when you’re attempting to register for a new online account or update the password for an existing account. This is possible because most password managers work hand-in-hand with your web browser. This integration also allows them to automatically log you into websites.

It’s critical that the master password you use to protect the password manager’s contents is very difficult for others to guess. In fact, we recommend you make your master password a passphrase, one of the strongest types of passwords possible. If your password manager supports two-step verification, use that for your master password.

Meanwhile, when trying to find the password manager that’s best for you, keep the following in mind:

• Your password manager should be simple for you to use. If you find the solution too complex to understand, find a different one that better fits your style and expertise.

• The password manager should work on all devices you need to use passwords on. It should also be easy to keep your passwords synchronized across all your devices.

• Use only well-known and trusted password managers. Be wary of products that have not been around for a long time or have little or no community feedback. Cyber criminals can create fake password managers to steal your information.

• Make sure whatever solution you choose, the vendor continues to actively update and patch the password manager, and be sure you are always using the latest version.

• The password manager should include the ability to automatically generate strong passwords for you and show you the strength of the passwords you’ve chosen.

• The password manager should give you the option of storing other sensitive data, such as the answers to your secret security questions, credit cards, or frequent flier numbers.

Vol. 10, No. 23 – Aug 16 – Aug 29, 2017 – Tech Today

Tech Today with Ken May

Backup and recovery

If you use a computer or mobile device long enough, sooner or later something will go wrong, resulting in you losing your personal files, documents, or photos. For example, you may accidently delete the wrong files, have a hardware failure, lose a device, or become infected with malware, such as ransomware. At times like these, backups are often the only way to rebuild your digital life.

Backups are copies of your information stored somewhere other than on your computer or mobile device. The first step is deciding what you want to back up. There are two approaches: (1) backing up specific data that is important to you; or (2) backing up everything, including your entire operating system. If you are not sure what to back up or want to be extra careful, back up everything.

Second, you must decide how frequently to back up. Common options include hourly, daily, weekly, etc. Other solutions offer “continuous protection,” in which new or altered files back up immediately each time you save a document.

There are two ways to back up your data: physical media or Cloud-based storage. If you are not sure which approach to use, you can use both at the same time. Physical media is devices you control, such as external USB drives or network devices. The advantage of using your own physical media is it is very quick. The disadvantage is if you become infected with malware, it can spread to your backups. Also, if you have a disaster, such as fire or theft, it can result in you losing not only your computer, but the backups as well.

Cloud-based solutions are online services that store your files on the Internet. An advantage of Cloud solutions is their simplicity–backups are often automatic and you can usually access your files from anywhere. Cloud backups can help you recover from malware infections, such as ransomware, as many Cloud solutions allow you to recover from pre-infected versions. The disadvantages are it can take a long time to back up or recover very large amounts of data.

Finally, don’t forget your mobile devices. Your mobile app configurations, recent photos, and system preferences may not be stored in the Cloud. By backing up your mobile device, not only do you preserve this information, but it is easier to transfer your data when you upgrade. An iPhone/iPad can back up automatically to Apple’s iCloud. Android, or other mobile devices depend on the manufacturer or servicer provider. In some cases, you may have to purchase an app for backups.

Backing up your data is only half the battle; you must be sure that you can recover it. Check periodically that your backups are working by retrieving a file and making sure it is the same as the original. Also, be sure to make a full system backup before a major upgrade (such as moving to a new computer or mobile device) or a major repair (like replacing a hard drive) and verify that it is restorable.

Vol. 10, No. 19 – June 21 – July 4, 2017 – Tech Today

We all WannaCry
by Ken May

On Friday, May 12, a new ransomware, called WannaCry, began circulating throughout the United Kingdom and Spain, rapidly infecting over 400,000 exposed workstations and servers at healthcare, financial, and other business sectors. This ransomware stood out for several reasons, including being the largest ransomware attack in history, and the first widely spread ransomware worm.

I had an exciting time analyzing this as it happened. I was in San Diego for the SANS Security West 2017 Cybersecurity conference as a facilitator. We all piled into a room late one night for an emergency session, while we shared data and studied what was happening in real time. Because of some of the connections I made there, I later was able to provide some assistance to the FBI Special Agent in charge of the WannaCry investigation.

The ransomware infection is Version 2.0 of WanaCypt0r (also known as WCry, WannaCry, and WannaCryptor). Unlike previous instances, this version takes advantage of the SMB vulnerability outlined in Microsoft Security Bulletin (MS17-010). This vulnerability was first exploited by the ETERNALBLUE malware, revealed by the ShadowBrokers leak in March, and targeted the Microsoft MS17-010 SMB vulnerabilities. SMB (Server Message Block) is a protocol primarily communicating on port 445 and is designed to provide access to shared resources on a network. Last fall, Microsoft propounded system administrators to disable SMB Version 1 on systems.

According to an FBI FLASH Alert, the WannaCry ransomware infects initial endpoints via a phishing campaign or compromised RDP (remote desktop protocol). Once the ransomware gets into a network, it spreads quickly through any computers that don’t have the patch applied. The worm-like capabilities are the new feature added to this ransomware.

New instances of this ransomware worm dramatically decreased following the activation of a “kill-switch” in the ransomware. A security researcher going by the Twitter handle @MalwareTechBlog noted an unregistered domain (www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com) in a sample of the malware. WannaCry checked to ensure non-registration of the domain at some point prior to infection. According to the researcher, this was likely intended as a way to prevent analysis of the malware in a sandbox. If the domain is registered, WannaCry exits the system, preventing further infection. While this doesn’t benefit victims already infected, it does curb further infection. Of course, shortly after that, a new variant began making the rounds.

At least three separate Bitcoin wallets, controlled by unknown criminals were identified as part of the ransomware campaign. As of May 25th, a total of 302 payments totaling over $126,000 had been transferred. All in all, a shockingly small amount.

Some interesting notes:

  1. This was patched by Microsoft back in March, so anybody who got infected is over 2 months behind on installing security updates.
  2. 98% of the victims were running Windows 7.
  3. It’s estimated that there are currently over 1 million computers connected to the internet, according to scans, that are still vulnerable, and still haven’t been updated.

Install those updates, folks!

h/t: https://blog.barkly.com/wannacry-ransomware-statistics-2017

What Is WannaCry? Analyzing the Global Ransomware Attack

Robots descend on Ventura

The future of the world is in the hands of these kids.

Article and photos by Richard Lieberman

Teams faced off at FIRST (For Inspiration and Recognition of Science and Technology) Robotics regional competition at Ventura College. Teams from Ventura County, Chile and Hawaii compete in the FIRST Robotics competition.

The local team is Team 3925 from Ventura County. The team is comprised of seven different local high schools competing against 42 high school teams, including teams from Newbury Park High,  Construction and Engineering charter high school in Camarillo and the Ventura County Career Education Center, where students from six county high schools make up the team.

This event called FIRST Steamworks incorporating a Steampunk theme. The student designed robots are required to pick up an item then throw it, climb and then hang on a tower and to carry an item and place it on a platform.  The teams were given a starter kit to help design and build their robot. Students were allowed six weeks to build, program and test their robots.

More than 5,000 teams, totaling 78,000 students world-wide are taking part in the FIRST Robotics competition this year. Aiding the students were teachers, and mentors from the programming, engineering, manufacturing field to help students design their robots and form their business plans. All team participants have the option to apply for twenty-two million dollars in scholarships from more than 200 colleges and universities.

Event chair Velma Lomax said “This is what I love so much, it’s not just about robotics and competing, it’s about everything these kids learn” There are regional competitions that will move on next month to western competitions in Houston, then on to eastern competitions in St. Louis and a final world championship in New Hampshire in July.

Lomax added “These kids are in business fields, they design their own brochures, they do all of their own promoting, their own fundraising. They don’t get money from anyone. These kids are amazing and every child can fit in. Additionally, Lomax said “They call it a varsity squad for the mind, another important thing they learn is time management.”

Three teams who won the regional with their robots are Team 114 from Los Altos high school, Team 3925 from Career Education at Ventura High School, includes members from Ventura High School, Buena High School, and Foothill Technology. Ventura’s team 3925 won a spot to advance to the upcoming competitions.

“It’s a lot of components this year, event chair Velma Lomax said.” She added  “It’s an interesting competition.”