“Can you FEEL my heat?” OK…NOW I’m Scared!

No matter how secure you think a computer is, there’s always a vulnerability somewhere that an attacker can utilize if they’re determined enough. To reduce the chance of sensitive material being stolen, many government and industrial computer systems are not connected to outside networks. This practice is called air-gapping, but even that might not be enough. The Stuxnet worm from several years ago spread to isolated networks via USB flash drives, and now researchers at Ben Gurion University in Israel have shown that it’s possible to rig up two-way communication with an air-gapped computer via heat exchange.

Researchers call this technique of harvesting sensitive data “BitWhisper.” It was developed and tested in a standard office environment with two systems sitting side-by-side on a desk. One computer was connected to the Internet, while the other had no connectivity. This setup is common in office environments where employees are required to carry out sensitive tasks on the air-gapped computer while using the connected one for online activities.

BitWhisper does require some planning to properly execute. Both the connected and air-gapped machines need to be infected with specially designed malware. For the Internet box, that’s not really a problem, but even the air-gapped system can be infected via USB drives, supply chain attacks, and so on. Once both systems are infected, the secure machine without Internet access can be instructed to generate heating patterns by ramping up the CPU or GPU. The internet-connected computer sitting nearby can monitor temperature fluctuations using its internal sensors and interpret them as a data stream. Commands can also be sent from the Internet side to the air-gapped system via heat.

The malware is able to use the heat patterns as a covert data channel between the machines, thus defeating the air-gap. The data rate between the connected and air-gapped computers isn’t particularly fast — it’s somewhere around eight bits per hour. Still, that’s enough to snatch passwords and text files over time. Because all the data theft takes place over invisible heat signals, there are almost no signs of intrusion in the secure network

Once the malware has found a home in the air-gapped network, it can be instructed to spread to other computers in search of more heat-driven communication channels. The researchers say a secure network is vulnerable to BitWhisper anywhere an internet-connected PC is 15-inches or less away from an air-gapped system. BitWhisper can seek out new connections by sending out periodic “thermal pings” to link up nearby computers.

The researchers demonstrated BitWhisper using a computer with a USB missile-launcher toy attached. In the video above, they were able to send heat commands from the connected system over the air-gap to the isolated system and control the missile launcher. There are a lot of things that can go wrong with this system — something as small as a desk fan could break the connection. Still, it’s an ingenious proof-of-concept.

Hmmm...I told you so!

Everyone repeat after me .."If you post...you cant take it back"

Sorry: Snapchat Doesn't Delete Your Photos, It Just Hides Them http://www.theatlanticwire.com/technology/2013/07/snapchat-android/66868/

BAD DOG! BAD DOG!

No, this isn't about Rufus getting on your computer. To keep our online browsing safe, we rely heavily security protocols — the "S" in HTTPS.

But a new exploit — POODLE — shows that commonly used security protocols aren't as secure as we thought; websites and browsers will both need an upgrade.

Pulling a new trick on a very old dog

By now, it might seem that an exploit is serious only if it has a catchy name attached to it. The latest threat is Padding Oracle On Downgraded Legacy Encryption — POODLE, for short. That's not a name that immediately brings images of teeth and growling mouths to mind.  When it comes to Poodles my greatest worry was being licked to death. But the recently revealed weakness in the Secure Sockets Layer (SSL) protocol that allows the POODLE exploit has the digital-security world worrying about a new round of nasty malware bites.

The downside is that there's no quick patch or easy fix; the flaw is hard-coded within SSL 3.0.

The POODLE exploit compromises the SSL protocol by forcing the server/browser connection to downgrade its TLS connection to SSL 3.0. That change allows leaks of cookie information, which could then lead to the disclosure of sensitive, personal information.

Protecting browsers from POODLE attacks

Most of us have two or more browsers installed on our systems. Unlike a Windows fix, there's no one patch that will protect our browsers from POODLE. Instead, we must make adjustments within each browser; with Firefox, we must also download and use a Mozilla add-on until a new version of Firefox arrives in a month or so.

Be aware: After making these adjustments, you might find that business websites don't work properly. So I recommend making the following adjustments to one browser and leaving another browser for those sites that are still waiting for the changes needed to protect themselves from POODLE. (Again, the fix for this exploit has to happen on both ends of Internet connections — the client and the server.)

The following changes force your browser to not use SSL 3.0. Here's what to adjust in the top three browsers.

Chrome: In Google's browser, edit the shortcut that launches the browser, adding a flag to the end of the Shortcut path. Start by selecting the icon normally used to launch Chrome. Right-click the icon and select Properties. Under the Shortcut tab, find the box labeled "Target" and insert --ssl-version-min=tls1 immediately after chrome.exe" (see Figure 1). It should look something like this (note the space between .exe" and --ssl-):

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --ssl-version-min=tls1

(Note: If your original Chrome path doesn't start and end with quotes, don't add one after chrome.exe.)

From now on, launch Chrome only with this edited shortcut. Launching the browser from any unedited launch icons won't provide protection from POODLE. Consider clicking on the General tab in the Chrome Properties dialog box and giving the edited shortcut a unique name — such as "Chrome - no SSLv3" or something similar. Then you'll always know you're using the right shortcut.

Firefox: As noted in the Oct. 14 Mozilla blog post, Firefox 34, due to be released on Nov. 25, will disable SSL 3.0 support. In the meantime, Mozilla recommends installing the add-on (download site), "SSL Version Control 0.2" (see Figure 2), which will let you control SSL support within the browser. (Some websites have recommended adjusting Firefox settings in the configuration file, but Mozilla recommends using the add-on instead.)

 

Internet Explorer: In IE, click the gear (settings) icon, open Internet options, and then select the Advanced tab. Scroll down the Settings list to the Security category, and then look for Use SSL 3.0. Uncheck the box (see Figure 3), click OK, and then relaunch IE.  Network admins can make this change to all PCs on the local network via Windows' Group policy.

Microsoft released an initial security advisory on this topic; expect to see additional guidance in the near future.

How to test your browser's TLS/SSL protection

Several websites test whether your currently open browser supports SSL 3.0.

• Poodletest.com displays a poodle dog if your browser still supports SSL 3.0, and a Springfield terrier if it doesn't.
• Qualys SSL Labs (site) provides a more detailed analysis of the SSL protocols your browser supports.

As noted above, some business sites such as online banking might still need SSL 3.0. Again, I recommend leaving SSL 3.0 support on one browser; it'll be faster and safer than repeatedly adjusting browser settings. If you're running a Web server or small-business server, you should disable SSL 3.0 support to better protect connected workstations and Internet-based phones.

POODLE is a clear indication that the TLS/SSL system we rely on needs work (just like our credit card systems). In fact, the entire system of security protocols and certificates could well be a house of cards.

Thanks to

“I run Linux…it’s so safe”….yeah….right.

So I opened my email today to find the following:

Hello,

You are receiving this message because you have an account registered with this address on ubuntuforums.org.

The Ubuntu forums software was compromised by an external attacker. As a result, the attacker has gained access to read your username, email address and an encrypted copy of your password from the forum database.

If you have used this password and email address to authenticate at any other website, you are urged to reset the password on those accounts immediately as the attacker may be able to use the compromised personal information to access these other accounts. It is important to have a distinct password for different accounts.

The ubuntuforums.org website is currently offline and we are working to restore this service. Please take the time to change your ubuntuforums.org account password when service is restored.

We apologize for any inconvenience to the Ubuntu community, thank you for your understanding.

The Canonical Sysadmins.

Ubuntu Forums is  an online forums provided by Ubuntu for users to post questions, and to learn more about Ubuntu Linux.  Their server that runs Ubuntu was running an app (this app created the website for the forums) which was hacked.

So to be clear: Linux wasn’t hacked, but an app that was running was, which was used as a way into the Linux O/S.  This just goes to show you that you MUST be aware of updates and security issues for not just the O/S, but also any app you install…even “Server-Dudes” have to follow this rule! ;-)

Ouch…

-SuperDale

"I see nothing" -sgt schultz

Cool little product....hide important info...saw it at Office Depot

H-Commerce…Hacking Documentary

I couldn’t find the original (I think they took it down) so I posted the full video for you.  EVERYONE SHOULD WATCH THIS….AND LEARN!

https://www.youtube.com/watch?v=yzU82Ul96pU

-SuperDale

Disable Inprivate Browsing

InPrivate mode in Internet Explorer 8 is the new feature that allows a web user to surf anonymously, leaving no traces of their activity behind. Designed for privacy conscious users, surfing in InPrivate leaves no record of sites visited in your Internet History and it erases any cookies, URLs visited, usernames and passwords, and temporary internet files that would normally accumulate during a browsing session.

However, there are some people who would probably like to shut of InPrivate mode for good. Parents, for example, may not want their children to have access to this feature. Also, in an enterprise setting, I.T. administrators may want to restrict their users from going “InPrivate,” especially in companies where all internet communication has to be recorded for legal purposes.

To disable the setting, it’s as simple as making a change to the registry key located at HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Privacy\EnableInPrivateMode.

When enabled (the default), the dword value is set to 00000001. To disable InPrivate mode, just change that last “1” to a “0” as in 00000000.

1. Logon to your machine with an account that has administrative rights.
2. Right-click on your desktop and select "New"..."Text Document".
3. Rename it to something like "IE8SafeMode.reg"  (Note: change the file extension from .txt to .reg)
4. Save the change and tell Windows you know you changed the file extension name.
5. Right-click on the file you just made and select "Edit". It should open in notepad.
6. Copy the following text (all three lines) and paste it into that Notepad file:

   Windows Registry Editor Version 5.00

   [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Privacy]
   "EnableInPrivateBrowsing"=dword:00000000

7. Save the file and then close it.
8. When you double-click the file it will ask you if you want to add those changes into the Registry. Select Yes.
9. Then reopen IE8 and you should now have InPrivate mode disabled.