CVE-2014-0160

Am I affected by the heartBleed bug

CVE-2014-0160

CVE-2014-0160

YES. If you use SSL/TLS – which is in https, secure Instant messaging, secure email on other “secure” services online, then there is a better than 60% chance you are affected or have an account that was vulnerable.

 

What can you do about it?

Get informed. Here is a little information on what it is, what it affects and how to protect yourself and/or organization.

 

Why should you be concerned?
This weakness allows attackers to steal information you thought was protected.  So things like bank, hospitals, and other critical resource may have been susceptible to the vulnerability for years.
As mentioned above, SSL/TLS provides security for banking, online shopping, instant messaging, email and other services.  The heartbleed vulnerability allows anyone on the Internet to read the memory of the systems protected by vulnerable versions of OpenSSL.  If someone can read the memory of the system, they can access the secret key used to identify the service providers, and to encrypt the traffic, the names and passwords of users.
More on HeartBleed:
Heartbleed is a major vulnerability in OpenSSL.  This vulnerability has been known since 2012 or 2011 by NSA and others.  The NSA used it as a method of infiltrating systems for spying (rather than notifying the good citizens of Earth).  The NSA is not winning friends lately.
What versions of OpenSSL are affected?
Users and service providers using OpenSSL 1.0.1 through 1.0.1f .
Who is Safe?
According to codenomicon‘s site http://heartbleed.com/
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
more on heartbleed:
In the news: http://abclocal.go.com/kgo/video?id=9498581

CVE-2014-0160

computer starts up slow

I noticed that my computer was starting up slow.. SUPER slow!  I ignored it for a long time… months.  But I noticed each time I added new software, the system started up slower and slower.

Why your computer starts up slow?  These days when you install new software, its default setting is “autorun” which means, it is set up to start when your computer starts.  So if you notice 30 different applications are popping up when you boot up your system, that is why the system is slow.  Its starting each app.

If you computer starts up slow, here is how you can get it much faster.

computer starts up slow msconfig.exe

slow computer start use msconfig.exe

computer starts up slow – MSCONFIG

The first place to check out for slow reboots, is msconfig.

Go to Start | Run | type “msconfig” | Enter

“MSConfig (officially called System Configuration in Windows Vista, Windows 7 and Windows 8 or Microsoft System Configuration Utility in previous operating systems) is a system utility to troubleshoot the Microsoft Windows startup process.”

Once you click Enter you will see the msconfig message box.  Once you are in msconfig, select the “Startup” tab and you will see all the software that is set to startup when the system starts up.

computer startup slow msconfig

computer startup slow msconfig

MSconfig show the root of the problem.  I had scores of proprietary applications starting up by default, not to mentions a dozen other applications that I had installed and left default.  This is why my system was taking anywhere from 3-5 minutes to be of any use.  I would often avoid turning off the system just so I did not have to wait each time for it to boot.. NOW THAT IS LAZY!!

Once in MSconfig, disable the applications you don’t want starting when the computer starts.  Once you are complete, click OK.

And you are done.

Here is another place you can check for application startups:

computer starts up slow Startup

computer starts up slow Startup

BONUS ROUND!! – Search Conduit – backgroundcontainer RunDLL

I had a pesky “RunDLL” file that kept trying to run when my computer was starting.  I did not see it in the Startup folder or in MSConfig.  But I noticed that it was from some adware called SearchConduit (my arch nemesis).  I had removed it months ago, but it is so aggressive, spammy and similar to malware that it leave hooks in the registry keys.

Here is how I removed it.

computer starts up slow RegEdit FIND RunDLL

computer starts up slow RegEdit FIND RunDLL

You will have to go to regedit - Start | Run | regedit

*I don’t recommend regedit unless you are comfortable with doing complex configurations on your PC.. if you don’t know what your doing, you can destroy you OS in regedit*

Once in regedit, click CTRL+F (find) and search for the key.  delete the key.  You will need to delete if from the left side of the regedit panel or you will get the error you see displayed.

If you did all of this, you cleared all irrelevant default starts from legit applications and removed any DLLs that are not supposed to be there and you computer is still slow, you may have a completely different issue:

  • defrag your hard drive
  • Maybe you have malware (i use webroot & spybot search and destroy)
  • You have very agressive (hidden) adware (spybot search and destroy.. it works)
  • Your computer is too old (try newegg, they have good prices)
  • Your computer needs more memory (RAM check Task Manager – check memory usage)
  • Your hard drive is jacked up (may hear a crunching or metal on metal sound)

 

RMF for DoD IT no DIARMF

RMF for DoD IT no DIARMF

Ms Teri Takai, DoD CIO, just signed the new Risk Management Framework document into existence.  DoDI 8510.01, Risk Management Framework for DoD IT  is what will be replacing the DIACAP.  This document will support the DoDD 8500, Cybersecurity.

RMF for DoD IT no DIARMF

RMF for DoD IT no DIARMF

When I was teaching Risk Management Framework in 2011, the DoD kept telling us that it would be released in 2012.  They were about 2 years let.  I am not surprised since they did the same thing with between DITSCAP and DIACAP.  It took them about 3 year to officially move to DIACAP.  Then it takes much longer for all the units to move to the new standard.

The government  is very slow.

 

vital to cell phone privacy

cell phone privacy

Our mobile devices are becoming and extensions of ourselves.  According to research by research by Morgan Stanley, mobile transactions is set to explode in the few years (2014 UP).  This is due to the rise of mobile technology which will overtake the desktop in 2014.  Even as I write this.. I know that these words are already becoming obsolete.   But the time you read this it will have already happened.

It is more important than ever to protect our data and privacy on our mobile devices.  Here are a few tips on how you can.

cell phone privacy

cell phone privacy

1. Remove the Subscriber Identity Module/ SIM card –  The SIM card does not store photos, address information (not yet anyway).  But it does contain information needed to access your cell network data.  As well as text messages, phone contacts with related information like names and numbers and addresses you attached to your contacts, history of calls (dates and times).  It can also contain important data regarding your location.  All of this vital information makes it great for police investigations and forensics, but can also be used to get information that you believe should be private.  

vital to cell phone privacy

a pic of cell phone sim slot

With your subscriber identity module (SIM), anyone can can get your information even without your phone.  They can plug it into the applicable phone and access your data as if they are you.  If you truly want to make sure no one gets transactions that you have made on your mobile device, you should take out the SIM card.  If your data is truly valuable (more valuable than your phone), then take out the SIM and put it in your wallet.  Lastly, the SIM itself has a PIN code you can put in.

for privacy use passcode

use cell phone privacy lock screen-pin

2.  Phone security code – Whether its Android Screen Lock or iPhone Passcode, this should be a “no brainer” but is so easy to NOT do because you don’t want to go through the hassle of tapping the PIN code while driving (which you should NEVER do).  But just imagine leaving your cell phone somewhere then suddenly realizing that not ONLY have you lost your phone, but that phone has direct access into your email account and the phone has NO security code.  Create a phone security code to prevent anyone from spying your phone.  

cell phone privacy history martin cooper

cell phone privacy history martin cooper

3. Delete history – Do you really NEED your history?  Someone else might, so its best to clean it up often.  Delete call logs, SMS logs, SKYPE logs, oovoo, viber, imessage, snapchat, every like of log you can think of.  Delete old pictures, emails everything.  If you don’t need it, delete it.  In fact, if you can, turn off the history so it does not store anything.  

cell phone privacy and pattern-lock

cell phone privacy and pattern-lock

4. No automatic email log in – I know its convenient, but if you don’t have constant control over your phone, its best NOT to allow it to automatically access your accounts.  If you MUST have automatic access, make sure you have Auto Lock on your screen and a passcode.  

5.  Auto-Lock/Screen Lock –  Pin codes, passcodes and screen locks are not as effective if you don’t have your phone automatically lock after a certain number of minutes.  I suggest 5 minutes.  But its up to you.

lloyds message service

lloyds message service – debit posted.zip (malware)

If you got lloyds message service – debit posted in an email then its a virus.  This .zip is malware verified by VirusTotal.com

lloyds message service

courtesy of tranquilnet

Subject: You have received a new debit

This is an automatically generated email by the Lloyds TSB PLC

LloydsLink online payments Service to inform you that you have

receive a NEW Payment.

The details of the payment are attached.

This e-mail (including any attachments) is private and confidential

and may contain privileged material. If you have received this

 

Scan From VirusTotal:

Antivirus

Result

Update

Ad-Aware

20131211

Agnitum

20131217

AhnLab-V3

Trojan/Win32.Dapato

20131218

AntiVir

20131218

Antiy-AVL

20131218

Avast

Win32:Malware-gen

20131218

AVG

20131218

Baidu-International

20131213

BitDefender

20131211

Bkav

20131218

ByteHero

20130613

CAT-QuickHeal

20131218

ClamAV

20131218

CMC

20131217

Commtouch

W32/Trojan.CIRP-9141

20131218

Comodo

20131218

DrWeb

20131218

Emsisoft

20131218

ESET-NOD32

Win32/TrojanDownloader.Waski.A

20131218

F-Prot

W32/Trojan3.GVD

20131218

F-Secure

Trojan.Agent.BBBY

20131218

Fortinet

20131218

GData

Trojan.Agent.BBBY

20131218

Ikarus

Trojan-Spy.Agent

20131218

Jiangmin

20131218

K7AntiVirus

20131218

K7GW

20131218

Kaspersky

Trojan.Win32.Bublik.boha

20131218

Kingsoft

20130829

Malwarebytes

Trojan.Agent.RV

20131218

McAfee

20131218

McAfee-GW-Edition

20131218

Microsoft

20131218

MicroWorld-eScan

20131218

NANO-Antivirus

20131218

Norman

20131218

nProtect

20131218

Panda

20131218

Rising

PE:Malware.FakePDF@CV!1.9E18

20131218

Sophos

Troj/Zbot-HEQ

20131218

SUPERAntiSpyware

20131218

Symantec

20131218

TheHacker

20131217

TotalDefense

20131217

TrendMicro

20131218

TrendMicro-HouseCall

TROJ_GEN.F47V1218

20131218

VBA32

20131218

VIPRE

20131218

ViRobot

20131218

file encryption

file encryption

For file and folder encryption, there are many tools that will do the job.  File encryption can be saved to a thumb drive, hard drive or SD Card.  One free, open-source and useful method of encrypting data is TrueCrypt.

TrueCrypt is freeware that creates a virtual encrypted disk on a file, partition or entire disk drive.  It works on Windows, OS and Linux.

What TrueCrypt does is to create an encrypted area of storage (and encrypted volume) where you can drag unencrypted data for encryption.  This is known as one-the-fly encryption (OTFE aka real time encryption).

To install TrueCrypt go to http://www.truecrypt.org/downloads

 

Once you Double Click the TrueCrypt icon, you will see this:

 

Click the “Create Volume” button for creating the encrypted volume.  This volume will allow file encryption (or folder encryption).

You will see the “TrueCrypt Volume Creation Wizard”.  Since we want file encryption and/or folder encryption, we will select “Create an encrypted file container”.  Note that TrueCrypt also allows full partition and full system drive encryption.

We will choose “Standard TrueCrypt volume” and select next on the TrueCrypt Volume Creation Wizard.

note: The TrueCrypt Volume Creation Wizard allows you to hide the data or just encrypt with a password.  With a higher need for privacy, you may need to hide the fact that there is file encryption at all so no one even questions you about why its encrypted.  If its not hidden, others will see a file that cannot be opened with any application they know of.  And even if they do know that it must be decrypted to view the contents, they must have the password.

avoid-recruitment-fraud

6 Tips on Working Abroad and Avoiding Recruitment Fraud

6 Tips to Get Work Abroad and Avoid Recruitment Fraud

Recruitment fraud is a fairly common type of fraud that hits many overseas workers looking to stay in another country to have a decent income.  Many overseas filipino workers, for example, are affected by recruitment fraud.  They are offered what sounds like a good opportunity for work, but to start they the process they are asked to pay a fee.  After paying the fee they find out the job is not real.

avoid-recruitment-fraud

avoid-recruitment-fraud

 Here are some tips to avoid recruitment fraud:

 1. Do not give any amount or a placement fee as some of them are fake unregistered agencies. Agencies provide the tickets and accommodations abroad for countries such as Middle East, Singapore, UK and US.  While some companies and countries do require a placement fee you should double check the company and laws of that particular country.  If you must pay a fee, get a receipt.

 2. Re-check the license of the agency you are applying for if it exists in Philippine Overseas Employment Association, POEA or other national overseas agencies that keep track of the licenses.

3. Do not settle for a tourist visa for working purposes because it can get you in trouble abroad. There is some risk to working on a tourist visa.  Some countries may be strict on how certain visa are used.  Some filipinos are punished, deported and/or imprisonment.

4. Read papers carefully before signing the contracts. Whatever agreements are stated in the contracts regardings policies and salary matters can be use for future circumstances.

 5.  Check your passport.  Make sure your passport is legitimate.  It should have at least 6 months before it expires.  Resist the temptation of trying to “game the system” with fake visa or passport.  Anyone using a fake identity may be caught by authorities and face charges of imprisonment, deportation or be banned from other countries for a period of time.

6. Make sure all documentations submitted to the agency are processed to avoid delays, job cancellation and other problems upon leaving the country.

 

Working abroad can be very rewarding.  After all the paperwork and medical evaluations you might have to do, if you land a good job overseas it can be great.  Just double check documentations to make sure you don’t get caught up in recruitment fraud and don’t neglect the process and procedures that the country requires you to do.

 

for privacy use passcode

6 tips for mobile device security & privacy

If you have a mobile device, you realize how powerful it can be.  The more you rely on these devices the more you need to be aware of protecting your data on them.  Here are 6 quick tips to protect you mobile device:

1. Separate phone / SIM card – A separate phone / SIM card helps you keep your privacy on personal matters.  Use a separate phone or SIM for work, home or for your personal business.  Keeping it separate helps keep all transactions on a specific device.

 2.  Mobile device security code – creating a phone security code prevent anyone from spying your phone by just picking it up and tapping a button.

for privacy use passcode

use cell phone privacy lock screen-pin

 3 . Delete history – You mobile device saves and tracks all transactions by default.  So if someone got access to the it, they could see everyone you contacted back to the first day you activated the device.  Deleting phone calls and messages remedy that some what.

 4. Keypad lock – You must have your keypad automatically lock after  a short period of inactivity just in case you set your device down and forget to lock it manually.  The shorter the time you set (ex:5 seconds) the better.

 5. SIM card code – for confidential contacts, setting a code into your SIM card is a must.

 6. No automatic email log in – do not set your emails into automatic log-in so people cannot trace your personal info by merely picking up your phone.

Mobile devices with links in to social media, personal email accounts, contacts, and transactions can give someone immediate access into all aspects of your personal life.  Its important you implement some or all of these tips if you want to maintain some of your privacy.

diarmf risk management of information security

diacap to diarmf: manage information security risk

Risk Management Framework is implemented throughout an organization.

NIST 800-39, Manage Information Security Risk, describes how to implement risk within t three layers (or tiers) of of an organization:

Tier 1: Organization level
Tier 2: Mission/Business Process level
Tier 3: Information System level

diarmf risk management of information security

Tier 1: Organization Level risk management
Tier one addresses security from the organizations perspective. The activities include the implementation of the first component of risk management, risk framing. Risk framing provides context of all the risk activities within an organization, which affects the risk activities of tier 1 & 2. The output of risk framing is Risk Management Strategy. In tier 1 the organization establishes and implements governance structure that are in compliance with laws, regulations and policies. Tier 1 activities include establishment of the Risk Executive Function, establishment of the risk management strategy and determination of the risk tolerance.

Tier 2: Mission/Business Process Level risk management

Tier 2 risk management activities include: 1) defining the mission/business processes to support the organization. 2) Prioritize the mission/business process with respect to the long term goals of the organization. 3) Define the type of information needed to successfully execute the mission/business processes, criticality/sensitivity of the information and the information flows both internal and external of the information.

Having a risk-aware process is an important part of tier 2. To be risk-aware senior leaders/executives need to know: 1) types of threat sources and threat events that could have an adverse affect the ability of the organizations 2) the potential adverse impacts on the organizational operations and assets, individuals, the Nation if confidentiality, integrity, availability is compromised 3) the organization�s resilience to such an attack that can be achieved with a given mission/business process

Tier 3: Information System risk management

From the information system perspective, tier 3 addresses the following tasks:
1) Categorization of the information system
2) Allocating the organizational security control
3) Selection, implementation, assessment, authorization, and ongoing

Chapter 3 focuses on the step to have a comprehensive risk management program. The tasks discussed include:
Risk Framing
Risk Assessing
Risk Response
Risk Monitoring

 

For more information go to: http://elamb.org/training-certification800-39-manage-information-security-risks/

 

DIACAP to DIARMF: Assessment Authorization

DIACAP to DIARMF: Assessment Authorization

DIACAP to DIARMF: Assessment Authorization

With the move from certification and accreditation (C&A) to risk management framework, comes a few new terms.  “C&A” will be replaced with assessment and authorization.  Even though “information assurance (IA) controls” will be call “security controls”, the definition and work is still the same, but the hope is that its done continuously and more cost-effective.

 

Certification (NIST Assessment) - Comprehensive evaluation of an information system assessment of IA Controls/Security Controls to determine the extent to which the controls are implemented correctly and operating as intended. That means when evaluated, they produce the desired outcome.  An assessment is about gathering information to providing the factual basis for an authorizing official (Designated Accrediting Authority) to render a security accreditation decision

Accreditation (NIST Authorization) – Security accreditation is the official management decision to operate (DAA – Formal approval of the system). Authorization is given by a senior agency official (upper-management/higher head quarters/combat commander). The official should have the authority to oversee the budget and business operations of the information system explicitly accept the risk to operations, assets, individuals. They accept responsibility for the security of the system and are fully accountable for the security of the system.

The official management decision given by a senior organization“The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls.”

- NIST SP 800-37 rev 1

March 14, 2014, UPDATE RMF – DoD IT:

DIARMF will be known as Risk Management Framework for DoD IT.

 

1 2 3 159