Despite what many Apple fans believe, Apple products are just as susceptible to malware as other devices. Ars Technica reported that Patrick Wardle, a former National Security Agency hacker and macOS security expert, has exposed a major macOS problem in ...

 

Malware Easily Bypasses macOS User Warnings and more...




Malware Easily Bypasses macOS User Warnings

Despite what many Apple fans believe, Apple products are just as susceptible to malware as other devices. Ars Technica reported that Patrick Wardle, a former National Security Agency hacker and macOS security expert, has exposed a major macOS problem in a presentation at Def Con in Las Vegas. Wardle said it was trivial for a local attacker or malware to bypass many security mechanisms by targeting them at the user interface level. macOS displays an alert or warning when malicious activity is suspected. The presentation showed how to generate a programmatic click to interact or even dismiss such alerts. This "synthetic click," as Wardle called it, works almost immediately and can be done in a way that is invisible to the user. "The ability to synthetically interact with a myriad of security prompts allows you to perform a lot of malicious actions," Wardle told Ars. "Many of Apple's privacy and security-in-depth protections can be trivially bypassed."

Supposedly, Apple has a fix in the upcoming version of macOS Mojave, thanks to Wardle's research. The discovery show how some security elements are still shaky even with systems that are fairly mature and have been around for a while.

E-mail: jsimek@senseient.com Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com

 

Google Knows Your Location Despite Location Services Setting

The big news yesterday was a report from AP concerning Google's record of your location history. The investigation found that many Google services on iOS and Android devices store location history even if you have turned off location services. The privacy setting gives the user the impression that turning off location services should stop Google from tracking the device. Google's support page states, "You can turn off Location History at any time. With Location History off, the places you go are no longer stored." Google Maps is particularly egregious at ignoring the location privacy setting.

It appears that an effective way to actually stop the tracking is to disable "Web & App Activity," which is enabled by default. You configure the setting from your Google account and not from the device itself. The steps are pretty easy.

  1. Go to Google "My Activity" page
  2. Click the "GO TO MY ACTIVITY" link
  3. Select My Activity in the left menu bar
  4. Toggle off the Web & App Activity switch
  5. Confirm the action
  6. Make sure the Web & App Activity now shows a "paused" status

E-mail: jsimek@senseient.com Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com

 

HP OfficeJet Compromised by Malicious Fax

I've never been a big fan of inkjet printers. A recent demonstration at DEF CON cements that opinion. Threatpost reported that researchers at Check Point released public details on two critical vulnerabilities found in HP's implementation of a widely used fax protocol used in all its OfficeJet all-in-one inkjet printers. "We are able to take complete control over the printer just by sending a malicious fax," said Yaniv Balmas, malware research team lead with Check Point. "There is no prerequisite for this attack. All you need to do is send a malicious fax to the printer and you have control." The good news is that HP has released updates to patch the vulnerability. If you own an impacted OfficeJet printer, make sure you apply the patches. Also, consider upgrading to a laser printer.

E-mail: jsimek@senseient.com Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com

 

Easier to Crack WPA/WPA2 than Previously Thought

We already knew that WPA2 was susceptible to cracking (Krack Attack) last year. It's bad enough that WPA2 is vulnerable, but apparently it's much easier to compromise the encryption than previously thought. Security researcher and developer of the Hashcat password cracking tool Jens "Atom" Steube made the discovery of the vulnerability while trying to attack the new WPA3 security standard. Previously, the attacker had to wait for someone else to connect to the WPA2 in order to compromise the encryption. Not so.

Bleeping Computer details the steps needed to quickly compromise a WPA2 Wi-Fi network. Basically, you use the Hashcat password cracking tool to extract the RSN IE (Robust Security Network Information Element) from a single EAPOL frame. The end game is to get the Pre-Shared Key (PSK) of the wireless network, which will allow you access. The majority of users use the manufacturer's generated PSK value. In order to properly protect your wireless network it is important to create your own key rather than using the one generated by the router. In other words, change the defaults and use your own passphrase to generate the WPA2 key.

WPA3 can't come fast enough!

E-mail: jsimek@senseient.com Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com

 

Promotion: SpiderOak Unlimited Backup for $179

Cloud storage has become pretty popular the last few years. Even though cloud storage is relatively cheap, you do need to make sure that you protect your data in the cloud. End-user controlled encryption protects the data from being exposed by the vendor since most have a master decryption key. One of the secure cloud storage products we recommend is SpiderOak. The SpiderOak One offering is what is called zero knowledge. SpiderOak has no knowledge of the encryption key and can't decrypt the data if served with a warrant or a court order.

I just got notice that SpiderOak is running a promotion for unlimited data storage for $179/year. The 2TB plan currently costs $129/year and the 5TB plan costs $279/year. If you want unlimited storage for less than $15 a month, use promo code AUGUST2018UNLIMITED. The promotion is only good until 11:59 PM Central Time on Wednesday August 8, 2018. Once you sign up for the unlimited plan, you are protected by SpiderOak's lifetime pricing guarantee: once subscribed, your plan is locked in at that rate for as long as your account is open with SpiderOak.

E-mail: jsimek@senseient.com Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com