Tuesday, May 23, 2017

I'll Cry if I Wanna

   I try not to jump on bandwagons, but with so much coverage and affects of the whole worldwide WannaCry mess, I do have a few things to say.  I have a few different things to cover that you may not have seen elsewhere.

   There's been plenty of media coverage so I'll just give a high level overview of what happened.  Like many other nations, the US National Security Agency (NSA) studies computer flaws and develops ways to attack them.  The Shadow Brokers are a hacker group who started leaking some of these NSA-developed attacks in the second half of 2016.  The April 2017 edition of their leaks included the code that enabled the WannaCry attack.
   The attack that started on Thurs May 11 consisted of two parts.  One would encrypt files so that the owner could not get access to their files (commonly called "CryptoWare").  The other part could get remote access to any vulnerable computer.  This was a very powerful combination and this is the first time we've seen this kind of auto-spreading cryptoware.  Once infected, the victim sees a screen that directs them to pay a ransom in bitcoin - so the whole attack is considered "Ransomware".

   Now, Microsoft did release a patch in March to fix some of these problems, in particular the remote access part.  So no problem, right?  Desktops and laptops are usually easier to patch, and you should always have your home systems set to automatically update.  But servers need more testing to assure that applications continue to work as expected.

   Patching was a critical part of the fix, but there was definitely more to it including things like new anti-virus signatures, whitelisting, intrusion prevention signatures and firewall rules.

Tuesday, May 9, 2017

Google Docs and the Mailinator

   You're minding your own business, just checking email, when you get an email from a "friend" inviting you to get a shared Google Doc file.

   You're a student of security, or at least a fan, so you're always skeptical when you receive an email with a link or attachment.  This one appears to come from someone you know.  The subject and body of the message seem consistent with a Google doc sharing message.

   Problem clue #1 - look at the "To:" line.  Clearly, this message wasn't sent to you.

   Problem clue #2 - were you expecting this email and file?  Has this sender sent you Google docs in the past?  Did this email arrive at work or home - and do you normally use Google docs there?

   But, you are rushed and don't have time to send your friend a message to see if this email is legit.  So you click.  If you're not already logged in to your Google account, you're asked to log in.  What you see next is...