From Sovereign Man February 20, 2015.
““We messed up badly here”: Lenovo admits to putting tracking software on your PC”

“Lenovo Group, the largest computer manufacturer in the world, has made a rather stunning admission that they have been pre-installing tracking software on their PCs.

The tracking software is made by a company called Superfish, which apparently paid some “very minor compensation” to Lenovo for putting the software on people’s computers.

The Superfish program is a total disaster.

It has image recognition algorithms which essentially monitor what a user is looking at… then suggests relevant ads based on what it thinks you might like.

This is not only REALLY high up on the creepy scale, it also completely destroys Internet security.

Whether you’re buying something online or accessing Internet banking, the Superfish program essentially cuts the secure link between you and sensitive websites that you’re trying to access.

According to the first user who found the vulnerability a few weeks ago, “[Superfish] will hijack ALL your secure web connections (SSL/TLS) by using self-signed root certificate authority, making it look legitimate to the browser.”

This means that the tracking software basically fools a web browser into believing that a connection is secure when it’s not… all for the purpose of pushing more ads in your face.

This scheme is so powerful that even if users uninstall the Superfish software, the security breach still remains.”
Read more

If you read our article yesterday, January 18, 2015, you know that no router is safe from hacking.

Read more

So, what can you do to improve your odds of not being hacked?

From We Live Security July 22, 2014.

“Wi-Fi security – steps you can take now

A We Live Security video guide offers basic tips on how to secure home routers - and offers a good starting point for ensuring a Wi-Fi network isn’t vulnerable to snoopers and other unwanted ‘guests’.

Harley says, “Firstly, ensure your firmware is kept updated.” Firmware is the code and data which allows routers to function – similar in some ways to a computer operating system, but with the crucial difference that updates (to protect against bugs) often have to be installed manually.”

“Check your settings again

Changing passwords is an essential first step – but it’s worth checking back that your router’s settings haven’t changed, as this can be a problem with some models.

Harley says that users should always, “Change default router administrator usernames and passwords, and change the default SSID.” The SSID is the name of the network – which is broadcast to anywhere within Wi-Fi range. Leaving it as a default can broadcast information that is useful to an attacker – such as the model of router you are using, or whether you are using one supplied by your ISP. When choosing a new network name, avoid any personally identifying information such as your name or house number.

It’s worth considering making yours a “hidden network” – disabling the broadcast of the SSID’s name. That way you’re less visible to attackers – and to connect new devices, simply type in your network’s name on the gadget.

Harley warns that these precautions can be wasted if your router’s software is updated – which can occasionally revert settings to the default. “After any update, check these settings have not reverted,” he says.

WEP is not your friend

If your family or business has had the same router for  a long time, you may be using WEP – an outdated form of encryption that can be cracked easily, even by unskilled hackers. Most new routers will use the more secure WPA2 standard – but if your router has been around for a while, it’s possible family members may have chosen WEP to connect older devices such as Nintendo’s first DS handheld. “Don’t use WEP encryption, if anyone still is,” Harley says. “If the router doesn’t allow anything else, time to change it. WPA2 is reasonably secure.”

Even if you’ve had trouble connecting mobile devices to a network, leaving it “open” is always a bad idea. Harley says, “ If you’re not using encryption at all, fix it.”

Know who is connecting to your network

Harley says that controlling which devices can connect to a network offers another layer of reassurance. “MAC filtering reduces the risk from intruder machines using your network,” he says.

Any PC or mobile computing device has a unique identifying number known as a MAC address. If you access your router’s settings, you can select which devices can and cannot connect to your network – meaning for instance, a neighbor couldn’t log in, or a teenage visitor could not access unsuitable sites via a smartphone.

Add the MAC addresses of all authorized devices in the home – iPhones, tablets, laptops etc. – to the router’s authorized list. No other device will then be allowed on the network. You can find the MAC addresses of mobile phones and other portable devices under their network settings, though this will vary for each device. Check with the manufacturer.”
Read more

Computer system security, especially in regard to internet access, is in the forefront of technical and business reporting.

We are constantly being told about major corporations being hacked and sensitive data being breached.

Target and Sony are some of the more prominent examples.

What is less conspicuous is the hacking of routers, used by businesses and many homeowners.

From setting up my own routers I was aware of important details when configuring them.

What I was not so aware of is the frequency of router hacking and just how vulnerable they are.

A friend of mine owns a coffee shop in NC. Recently 2 of his routers were hacked. He knew this because of performance and setup problems and ultimately by confirmation from the tech support at Linksys.

Of course this has more far reaching consequences such as potential compromise of customer debit and credit card information.

And don’t forget, when you are using someone’s WIFI internet access, you should be mindful of this fact and probably not enter or access important information while using their router.

From what I have uncovered from research over the past several days, this problem has not been taken seriously enough by the public and router manufacturers.

A great article from CNET in 2013 explains the extent of the problem and provides a clear warning.

From CNET April 17, 2013.

“Top Wi-Fi routers easy to hack, says study
The most popular home wireless routers are easily hacked and there’s little you can do to stop it, says a new study by research firm Independent Security Evaluators.”

“The Wi-Fi router you use to broadcast a private wireless Internet signal in your home or office is not only easy to hack, says a report released today, but the best way to protect yourself is out of your hands.

The report, written by research firm Independent Security Evaluators of Baltimore, found that 13 of the most popular off-the-shelf wireless routers could be exploited by a “moderately skilled adversary with LAN or WLAN access.” It also concludes that your best bet for safer Wi-Fi depends on router vendors upping their game. All 13 routers evaluated can be taken over from the local network, with four of those requiring no active management session. Eleven of the 13 can be taken over from a Wide-Area Network(WAN) such as a wireless network, with two of those requiring no active management session.”

“Before you dismiss router hacks as exceptionally rare, it’s important to note that they’ve been a small but growing segment of computer security threats. In 2011, one firmware vulnerability affecting six hardware manufacturers combined with two malicious scripts and 40 malicious DNS servers to attack 4.5 million Brazilian DSL modems, with the goal of stealing bank and credit card information.

Craig Heffner, a vulnerability analyst at Maryland-based Tactical Network Solutions, said that he isn’t familiar with the Brazil story but isn’t surprised by it. “In a lot of countries, there’s only one or two ISPs, and you get whatever router they give you,” he said. “They often enable remote administration by default, so any vulnerability would be amplified.”

And just yesterday, ReadWrite reported on wireless router hacking, based in part on research conducted by security firm Rapid7. ISE’s study, while similar, reports “all-new findings,” said ISE’s marketing head, Ted Harrington.

Harrington further explained why router hacking could turn into a big problem. “What’s notable about this is that if you compromise the router, then you’re inside the firewall. You can pick credit card numbers out of e-mails, confidential documents, passwords, photos, just about anything,” he said.

He added that ISE plans to release additional information from the study in the coming weeks, following the routine security community best practice of giving vendors a chance to respond to vulnerabilities that have been uncovered before publishing them.

“We notified all vendors about all vulnerabilities that we found,” said ISE security analyst Jake Holcomb. “We’re in the process of receiving Common Vulnerability and Exposure (CVE) numbers” for tracking information security vulnerabilities.

Some vendors, Holcomb said, got back to ISE quickly and had beta firmware with fixes ready to test within 72 hours. “Other vendors escalated their Tier 1 support up the chain but we never heard back from them,” he said.”

Read more

I have been referring to PC Magazine in print and on the internet for 30 years. They have some pretty good reviews. However, the following article on purchasing routers is an example of downplaying the importance of security.

From PC Magazine January 31, 2014.

“First, ask yourself how high-end you want to go with a router. If you need nothing more than to create a wireless network, you can get away with a fairly cheap router—spending less than $100 should do. If you want extras such as security, parental controls, and the ability to connect USB printers and external storage drives for sharing data, you’ll want to look at higher-priced premium routers.

What Type of Security?
Most of the newer routers support the highest level of security, WPA2. If in the market for a new router, make sure it supports WPA2.”

Read more

“extras such as security”

Really??

Selecting WPA2 for security is important. However, apparently, WPA2 scurity and the latest firmware cannot be counted to stop hackers.

Just this morning I was discussing this with a friend who owns a tax/accounting business.

Forget the bells and whistles that PC Magazine focused on.

When I am purchasing a router, I first want it to be reliable, i.e, keep functioning and be secure.

I spoke to another friend a few hours ago. He is charge of network security for a NC company. In college he was taught to expect routers to be hacked.

Here are some more warnings and useful precautionary steps.

From Tom’s Guide.

“Your Router’s Security Stinks: Here’s How to Fix It”

“Earlier this year, a router worm called TheMoon used the HNAP protocol to identify vulnerable Linksys-brand routers to which it could spread itself. (Linksys quickly issued a firmware patch.)

“As soon as you get home, this is something you want to do with all your routers,” Horowitz told the tech-savvy crowd. “Go to /HNAP1/, and, hopefully, you’ll get no response back, if that’s the only good thing. Frankly, if you get any response back, I would throw the router out.”

The WPS Threat

Worst of all is Wi-Fi Protected Setup (WPS), an ease-of-use feature that lets users bypass thenetwork password and connect devices to a Wi-Fi network simply by entering an eight-digit PIN that’s printed on the router itself. Even if the network password or network name is changed, the PIN remains valid.

“This is a huge expletive-deleted security problem,” Horowitz said. “That eight-digit number will get you into the [router] no matter what. So a plumber comes over to your house, turns the router over, takes a picture of the bottom of it and he can now get on your network forever.”

That eight-digit PIN isn’t even eight digits, Horowitz explained. It’s actually seven digits, plus a final checksum digit. The first four digits are validated as one sequence and the last three as another, resulting in only 11,000 possible codes instead of 10 million.

“If WPS is active, you can get into the router,” Horowitz said. “You just need to make 11,000 guesses” — a trivial task for most modern computers and smartphones.””

“Regardless of whether a router is commercial- or consumer-grade, there are several things, varying from easy to difficult, that home-network administrators can do to make sure their routers are more secure:

Easy fixes

Change the administrative credentials from the default username and password. They’re the first things an attacker will try.

Change the network name, or SSID, from “Netgear,” “Linksys” or whatever the default is, to something unique — but don’t give it a name that identifies you.

“If you live in an apartment building in apartment 3G, don’t call your SSID ‘Apartment 3G,'” Horowitz quipped. “Call it ‘Apartment 5F.'”

Enable WPA2 wireless encryption so that only authorized users can hop on your network.

Disable Wi-Fi Protected Setup, if your router lets you.

Set up a guest Wi-Fi network and offer its use to visitors, if your router has such a feature. If possible, set the guest network to turn itself off after a set period of time.

“You can turn on your guest network, and set a timer, and three hours later, it turns itself off,” Horowitz said. “That’s a really nice security feature.”

Do not use cloud-based router management if your router’s manufacturer offers it. Instead, figure out if you can turn that feature off.

“This is a really bad idea,” Horowitz said. “If your router offers that, I would not do it, because now you’re trusting another person between you and your router.”

MORE: 7 Computer-Security Fixes to Make Right Now

Moderately difficult

Install new firmware when it becomes available. Log into your router’s administrative interface routinely to check. With some brands, you may have to check the manufacturer’s website for firmware upgrades. But have a backup router on hand if something goes wrong.

Set your router to use the 5-GHz band for Wi-Fi instead of the more standard 2.4-GHz band, if possible and if all your devices are compatible.

“The 5-GHz band does not travel as far as the 2.4-GHz band,” Horowitz said. “So if there is some bad guy in your neighborhood a block or two away, he might see your 2.4-GHz network, but he might not see your 5-GHz network.”

Disable remote administrative access, and disable administrative access over Wi-Fi. Administrators should connect to routers via wired Ethernet only.

Advanced tips for more tech-savvy users

Change the settings for the administrative Web interface, if your router permits it. Ideally, the interface should enforce a secure HTTPS connection over a non-standard port, so that the URL for administrative access would be something like, to use Horowitz’s example, “https://192.168.1.1:82″ instead of the more standard “http://192.168.1.1″.

Use a browser’s incognito or private mode when accessing the administrative interface so that your new URL is not saved in the browser history.

Disable PING, Telnet, SSH, UPNP and HNAP, if possible. Instead of setting relevant ports to “closed,” set them to “stealth” so that no response is given to unsolicited external communications that may come from attackers probing your network.

“Every single router has an option not to respond to PING commands,” Horowitz said. “It’s absolutely something you want to turn on — a great security feature. It helps you hide. Of course, you’re not going to hide from your ISP, but you’re going to hide from some guy in Russia or China.”

Change the router’s Domain Name System (DNS) server from the ISP’s own server to one maintained by OpenDNS (208.67.220.220, 208.67.220.222, 208.67.222.220, 208.67.222.222) or Google Public DNS (8.8.8.8, 8.8.4.4).

Use a virtual private network (VPN) router to supplement or replace your existing router and encrypt all your network traffic.

“When I say VPN router, I mean a router that can be a VPN client,” Horowitz said. “Then, you sign up with some VPN company, and everything that you send through that router goes through their network. This is a great way to hide what you’re doing from your Internet service provider.”

Finally, use Gibson Research Corp.’s Shields Up port-scanning service athttps://www.grc.com/shieldsup. It will test your router for hundreds of common vulnerabilities, most of which can be mitigated by the router’s administrator.

• 7 Scariest Security Threats Headed Your Way
• Identity Theft Victim? Here’s 6 Things You Need to Do
• 10 Facebook Privacy and Security Settings to Lock Down

Follow Paul Wagenseil at @snd_wagenseil. Follow Tom’s Guide at @tomsguide, on Facebook and on Google+.”
Read more

From Reuters.

The FBI claims to have evidence that the Cyber attack upon Sony computer systems came from North Korean sources.

“Sony hires Mandiant to help clean up after cyber attack”

“Pictures Entertainment has hired FireEye Inc’s Mandiant forensics unit to clean up a massive cyber attack that knocked out the studio’s computer network nearly a week ago, three people with knowledge of the matter said on Sunday.

Computer systems at the Sony Corp unit went down last Monday after displaying a red skull and the phrase “Hacked By #GOP,” which reportedly stands for Guardians of Peace, the Los Angeles Times reported.

Technicians are making headway in repairing damage caused by the attack and expect to have the email systems back online Monday, said one of the people, who were not authorized to publicly discuss efforts to deal with the attack.”

“Mandiant is an incident response firm that helps victims of breaches identify the extent of attacks, clean up networks and restore systems.

The technology news website Re/code reported on Friday that Sony was investigating to determine whether hackers working on behalf of North Korea might be responsible for the attack, possibly in retribution for the studio’s backing of the film “The Interview,” which is to be released on Dec. 25 in the United States and Canada.

The movie is a comedy about a CIA attempt to assassinate North Korean leader Kim Jong Un.”

Read more:

http://www.reuters.com/article/2014/11/30/sony-cybersecurity-mandiant-idUSL2N0TK0R920141130

From Fireeye:

From the WordPress Dashboard.

Click on Plugins link.

Click on Add New link.

In the search box, enter “Sucuri Security – SiteCheck Malware Scanner” then click Search.

Sucuri Security – SiteCheck Malware Scanner will appear.

Click on Install Now link.

Message appears.

“Are you sure you want to install this plugin?”

Click on OK button.

“Installing Plugin” message appears.

Click on Activate Plugin link.

Sucuri Security – SiteCheck Malware Scanner now installed.

*** Please note ***

Sucuri Security – SiteCheck Malware Scanner is only available via a paid subscription.

For more information on pricing:

https://sucuri.net/website-firewall/signup

These instructions are believed to be correct as of today.

For more information visit WordPress help or

https://sucuri.net/

From ars technica December 15, 2014.

“More Than 100,000 WordPress Websites Reportedly Infected by Russian Malware”

“Over 100,000 WordPress sites have been infected by a Russian virus called SoakSoak, which loads an attack code onto webpages created through the uber-popular blogging platform, according to a report by Ars Technica.

Google has already flagged roughly 11,000 malicious domains — though it is likely that many more than that have been compromised.

According to Gizmodo, more than 70 million total sites use WordPress as a content-management system — from personal blogs to Time.com. However, only self-hosted sites that use WordPress have been affected by the malware — meaning personal blogs are okay.

The aim of the hackers and the consequences of the virus — whether to steal data or otherwise — remain unclear.

Related: 5 Lessons Leaders Can Learn From the Sony Hacking Scandal

The malware infiltrated WordPress through a vulnerability in a slideshow plug-in called Slider Revolution. While Slider Revolution has since fixed the bug with updates — it knew about the vulnerability earlier this fall, according to Gizmodo — the older version of the plug-in is still bundled with many WordPress themes.

“The biggest issue is that the RevSlider plugin is a premium plugin,” wrote Sucuri, an online security firm that was first to identify the infection. “It’s not something everyone can easily upgrade and that in itself becomes a disaster for website owners.””

Read more:

http://arstechnica.com/security/2014/12/some-100000-or-more-wordpress-sites-infected-by-mysterious-malware/

Sucuri free website scanner:

http://sitecheck.sucuri.net/