Chad's News

I posted this topic just because the name is so neat. “Frankenmalware” describes the result of a computer virus infecting a computer worm. The worm then propagates the virus.

For those who find this confusing, here’s a short tutorial on the difference between a virus and a worm. A virus is malware that attaches itself to executable files on a computer. When an infected file is run, the virus code is also run. Viruses may or may not contain mechanisms to spread themselves to other machines. A worm, however, is a standalone program that propagates itself over a network by taking advantage of security holes in target machines. Unlike viruses, worms do not have to attach themselves to existing executable files—a worm is autonomous. Note that the distinction between viruses and worms is not perfect—some malware contains components of both—and we have a tendency to lump them all under the umbrella name of “viruses”.

So frankenmalware occurs when a computer that’s already infected with a worm gets infected with a virus, and the virus attaches itself to the worm’s executable file. When the worm spreads to another machine, it unknowingly carries the virus and infects the new computer. All of this is done without the intervention of the user or the knowledge of the people who wrote the virus/worm.

Link: http://www.malwarecity.com/…
(via Kim Komando)

In the linked article, Kim Komando gives several good reasons for not sharing your wireless internet connection with neighbors. An important one being that if the neighbor does anything illegal, the police arrest you and confiscate your computer equipment. (On the other hand, if you’re the one doing illegal stuff over the internet, I’ve actually heard people suggest that it’s a good idea to leave your wireless router unsecured—so there’s reasonable doubt concerning who performed the crime.)

Link: http://www.komando.com/…

The linked page generates highly random passwords and delivers them in a secure manner. It’s probably a bit of overkill, but it’s better to trust Steve Gibson, a well-known and reliable source, than some unknown password generator you find via a Google search.

Thanks to Josh for this link.

Link: https://www.grc.com/…

Google and Facebook are offering two-factor authentication to help prevent your account from being hijacked. In both cases, you give them your phone number, then when you log in using your normal username and password, they send a code to your phone. You must enter the code as part of the login process. Gmail does this for every login, while for Facebook it’s only when you log in from a device that hasn’t already been verified.

Thanks to Josh for this topic.

Link #1 (Gmail): http://googleblog.blogspot.com/…

Link #2 (Facebook): http://www.facebook.com/…
(via Slashdot)

The AutoRun feature in Windows is a significant security risk (as illustrated in this Chad’s News post), and Microsoft has finally decided to take action. With the latest Windows Update, there’s an optional update to disable AutoRun in Windows XP and Vista (it is already disabled in Windows 7). Some types of media, such as CDs and DVDs will still use AutoRun, but executable files on most removable media, e.g., USB drives, will no longer be run without the user’s knowledge.

Link: http://www.computerworld.com/…
(via Kim Komando)

The authors at Ksplice are pretty good at digging into the low-level guts of modern computer systems—it’s not too unusual to see them posting assembler code to illustrate a point. In the linked article, they demonstrate how to use a PCI expansion card to hijack a computer in a manner that’s quite hard to detect, and which defies standard methods to recover a compromised system. The malicious hardware gets control of the system at boot time and intercepts the BIOS call that loads the operating system. This gives it the ability to then modify the OS to include an exploit.

For the normal computer user, this is a non-issue. But for those who deal with ultra-classified national security issues, you can never be too careful (maybe that peripheral manufactured in China is not as trustworthy as you think…). The example given in the Ksplice article is more of a proof of concept, because it only works on a single, specific release of the Linux kernel, but it wouldn’t be too difficult to come up with something more versatile.

The linked article is quite technical in nature, so you’ve been warned.

Link: http://blog.ksplice.com/…
(via Slashdot)

Today I received two random emails telling me that my password credentials had been hacked for the Gawker Media sites, including lifehacker.com, a primary source for Chad’s News articles, as well as gawker.com, gizmodo.com, io9.com, jalopnik.com, jezebel.com, kotaku.com, deadspin.com, and fleshbot.com. At first I though this was a rather obvious spam/hack attempt, but after some quick research I learned that the Gawker Media database had indeed been hacked, and that my login credentials (username, email address, and password) have been posted to the web. Since this is a password I use extensively for non-critical logins, I’m going to have to change it for something nearing a hundred web sites. Note that the compromised passwords were encrypted, but that the encryption scheme is fairly easy to break.

Link #1: http://news.softpedia.com/…

Link #2: http://lifehacker.com/…

Adobe has released a new major version of its free Adobe Reader, the program that allows you to view PDF files. A significant new security feature is sandboxing. For those not familiar with the concept, the main program interacts with the outside world (i.e., the operating system) through a second, supervisor program. The supervisor typically just echoes the requests straight to the operating system, but it also ensures that any unauthorized or unsafe requests are denied. So even if a vulnerability is discovered and successfully exploited, the sandbox mechanism will prevent it from doing anything. Note that using the regular Adobe Reader update function will not get you version X—you’ll need to go to the download page and manually start the installation.

Link: http://www.eweek.com/…
(via Kim Komando)

Setting the BIOS password on your laptop may seem like a smart idea, but it turns out that you can easily reverse engineer the password from information displayed by the laptop. The linked article has scripts that will do this for a variety of manufacturers and models. Of course, it’s not that difficult to reset the BIOS password using other methods—my motherboard, for instance, has a jumper that will reset the BIOS settings to their defaults.

Link: http://dogber1.blogspot.com/…
(via Lifehacker)

Did you know that the simple act of plugging a USB thumb drive into your computer will often run (AutoRun) a program that’s on the drive? So an easy way to compromise computers is to put malicious software on some USB drives and scatter them around on the ground. Quite a few people will pick up such a drive and plug it into their computer to see what’s on it.

The recent Stuxnet worm used USB drives to get inside Iranian power plants and infect their control systems. It was designed to work even if AutoRun had been disabled. Just browsing the drive and opening a folder was sufficient to infect the computer.

This type of attack can be prevented by education. Simply put, be very careful about using a USB drive from an unknown or untrusted source. And if you find it laying on the ground in your company’s parking lot, throw it away (or report it to your computer security personnel if such exist).

Link: http://www.slate.com/…
(via The Consumerist)

Microsoft says it’s seeing a huge increase in the number of Java-based security exploits. Many if not all of the attack vectors are known bugs that have been fixed in the current Java Runtime Environment (JRE), but non-power users probably don’t think much about keeping Java updated. So it might be a good idea to install the latest version.

Link: http://arstechnica.com/…

Wi-fi networks have an identifier, known as the SSID. The default setting for many routers is to broadcast the SSID—thus making it easier to find and connect to the network, but most wireless security tutorials recommend disabling the SSID broadcast. Lifehacker, however, suggests this may be more trouble than it’s worth. Any hacker with a minimum amount of knowledge can easily determine the SSID, regardless of whether or not it’s being broadcast.

Link: http://lifehacker.com/…