Friday, January 6, 2023

When Ransomeware Attacks!

 --

Thank you Microsoft.

Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS

'"Ransomware continues to be one of the most prevalent and impactful threats affecting organizations, with attackers constantly evolving their techniques and expanding their tradecraft to cast a wider net of potential targets," Microsoft said.'

Q: What is the single best defense against ransomeware?

A: It's the #1 Rule of Computing: Make a backup.

The ideal backup of course is continual, hour by hour, encrypted and saved both locally for quick access, and off-site at a location that is not allowed to be overwritten. This serves two purposes:

1) Encryption means the bad guys can't steal it then blackmail you to pay up or they'll release the data to the public. All they can share is the gobbledegook mess of encryption noise. This kills their incentive to steal the data in the first place.

2) You have off-site all the data you need to restore your system in a hurry, ASAP, that day. You don't have to pay any ransom. They may have found your encrypted data, stolen it and ruined everything on your computer systems. And you don't care because you have a fully intact, made an hour ago encrypted backup they could not destroy. You RESTORE and you're back up and running. Just be sure your restore does not include the ransomware that got you nailed.

Q: Should you also use an anti-malware system?

A: If you can afford it, I vote YES. Some detection systems from anti-malware vendors are free! Just be certain you're using anti-malware that is rated as well run and frequently updated. 

As is evident, I'm no longer deep in the anti-malware world. But I can point out what works for me and what's known to be garbage.

What I Use:

Malwarebytes: This is a simple and useful anti-malware system created and maintained by a former colleague and collaborator from years past. It's useful on a per machine basis. The free version is a good start.

Intego VirusBarrier: I've been using their software for 17 years, testing both Mac and Windows systems on my computers. They remain excellent IMHO. Keep an eye out for discounted license deals.

RansomWhere? : Patrick Wardle is a saint of macOS security. Among other things, he provides useful anti-malware tools free of charge. He also provides a free book for Mac security professionals entitled "The Art of Mac Malware".

Don't Use (IMHO of course)

Avast, aka AVG, aka Gen Digital, aka HMA, aka Piriform Software, aka Inmite, aka NortonLifeLock, aka Jumpshot (now defunct). Why?

"In January 2020, a joint investigation by Motherboard and PCMag found that the Avast Antivirus and AVG AntiVirus Free version were collecting user data, which was being resold to personalize advertising through a subsidiary, Jumpshot...."

There have been and likely will be other such invasions of privacy from a variety of sources, sadly including anti-malware. Therefore, be wary and investigate any security system, security dependent software or device, before buying and installing. Searching out the reputation of any company is considerably easy over the Internet. Check a variety of sources for comparison.

On an enterprise level system, I am only familiar with Sophos. But there are other options to investigate as well!

IF you do your proper backups AND do your best to keep the malware off your systems (remember that wetware error is here to stay), you can keep out and/or frustrate ransomeware attacks. Be prepared! Investing in computer security is worth the expense in EVERY situation. Expect to be attacked. Be able to rely on your preparations to save you.

Remember: Almost every victim of ransomware that ends up paying up has FAILed at the First Rule of Computing. They didn't store a safe, encrypted backup. Don't follow their foolish example.

More reading:

How to Protect Your Mac From Ransomware

--

Monday, May 24, 2021

Apple Lied To Me

 --

After weeks of battling with a lemon (aka badly broken) refurbished MacBook Air M1 I'd ordered from Apple, going way beyond what was asked of me to diagnose what was wrong with the junk, I was *lied to* by their technician Greg that I could get a swap replacement today at the local (badly run) Apple Store. [Thanks Brandon and Adam for creating an irate. It was classic.] I took my money back and am no longer supporting Apple.

This is an extremely tough decision for me. But Apple has fallen so badly in every way I've interacted with them over the last five years that I am, for the sake of my own well being, cutting myself off from the company. (I've done beta testing for them for over a decade). 

I cried over it. That's how difficult this is for me.

--

Monday, December 23, 2019

Oh Good, A Secure IoT Standard At Long Bloody Last, Kind Of... Sort Of... Maybe...

--
I'll believe it when I see it. 
Don't count your horses just yet. ;-)


Meanwhile, read with hope in your heart:

The IoT wars are over, maybe? Amazon, Apple, Google give up on smart-home domination dreams, agree to develop common standards
The bad news: You may have to buy all new kit if you want things to work
By Kieren McCarthy in San Francisco 18 Dec 2019 at 19:41
https://www.theregister.co.uk/2019/12/18/iot_standards_war/
After years of trying and failing to dominate the smart home market with their own standards, tech giants Amazon, Apple and Google have finally agreed to work on a set of common code that will allow smart home products, from thermostats to cameras to plugs to digital assistants, to work together seamlessly. 
The new “Connected Home over IP” approach will be developed through a new working group within smart home veteran organization the Zigbee Alliance, and the broad brush blueprint of the new standard is stark in its obviousness. It will be an IP-based protocol so it can connect directly to the internet rather than require a hub; it will be open-source and royalty-free and allow for end-to-end secure communication; and it will work with core standards like Bluetooth and Wi-Fi. 
The new standard should emerge in draft form in late 2020, meaning that 2021 will be the start of a new era in smart home tech, where Alexa talks to Nest and you can have a single app on your phone to talk to everything else....
OK!
But wait!
What about...?

Microsoft built its own custom Linux OS to secure IoT devices
https://thehackernews.com/2018/04/microsoft-azure-sphere-iot-linux.html

AND

FIDO Alliance looks to create standards for internet of things devices
https://www.cnet.com/g00/news/fido-alliance-looks-to-create-standards-for-internet-of-things-devices/

--

Tuesday, October 15, 2019

Filler: What I'm Up To...

--

An explanation of what I've been up to. For visitors who've wished I had been around lately, thank you.


I continue to keep up with Mac security news every day. Somehow, it's play time for my brain. But I've lost a sense that I have much to contribute to it here at Blogger. The blog sometimes had 1000 readers a day, but that hasn't been enough of an incentive for me. Doing the routine of collecting and repeating what's going on in the field isn't inspiring or useful. Instead, I've been posting around the net about ongoing Mac security situations when I see a need for comments. I'm a regular at both Ars Technica and The Register.


Recently, the majority of the Mac security gestalt I've been part of has gone professional. My oft-times collaborator Al Varnell and I continue to contribute to the group when something unique, obscure and important shows up. But generally, we wander and stray where we are needed. Most of the rest of the group is now in a semi-state of competition. That's a good thing as it is part of the maturing of the Mac security community. It means blogs like this one are less necessary and useful. There are now some excellent places to keep up with Mac security news and methods.


Locally, I'm still working with the computer/technology user group as it inevitably shrinks. I tend to present something each month about security. Lately, I've been presenting about block chain and cryptocurrency.


Meanwhile, the computer security business in general, both practical and journalistic, remains unprofessional, unscientific, unstandardized, haphazard, detrimentally lazy and ignorant. The more I chatter about this fact, the less inclined I am to bother. There is little ongoing change apart from the very beneficial proliferation of people involved with computer security and places to learn about and keep up with what's going on. There is still plenty of wrong information being proliferated, a standard ignorance of best security practices and standards. Software and hardware coding quality isn't improving. General cynicism regarding human comprehension of technology and coding increases, not decreases, over time. Scapegoating technology for the failings of we humans subsequently increases via the usual default human behaviors. Short-term thinking in pursuit of quick cash remains the norm, along with the inevitable long-term catastrophes. A simple example, IMHO, is continued blight that is the Android operating system, despite supposed efforts to bring its security under control.


I can also point at Apple's periodic lackadaisical attitude toward security. This has been a relatively horrible year for Mac and iOS device security with some outright stunning and occasionally irreparable harm done. Still, Apple gets accolades because their lethargy is far superior to the vast majority of the rest of the technology industry. 


The most extreme ongoing example of worthless garbage, absent of reliable security, is IOT: The Internet Of dangerous Things. Abominable. If I were to write a blog about IOT, it would consist of the same statement every day: DON'T. There is at last a working security standard for IOT. But whether it catches on, whether it actually helps, we'll have to wait and see. For now, IOT is GeeWhiz! techno garbage for the tech-ignorant consuming masses. Again, the lack of professionalism in computer security resounds. Or is this assumed incompetence actually or partially a method of extending hacker, business and governmental surveillance of the world's citizenry? Time will tell.


So, be careful out there. If something critical shows up in the Mac security community, if I have something insightful or professorial to offer, I'll still be around.


:-Derek



--


Thursday, October 18, 2018

Apple's New Privacy Pages:
Your Reading Assignment!

--

In this day and age, when the western world is being increasingly China-fied and Russia-fied, IOW devolving into totalitarian surveillance states, it's wonderful to watch Apple resist and insist upon user privacy. Good on 'em!

It used to be that Apple merely provided semi-annual transparency reports, annual white papers on Apple gear security and some diffuse documents about securing, hardening our Apple devices. Now, everything has been gathered into one area on their website for easy access along with elaborations no doubt inspired by EU's GDPR, General Data Protection Regulations.


Where to start:


Privacy - Apple
The pages tend to be iOS centric, no surprise of late. But Apple's privacy policy is relevant to Mac gear as well. As we dig into the various sub-subjects, we find an elaborate exposition of Apple security details. Take an hour and dig around. If you require security on your Apple gear, it's worth the time to read through it all in order to know what Apple offers and how to put it to work for you.

Topics include:

  • Encryption (Get stuffed Australia surveillance maniacs!)
  • Apple Pay
  • iMessage, FaceTime
  • Health and fitness data
  • Analytics (under our control!)
  • Safari
  • iCloud
  • Education
  • Advertising
  • Photos
  • Siri & Dictation
  • HealthKit
  • Music
  • News
  • Maps
  • Siri & Spotlight
  • DeviceCheck
  • HomeKit
  • ResearchKit
  • CareKit
  • CloudKit
There are odds and ends here I'd hadn't been aware of!

The core of the Privacy site is Manage Your Privacy. All of us should dig through this page in order to maximize our understanding and control of our own privacy settings.


What everyone should read NOW:


Manage Your Privacy:

Each of these sections provides links to helpful, more detailed information. 

Of most immediate concern is this section under Manage your Apple ID:

Beware of phishing! Phishing spam has become increasingly elaborate and deceitful. The worst of these are the fake charge receipts. The idea is to send us scrambling to UNdo charges we are lead to believe have been made without our permission. They are remarkably successful, as has been demonstrated most explicitly in China in recent weeks. Apple provides further elaboration about phishing HERE 


It takes time to pour through all this, but it's well worth it.


.
--

Tuesday, October 16, 2018

iOS 12.0.1 Security Bug Workaround (O_o)

--

Yes, here we go again. The Bug:

New iPhone Bug Gives Anyone Access to Your Private Photos
...The new hack allows anyone with physical access to your locked iPhone to access your photo album, select photos and send them to anyone using Apple Messages. 
Since the new hack requires much less effort than the previous one, it leaves any iPhone user vulnerable to a skeptic or distrustful partner, curious college, friend or roommate who could access your iPhone's photo album and grab your private photos....
The new passcode bypass method works on all current iPhone models, including iPhone X and XS devices, running the latest version of the Apple mobile operating system, i.e., iOS 12 to 12.0.1
Until Apple comes up with a security patch, you can temporarily fix the issue by disabling Siri from the lockscreen. Here's how to disable Siri: 
Go to the SettingsFace ID & Passcode (Touch ID & Passcode on iPhones with Touch ID) and Disable Siri toggle under "Allow access when locked."
(Bolding mine).

If you kept the workaround for the similar bug in iOS 12.0, then you're already safe. 


The general consensus at this point is that it is UNSAFE to leave Siri on when the screen of an iOS device is locked. Therefore, we might want to leave Siri disabled when locked. That means we have to unlock the device first, then access Siri. As ever, it's convenience versus security. Take your pick, find your balance.


--

Saturday, September 29, 2018

iOS 12.0 Security Bug Workarounds

--

One of my common themes is the difficulty of writing secure software in our ever more complicated coding times. [Detailed rant withheld.] Therefore, any code of substantial complexity is going to have bugs and the worst bugs are typically security holes. The computer security community gradually adjusts to increased code complexity through new processes of complex code scrutiny. Here are a couple excellent examples along with, thankfully, a couple convenient workarounds. I've added relevant screenshots below:

Complex iOS passcode bypasses grant access to iPhone Contacts and Photos
By Mikey Campbell @appleinsider
Friday, September 28, 2018
A pair of extremely involved passcode bypasses discovered in Apple's latest iOS 12 can grant attackers access to Contacts and Photo data on a user's iPhone, including models protected by Face ID. . . .
Apple has yet to address the vulnerabilities in the latest iOS 12.1 beta. Concerned users can minimize exposure to the apparent bugs by disabling Siri lock screen access in Settings > Face ID & Passcode or Settings > Touch ID & Passcode under the "Allow access when locked" heading. The second attack can be thwarted by enabling password protection for Notes by navigating to Settings > Notes > Password



Please read through Mikey Campbell's article before enacting the workarounds in order to understand what you're changing in iOS 12. Turning off Siri at the lock screen may not cause problems. However, creating and having to use a password for your Notes may create inconvenience. It's the usual theme of security vs. convenience.

--