Wi-Fi Krack exploit

What to do about Krack?

How does the it Krack Wi-Fi problem discovered October of 2017 effect you? Hi, my name is Bruce Holland with Altura IT. New problems were announced with all devices that use Wi-Fi communications for business people. This means there are 10 new ways someone can eavesdrop on your Wi-Fi network. Every Wi-Fi devices affected your phone, your tablet, your Wi-Fi connected computer, all vulnerable. Most businesses in this Scottsdale air park use Wi-Fi. About 30% of Scottsdale airport businesses have not corrected the Wi-Fi vulnerability from six years ago. It’s called Wi-Fi protected setup. I have a link below to the current map of the weak Wi-Fi access points in the air park security industry professionals bleed. It’ll take at least a decade to fix this latest problem. What action should you take now to protect your intellectual property? One, apply the October security updates to all Microsoft windows devices. Two, apply iOS update 11.1 for all apple wireless devices. Three, apply the November six 2017 security update from Google for android devices. You will need to contact each android vendor to see when this security update is available for your device. Four, update all Wi-Fi access points with patches for the Krack problem. This should protect even unpatched devices like your wireless security cameras. The fifth thing you should do is scan your networks. You need a list of all your Wi-Fi devices. This inventory is a list of what you have left to patch. If you need help monitoring your security for your computers on your network, we have simple, inexpensive solutions for your network security. Just call us at (480) 822-7222 or you can use the link below for a free security assessment. Thanks for your time.

Faster Computer

solid state drive

Unleash the power in your computer.  With a solid state hard drive your file access is three to ten times faster.  Would you like your computer to boot up in seven to ten seconds?  $125.00 can make your computer perform faster and stronger.  The old mechanical hard drive in your computer throttles the power in your computer. 

A faster computer starts here

Lets look at an entry level HP laptop.  On the left is a hard disk transfer speed test.  On the right is the same machine with a solid state drive test results.solid state hard drive is five times faster

 

 

 

 

 

 

 

This shows your data moves three times to eighty times faster inside your computer with a solid state hard drive installed. Why not let your computer run fast?  Your data and programs are copied to your new SSD.  Nothing to lose and lots of speed to gain.

One test is not enough

Here is another full system speed test.  The computer processing power increases by eight percent and the file access speed is four times faster(369% faster)

Full system test ssd improves data flow by 396%

 

 

 

 

 

 

 

Notice the processor test speed improved slightly, by 8%,  with the solid state drive.   The drive speed is almost four times faster.  You get more power out of your computer.  Browse the web, create documents and create spreadsheets faster than you ever have before.

What was the computer being tested?

A HP 14-an080nr was used for these tests results.

Product number
W2M52UA
Product name
HP Notebook – 14-an080nr (ENERGY STAR)
Microprocessor
AMD Quad-Core E2-7110 (1.8 GHz, 2 MB cache)
Memory, standard
4 GB DDR3L-1600 SDRAM (1 x 4 GB)
Video graphics
  • AMD Radeon R2 Graphics
  • Integrated
Hard drive
500 GB 5400 rpm SATA
Display
14″ diagonal HD SVA BrightView WLED-backlit (1366 x 768)
Keyboard
Full-size island-style
Pointing device
Touchpad with multi-touch gesture support
Wireless connectivity
802.11b/g/n (1×1)
Network interface
Integrated 10/100 BASE-T Ethernet LAN
Expansion slots
One 2-in-1 SD media card reader
External ports
1 HDMI; 1 headphone/microphone combo; 1 RJ-45; 1 USB 3.0; 1 VGA; 2 USB 2.0
Minimum dimensions (W x D x H)
34.54 x 24.15 x 2.39 cm
Weight
1.75 kg
Power supply type
45 W AC power adapter
Battery type
3-cell, 31 Wh Li-ion
Webcam
HP TrueVision HD Webcam (front-facing) with integrated digital microphone
Audio features
DTS Studio Sound™ with 2 speakers

This machine was first released in May 2016.  This is an entry level notebook, but the performance gain is significant.  If you buy a laptop or notebook the hard drive can be replaced with a solid state hard drive. The $125 price is for a 120 G byte SSD, installation and transfer of all of your data.

What effects the speed?

There are four speeds of drive controllers in computer today.   Sata, Sata II and Sata III.

SATA SATA II SATA III MVMe
150 Mbps 300 Mbps 600 Mbps 2500 Mbps

The extra power suppled by the upgrade to a SSD produced great results. You don’t have to plod through computer tasks because you have old technology inside your computer.

Desktop Computer Limits

If you have a desktop machine the PCI bus type can also limit the top speed of your data movement.  Check this reference chart below.

PCIe 1 PCIe 2 PCIe 3 PCIe 4
250 Mbps 500 Mbps 984.6 Mbps 3938 Mbps

With an older desktop machine your top speed will be limited to the type of PCIe slot that came with your motherboard. This is the decision point to decide when to upgrade to a new machine. A SSD can allow your machine to run at full speed. Today’s new computers have faster components to allow information for virtual reality systems and gaming machines to run at peak performance. If you want more speed from your current machine or a complete replacement we can help. Fill the form below and we will contact you to speed up your machine.

VPNFilter Malware

dlink linksys netgear qnap huawei logos VPNfilter malware effected brands

VPNFilter Malware

dlink linksys netgear qnap huawei logos VPNfilter malware effected brandswas identified by Cisco’s Talos cyber intelligence agency.  They believe this is a likely state sponsored software program that is infecting standard home based routers.  Infected machines have been found in 54 countries.   These retail off the shelf routers do not use anti virus programs to protect the device from attack.  Intrusion detection is also not built into these devices.  But the most glaring error is the fact most of these devices are running with default usernames and passwords. Our home and small business routers are providing a big security opportunity for the bad actors on the Internet.

FBI request

On May 23rd the Justice department issued a press release asking for firewalls and network storage devices to be rebooted.  The FBI seized one of the command and control domain names that this bot network uses.  Rebooting your home or small business router helps the FBI locate infected devices.  The FBI is monitoring the traffic on the bot network from the command and control domain they captured.  Rebooting your device does not clear the problem with malware on your router or network storage device.  The device has been compromised.  Remediation is necessary.

Fixing your home router

Some of the software that runs your router has been altered.  The machine can not be trusted to send and receive information on the Internet.  Talos research now shows that the second level software that is downloaded after infection has the ability to scan all packets going through the device.  That means do not use your  credit card to purchase anything on the Internet.  This is why Amazon stores your credit card information with your account.

What to do

  • Find your router manufacturer and model number.  Using the table at the end of this blog check to see if your equipment is on the list of possibly compromised devices.
  • If your router is on the list remove the power cable from the back of the router.  Wait one minute and plug the cable back in.  Wait two to five minutes for the router to be operational again.  This is the FBI step.  The FBI will collect information from your machine if it is infected to aid their investigation.
  • Check your router model number.  Google this model number to find your user manual.  Open the user manual and find the section about the default password on the device.
  • Chances are that you will access your router from a web browser.  Open a new browser window.  Type 192.168.0.1 in the address bar at the top of the window.  Wait for a response.  If this times out try the address 192.168.1.1 in the address bar.  One of these addresses should work with your router.
  • Use your default username and/or password to access your router.
  • Go back to the manual and locate how to change the default password.
  • Now check the manual for how to disable remote access to the router settings.
  • Open a new tab in your web browser.  Search for the current firmware for your router on Google.  Download this software.
  • Check the user manual for the procedure to upload this firmware to your router. Replace your current compromised firmware with the freshly downloaded manufacture’s firmware.
  • Reboot your router to load the new clean updated firmware into the router memory.

Firewall replacement

One easy fix is replace your network router that you have had for the last six to ten years with a current model.  A new router off the retail shelf is probably not compromised.   It still has the same flaws as your ten year old router.  No anti-virus on the software that runs the device and no anti-intrusion software.  Router prices range from $90 to $350. During the installation change the default password and turn off remote support.  Check the user manual for help with this.

Another option is to buy a used router with OpenWRT, DD-Wrt, Tomato, Lede alternative firmware.  The factory firmware on Linksys routers was taken from the open source software sources.  Anyone can use and modify this software to improve performance, security, or add software options.  Several freelancers have made great improvements to standard router firmware.

If you have an old computer you can convert that machine to a true home next generation firewall.  The Sophos XG home firewall protects you from viruses, malware, intrusion protection, and phishing web sites.  This is a full product that gives you the same protection large corporations use to protect their offices.  A VPN server is included to give you safe internet browsing when you are using a public WiFi when you are away from home. You will need a second network card for the old computer.  Now you can stop threats at the Internet gateway to your home. Sophos uses a dual anti-virus scanning engine for double protection from online threats.

With the routers like these models you can add a filter to stop malware, viruses and annoying Internet ads with a RaTtrap. Rattrap connect between your cable or DSL modem and your router.   A RaTtrap device continuously receives threat information from RaTtrap security center online to protect you from current threats.

With so many options which one will you choose?

Upgrade your own router

To eliminate the security problems with factory installed firmware you can use third party software to solve security problems. DD-wrt, OpenWrt, Tomato, DEBwrt, HyperWRT are all open source firmware projects that create better solutions for many retail routers. Web sites for the firmware gives detailed instructions to install the new firmware on the routers. Below is a list of routers that can be upgraded using DD-wrt, Tomato or OpenWrt.

Affected Routers to Upgrade
Asus Linksys NetGear
RT-10 E1200 R7000
RT-10U E2500 R8000
RT-N56U E3000 R8000
RT-N66U E3200 WNDR4000
E4200 WNDR4300

Brands and models affected by VPNfilter

Asus Devices DLink Devices Linksys Devices NetGear Devices
RT-AC66U DES-1210-08P E1200 DG834
RT-N10 DIR-300 E2500 DGN1000
RT-N10E DIR-300A E3000 DGN2200
RT-N10U DSR-250N E3200 DGN3500
RT-N56U DSR-500N RV082 MBRN3000
RT-N66U DSR-1000 WRVS4400N R6400
DSR-1000N R7000
R8000
Qnap Devices, TP-Link Devices Ubiquiti Devices WNR1000
TS251 R600VPN NSM2 WNR2000
TS439 TL-WR741ND PBE M5 WNR2200
running QTS software TL-WR841N WNR4000
WNDR3700
Mikrotik Devices Upvel Devices ZTE Devices WNDR4000
CCR1009 Unknown models ZXHN H108N
CCR1016 Huawei
CCR1036 HG8245
CCR1072
CRS109
CRS112
CRS125
RB411
RB450
RB750
RB911
RB921
RB941
RB951
RB952
RB960
RB962
RB1100
RB1200
RB2011
RB3011
RB Groove
RB Omnitik
STX5

KRACK your WiFi is not secure

WiFi Alliance with WAP2 and KRACL'ed added

You WiFi traffic Exposed by Krack

On October 17th new problems were announced with devices that use WiFi communications.  The most common type of encryption for WiFi networks is flawed.  There are several demos now available on Youtube to demonstrate this weakness. The bad guys just need to view the videos to exploit this problem.

For business people this means there are ten new ways someone can eavesdrop on your WiFi network.  Every WiFi device is affected. Your phone, tablet and WiFi connected computer are all vulnerable. This includes any wireless terminals, tablets and phones used for credit card transactions.

What action should you take now to protect your network and intellectual property?

  •  Apply the October security updates to all Microsoft Windows devices
  •  Apply IOS update 11.1 for all Apple wireless devices
  •  Apply the November 6th 2017 security update from Google for android devices. You will need to contact each Android vendor to see when and if the security release is available.
  •  Update all WiFi access points with patches for KRACK. This should protect even unpatched devices like your wireless security cameras.
  • Use a VPN, virtual private network, to protect your phone and/or tablet when you are away from the office.
  • Scan your networks to get a list of all WiFi devices. You need an inventory of what you have left to patch.

In the Scottsdale Air Park

Most businesses in the Scottsdale Air Park use Wifi. From the latest information there are over 12,074 unique hardware addresses that are using the WPA2 encryption in the Scottsdale Airpark.  Some devices have multiple addresses for one wireless device.  You can check the public listing for know WiFi access points at the WiGlE web site.  How do we know the number of access points?  Because your WiFi broadcasts the information out to the street or parking lot every day, night and weekend.  Anyone with a cell phone can see who you are and where you are located.  The app to scan an locate an access point within a few feet is free.

About 30% of Scottsdale Air Park Businesses have not corrected the Wifi vulnerability from six years ago, WiFi Protected Setup.  The current map is found at a shared Google map.  Security Industry professional believe that it will take decades to fix this latest problem.  The current survey shows that businesses in the Airpark do not correct know problems in a timely manner.  For safety tips to secure your WiFi check the 8 steps to safer WiFi page.

Router Solutions

Most business class routers have patches to protect against the KRACK problem.  Unfortunately most small businesses don’t use business class access points or routers.   An example is the manufacturer Netgear.  They have 46 products that are affected, but only fourteen have upgrades available by early November 2017.  Many consumer grade routers can be upgraded with alternate firmware to improve performance and security.  DD-wrt, Tomato and OpenWrt are three firmware replacements.   DD-wrt has more user support than the other two options.  The LEDE project is a branch of OpenWrt which has over 3000 applications that can run on a router.  A current list of router and mobile device patches available is here.  The patches are just one end of the communication channel that needs to be changed.

VPN for your mobile device

A VPN, virtual private network, creates an encrypted path back to a safe place to browse the Internet.  This prevents anyone from reading your information transferred to the safe Internet connection.  Commercial vendors include Private Internet Access, IPVanish and CyberGhost.  The cost is $35/year to $144/year.  These costs are for each employee.  Free VPN software is available, but those company monetize your connection in other ways by selling ads on the network or selling your online activity and browsing habits to outside companies.

If you use dd-wrt, Openwrt, or Tomato on the router at your office OpenVPN is available to safely connect all of your mobile internet traffic back to your office.  OpenVPN does not have a per user or monthly cost.  Some new Asus, Netgear, Linksys and TP-Link internet routers have OpenVPN support also.  For a business with outside sales or service personnel this is a safe secure solution.

If you don’t want to monitor security for your computers and network we can help. There are simple inexpensive solutions to your network security. Just call us at (480) 822-7222.
For a free security assessment.
Altura IT provides affordable network security for small businesses in the Scottsdale area.

Phishing

Internet Crime Complaint Center logo

The May 2017 FBI report from the Internet Crime Compliant Center shows another increase of 8,260 victims of business email compromise. It is just a matter of time until you or one of your employees receive an email meant to trick them into sending your money to someone that does not deserve it.

Source IC3 2017 report

The FBI estimates the average loss of CEO fraud attacks at $25,000 to $75,000 per event. The report included this infographic to show losses by age groups.

Here is an example from one of my clients. The person that received the message determined the message was a scam. That is great for her company. Are all of your employees educated on what to look for in email scams? Did you know that you can get free training videos from phishme. The typical video last just 5 minutes. It gives effective training that can make everyone aware of deceptive email messages.

The IC3 report listed 12,000 reported incidents of the CEO fraud scheme in 2016. This scheme includes an email from the company CEO or CFO that requests a money transfer that needs to be done today. The email never comes from a business executive is uses the name or email address of a business executive. The CEO or CFO does not know about the message. It is easy to just call until you contact the person to verify the transaction.

The US Department of Justice suggests these action before you have a computer breach:

  • determine which of you data, assets, and services warrants the most protection
  • have a plan in place for computer intrusions
  • have technology and services available for a cyber security incident
  • have a company policy that allows network monitoring
  • ensure your legal counsel is familiar with technology and cyber incident management
  • adopt human resource policies that reduce the risk of cyber incidents
  • establish a relationship with your local federal law enforcement offices before you suffer a cyber incident
  • Establish Relationships with Cyber Information Sharing Organizations

The complete document is available at Cybercrime Unit.

Yahoo Breach

yahoo_logo
Everyone knows about the Yahoo’s data breach that affected 500 million user accounts. This is another opportunity to look at how you manage your online passwords and accounts.

If you have a Yahoo account change your password now. Use a password that is not used on any other online or offline account. Duplicate passwords are used by 73% of Internet users. Password managers are the right tool to make this easy. LastPass offers a free computer account for all passwords and important information. When using LastPass you only need to remember one pass phrase to unlock thousands of unique passwords.

autochangepw4To change your Yahoo password log into your email account.  Point your mouse at your name in the top right corner of the screen. Click on Account Info from the menu that appears. On the account information screen click on Account Security on the menu list on the left side of the screen.  After changing your Yahoo password, find the “Disable security questions” on the left of the Account Security screen.  Click on the link to clear all of you current security questions.

Yahoo also offers two step authentication. With this authentication you will need to have a password and a code sent to your cell phone to access your yahoo account. This occurs the first time you login from a new smartphone, tablet or computer.  TwoFactor lists all of the websites that have two factor authentication available.

A Yahoo account key can secure your account without using a password.  It does require that you use your cell phone to authorize each access from a new device.  Yahoo account key setup instructions are found here.

It is not just your login information that is at risk. Beware of phishing emails that are not from Yahoo. Yahoo is sending out an email to affected users.  Yahoo states “the email does not ask you to click on any links or contain attachments and does not request your personal information. If the email you received about this issue prompts you to click on a link, download an attachment, or asks you for information, the email was not sent by Yahoo and may be an attempt to steal your personal information. Avoid clicking on links or downloading attachments from such suspicious emails.” Do not download or click on any links sent in an email claiming to come from Yahoo. Any message containing a link or attachment is not from Yahoo.

If you have any questions or want to know more about how to secure your business on the Internet please contact us.

Ransomware in Office 365 email

Avanan’s blog reported a large ransomware attack against Office 365 users. Avanan’s Cloud Security Platform started to detect a massive attack on June 22nd. The payload was inside an attached Microsoft Word file. By June 23rd Microsoft was blocking the distribution of this attachment in email messages. Avanan estimated that 57% of companies using Office 365 email received at least one message last week.

A variant of the Cerbex ransomware was found in the offending email attachments. If Cerbex executed on any computer all of the working files would be encrypted. A demand message for a $500 payment in bitcoins to unlock the files appears. All of your files are gone. Your last resort is a good offsite backup of everything that you have ever created.

Cerbex ransomware when Microsoft Macros are enabled

If you do not have an advanced malware protection service like Avanan then protect your office by disabling unsigned macros in Microsoft Word. If you have a domain controller you can block macro files from the Internet for all of your computers. The instructions from Microsoft can be found here.

McAfee Labs has seen a 165% rise in ransomware attacks in the first quarter of 2015. Seven hundred thousand attacks were detected just by McAfee in Q1, 2015. In April of 2016 Hory county school district in South Carolina paid over $10,000 in ransom to restore encrypted files from just one attack. In 2015 the FBI received 2,453 complaints about ransomware, costing the companies or users more than $24 million dollars.

An ounce of prevention is less than a pound of cure once again.

Who is watching your data? Need some help? Just send us an email.