What to do after installing Ubuntu 16.04 Xenial Xerus

I never use anything but LTS if and when I put Ubuntu on my machines so I will not cover 15.10 or 16.10. These are some of the things to do right after installing Ubuntu on your computer.

Important:
This is not an exhaustive list nor is it the only things to do. If you have anything to add, please leave a comment below.

Most of these steps will be terminal based so start up a terminal. Press the super key (the Key Formerly Known as the Windows Key) to bring up the Unity dash. Then, type in terminal and choose the icon for the terminal program.

Continue reading What to do after installing Ubuntu 16.04 Xenial Xerus

Advertisements

Bringing down the Net?

Security expert Bruce Schneier recently talked about how someone is learning how to take down the internet. We have seen lots of companies talk about attacks on their infrastructure, breaches, hacking and stealing accounts, etc. As per the companies, it seems name of the attacks are made out to seem like probing for ways to get into networks and do harm.

It reminds me of the US’s Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities.
– Bruce Schneier

Continue reading Bringing down the Net?

Being13: Inside the Secret World of Teens

If you are a parent, thinking about becoming one or know a parent that can benefit from this coverage; please allocate some time and watch and pass the word on to as many families as you can. This is an important piece that parents, guardians and well, everyone needs to watch; and make sure your child(ren) watch it with you. In today’s word where the interwebs is the place to be and where children spend most of their time; it is important that we all know what they do, how they are living their social lives, what they are doing online and with whom, etc. Anderson Cooper captures a lot of this in the #Being13 special report.

I have written these pieces:

and there will be more to come.

Atlanta (CNN) For the past two years, CNN has been investigating how teens use social media.

#Being13: Inside the Secret World of Teens airs on October 5th (tomorrow) at 9 p.m. ET on CNN

Across the country, eighth graders (with the permission of their parents and schools) allowed child development experts into their online world. Experts studied 150,000 posts across Instagram, Twitter and Facebook.

Ahead of the special, CNN asked some of the teens who participated in the study about the impact of social media on their lives. Their answers express solely their opinion and are edited for brevity and clarity.

What does social media mean to you?

Morgan: Social media means a lot to me, and it’s very important in my eyes. A lot of my life revolves around it. So, without social media, my life would be pretty different.

Zack: Social media, to me, means a place where I can post things about myself for other people.

Jay: Honestly, I really love social media. Social media is a great way to chat with your friends.

Emmy: It makes me feel really happy — I guess? I don’t know how to explain it. It gives me mixed emotions, but most of the time it makes me feel very happy. I don’t know, it is just something I really like to do.

What is the purpose of social media?

Morgan: To me, social media’s purpose is to have a way to connect with people online. It helps you to still be in touch with lots of people even if it’s not face to face. It can also have the purpose of letting people know who you really are. People can be themselves, and be more open than they might be in person.

Zach: The purpose of social media is so I can express who I am, what I do and places I go.

Jay: Social media definitely has more than one purpose. One of the ways is to interact with your friends and meet new people. Actually, it is funny that you ask, because my school just based everything online. They are making us get these apps, and then we get all of our homework on it. So now, everything is basically off social media, Facebook and everything. Like, I am in this class, and they give us stuff to do that is on the Facebook page. We have to get this app called Google classroom. We are basically going paperless. Everything is going to be online now.

Emmy: I would say to be connected to everything and everybody in your school and your friends and have like a mini community online.

Describe what it feels like when you are cut off from social media?

Morgan: Being cut off from social media is awful. Even just one day off it makes you feel like you’re totally out of the loop on everything. I always feel like I miss out on tons of stuff, and everyone knows more than me about what’s been going on lately.

Zach: It feels as if something really important has been taken away, and if I don’t have it, I will just be a more grumpier and frustrated person in general.

Jay: Oh well, it happens a lot because my mom keeps taking away my phone. I guess sometimes I feel like I am not able to talk with anyone. I feel sort of like cut off from all my friends, because I am not going to be able to talk to them to see what they are doing. When you think about it, that is one of the only ways you can interact with them when you are not with them.

Emmy: It makes me very upset. My parents would ground me from my phone before they would ground me like into my room, because I am constantly always on it. If I am disconnected from that, I just feel like I have nothing to do. Everything I do is on my phone. I go outside and play sports, but I am always doing that. I am always on my phone — usually. So, when I am disconnected, I am very upset and just beg and beg my parents to give me it back. Or, I ask my friends when I get to school, “What’s been going on?” So like, everybody knows what is going on, but I am the only one that is out. I feel left out.

Do parents and teachers understand why social media matters so much to kids your age? What don’t they get about it?

Morgan: I don’t think parents and teachers understand why social media matters so much to kids my age. They don’t get that everything relies on how we look in a picture, how many likes/followers we have, if we get a comment back from someone, etc.

Zack: What don’t they get about it? They do understand that it is very important to us, but they don’t understand why. Because, when they grew up they didn’t have the social media that we have. So, they don’t understand why or how important.

Jay: Oh, definitely not! My parents don’t have social media or anything, where our generation has grown up with the advanced iPhones and new apps coming out. But my parents just see it as distractions. Like to us, it was basically something we grew up with and something we have known all our lives.

Emmy: Since they didn’t have it when they were younger, they don’t understand why we are constantly on it. They don’t understand why we have to post everything, because they know some people might get mad or offended by it. They just don’t get it. Like, I know my dad uses social media, but they still don’t use it as much as we would.

Cooper quotes from one of the many online attacks that his team unearthed.

“Go die. Stop trying to be popular,”

“Holy s— your [sic] ugly.”

(And that’s one of the tamer ones!)

Headlines from CNN’s “Being13: Inside The Secret World of Teens” include:

  • Middle schoolers view social media as a real time score board for a 24/7 popularity contest.
  • Students in our study admit checking their social media accounts more than 100 times a day. Middle schoolers “check” social media more than they post. The more they look at social media, the more distressed they can become.
  • Social media interactions often matter more than real life conversations. The line between the real world and the cyber world no longer exists to middle schoolers.
  • #Being13 identifies new, painful ways teens bully and strategically exclude each other on social media. More than a third of middle schoolers admit they purposely exclude others online.
  • 94% of parents underestimated the amount of fighting on social media. We decode the language teens don’t want their parents to understand.
  • 15 percent of middle schoolers admit they have received inappropriate photos, many of which are used for revenge porn.
  • #Being13 explores the connection between selfies and self-esteem. We’ll introduce viewers to teens who take 200 selfies before selecting which one to post.
  • “#Being13: Inside The Secret World Of Teens” also gives families a practical roadmap for navigating the new challenges of parenting plugged-in Tweens. We show parents what to worry about and what to let go, and how to use social media as a way to deepen their relationships with their children.“Being 13” is a follow up to AC360°’s Emmy award winning special report, “Bullying: It Stops Here.”

Shellshock: Better ‘bash’ patches now available

The first patches for Shellshock didn’t offer complete protection. The latest revisions of this patch for the popular Mac OS X, Linux, and Unix bash shell security problem were released on Friday, offering greater defenses against hackers.

The problem with the first patch, as Red Hat explained in its Shellshock FAQ, was that it only took care of the original bash flaw CVE-2014-6271. This, the true Shellshock bug, is the worst bash security hole. There were also others.

Red Hat said: “Shortly after that issue went public a researcher found a similar flaw that wasn’t blocked by the first fix and this was assigned CVE-2014-7169.” This bug is also a security problem, but it’s not as bad as the other flaw.

Later, Red Hat Product Security researcher Florian Weimer found additional problems and these were designated CVE-2014-7186 and CVE-2014-7187. Fortunately, these bugs are less serious and the latest patch takes care of these as well. As Red Hat’s Huzaifa Sidhpurwala told me: “The latest version of bash fixes all the CVE issues.”

So, what you want to do now, if you haven’t already, is check to see if you’re running a vulnerable version of bash. Continue reading Shellshock: Better ‘bash’ patches now available

Thousands of Apple devices being infected with AdThief malware

Security researcher Axelle Apvrille recently published a paper about AdThief, a malware aimed at hijacking ad revenue from a reportedly 75,000 infected devices. First discovered in March 2014, and also known as “spat,” the malware, which comes disguised as a Cydia Substrate extension, was found to replace the publisher ID of publishers with the one of the malware creator, effectively attributing all ad revenue to him.

iOS/AdThief!tr
iOS/AdThief!tr hijacks advertisement revenues and redirects them to accounts owned by the attackers.

A publisher ID is used to identify a publisher’s account on an ad platform, which helps track revenue generated by said publisher. By being able to swap the publisher’s publisher ID with his own, the malware creator was able to hijack revenue from about 22 million ads. In effect, when clicking on an ad, an infected user would generate ad revenue for the attacker instead of the developer of the application or website.

  • Infected devices: ~75k
  • Total activate times: ~22m
  • Daily activate times (around 3/20/2014): ~22k

The malware was designed to target ad kits from 15 ad networks, including Google-owned AdMob and Google Mobile Ads, both representing a large share of mobile advertising at least here in the US. Other American companies targeted by AdThief are AdWhirl, MdotM, and MobClick. The remaining targeted ad networks were all from China or India.

TARGETED ADKITS

A list of mobile adkits targeted by the malware is provided in a report: YouMi, Vpon, MobClick, Umeng, AdSage/MobiSage, MdotM, InMobi, Domob, AdWhirl, AdsMogo, Google Mobile Ads SDK, AderMob, Weibo, MIX SDK and Poly SDK. The majority of these are Chinese, four are based in the US, and two in India.

In his report, Xiao remarks that Weibo is a popular social network in China, but is unable to attribute MIX SDK and Poly SDKmore precisely. In fact, Sina Weibo, introduced in 2013, is an advertisement SDK, so that solves one mystery.

MIX SDK can be attributed to GuoHeAD. It probably refers to the GuoHe MIX platform for cross-promotion of mobile games. This is also backed up by the name of a source file found in the malware: /Volumes/MacOsStore/Project/IOS/SpAd/SpAd/AD_GuoHe.xm.

Finally, Poly SDK is not a new adkit: it corresponds to AderMob. This is confirmed when downloading the AderMob iOS SDK.

Hijacked advertisements in iOS/AdThief

AderMob http://adermob.renren.com/ China
AdMob and Google Mobile Ads http://www.admob.com/ USA
AdsMogo http://www.adsmogo.com/en China
AdSage/MobiSage http://www.adsage.com/mobiSage China
AdWhirl http://www.adwhirl.com USA
Domob http://domob.cn China
GuoHeAD http://www.guohead.com China
InMobi http://www.inmobi.com India
Komli Mobile http://www.komlimobile.com/index India
MdotM http://www.mdotm.com USA
MobClick http://www.mobclix.com USA
UMeng http://www.umeng.com China
Vpon http://vpon.com China
Weibo http://us.weibo.com China
YouMi http://www.youmi.net China

Implementation details of adkit hooks found in iOS/AdThief.A!tr

Adkit source Filename Typical class names
AderMob AD Ader.xm AderSDK*
AdMob and Google Mobile Ads SDK AD AdMob.xm GAD*
AdsMogo AD AdsMongo.xm AdMoGo*
AdSage ? MobiSageAd*
AdWhirl AD Adwhirl.xm AdWhirl*
Domob AD DoMob.xm DM*
GuoHeAD AD GuoHe.xm MIXView*
InMobi AD InMobi.xm IMAd*
Komli Mobile AD KomliMobile.xm APIManager*
MdotM AD MDotM.xm MdotM*
MobClick ? MobClick*
UMeng AD UMeng.xm UMUFP*
Vpon AD Vpon.xm VponAdOn*
Weibo AD Weibo.xml DXAdHWB*_
YouMi AD Youmi.xm YouMi* – delegated to Google Ads

Conclusion

iOS/AdThief is a technical and malicious piece of code which hijacks revenue from 15 different adkits. It is built on top of the Cydia Substrate platform, available for jailbroken devices, which provides it with an easy way to modify advertisement SDKs. With Substrate, the malware needs only to focus on the call and implementation of each hook.

At first, the identification of every adkit the malware targets was difficult because the code mentions only class names used by each adkit SDK. However, the fact that the malware author did not strip out debugging information helped us to identify all 15 adkits. In particular, this is how support for Komli Mobile and GuoHeAD was detected.

Links

  • Get the bulletin here
  • Read Claud Xiao’s report here

Over a Billion Internet Passwords Hacked

A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.

The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.

Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable. At the request of The New York Times, a security expert not affiliated with Hold Security analyzed the database of stolen credentials and confirmed it was authentic. Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information.

“Companies that rely on user names and passwords have to develop a sense of urgency about changing this,” said Avivah Litan, a security analyst at the research firm Gartner. “Until they do, criminals will just keep stockpiling people’s credentials.”

Websites inside Russia had been hacked, too, and Mr. Holden said he saw no connection between the hackers and the Russian government. He said he planned to alert law enforcement after making the research public, though the Russian government has not historically pursued accused hackers.

So far, the criminals have not sold many of the records online. Instead, they appear to be using the stolen information to send spam on social networks like Twitter at the behest of other groups, collecting fees for their work.

Checking if a site is safe to visit

If you want to make sure that a site you are about to visit is safe, do the following:

Add the url you want to visit to the end of this url:

http://www.google.com/safebrowsing/diagnostic?site=

Google will then return four sets of security information about that page.

  1. The current listing status of a site and also information on how often a site or parts of it were listed in the past.
  2. The last time Google analyzed the page, when it was last malicious, what kind of malware Google encountered and so fourth.
  3. Did the site facilitated the distribution of malicious software in the past?
  4. Also, has the site has hosted malicious software in the past?

LastPass putting Customers first, finds Security Holes and Patches them

In a time where security is so important and where companies try to hide security breaches from their customers, in comes LastPass showing that trust means to step up to issues as you find them, admitting when things go sour and fixing them before they become an issue. In their recent blog post,  LastPass noted that the bugs were discovered in August 2013 by a researcher at UC Berkeley and fixed immediately, all with no evidence that any of their users were affected.

From their blog post:

In August 2013, a security researcher at UC Berkeley, Zhiwei Li, contacted us to responsibly disclose novel vulnerabilities with the LastPass bookmarklets (actively used by less than 1% of the user base) and One Time Passwords (OTPs)

Lastpass said they are just now speaking of it because they wanted to allow the research team publish their research on their own schedule.

Here is what LastPass recommends:

If you are concerned that you’ve used bookmarklets before September 2013 on non-trustworthy sites, you may consider changing your master password and generating new passwords, though we don’t think it is necessary.

An excerpt from the research paper:

Abstract
We conduct a security analysis of five popular web-based password managers. Unlike “local” password managers, web-based password managers run in the browser. We identify four key security concerns for web-based password managers and, for each, identify representative vulnerabilities through our case studies. Our attacks are severe: in four out of the five password managers we studied, an attacker can learn a user’s credentials for arbitrary websites. We find vulnerabilities in diverse features like one-time passwords, bookmarklets, and shared passwords. The root-causes of the vulnerabilities are also diverse: ranging from logic and authorization mistakes to misunderstandings about the web security model, in addition to the typical vulnerabilities like CSRF and XSS.

Our study suggests that it remains to be a challenge for the password managers to be secure. To guide future development of password managers, we provide guidance for password managers. Given the diversity of vulnerabilities we identified, we advocate a defense-in-depth approach to ensure security of password managers.

Big Data Is Just a Big Scam

The newly emergent “big data” meme has never been defined in any meaningful and definitive way. It’s the most amorphous new buzz-term that I’ve seen for a decade. It’s one of those “eye of the beholder” terms used to liven up a seminar and eventually soak investors.

Let’s start by asking what does big data mean? Lots of data? More data than you can handle? Amorphous data? Out of control data? Useful data for analysis? Useless data? Information overload?

If you read enough about big data, it is all of the above and more. The key is not the data, but the challenge of how to handle the data and what to do with the data itself.

In other words, how can we make this huge pile of data, that we have managed to accumulate, be useful in new and profitable ways? The data pools can come from anywhere via various computing mechanisms such as Facebook posts, NSA logs, mailing lists, customers, etc.

I would argue that most readers of this column are themselves repositories of big data. I just bought a 3 Terabyte drive for backup. I have a lot of data to back up! Big data!

From what I can tell, what Big Data does best is spy on individuals.

A useful tool I can imagine would be a big data analysis tool that the police could use to find you guilty of some random crime by going through your files. Or at least find something that would embarrass you. Big data!

This all harkens back to a comment made by a former CEO of American Express, who told an audience that if the company wanted to (and this applies to all credit card companies) it could use your personal buying habits and tendencies to put together a complete dossier and definitely tell if you are having an affair or not. Big data!

None of this sounds good or healthy for the society. Jumping to conclusions, making assumptions, acting on false assumptions. Hounding the public with useless advertisements.

Full Article

Heartbleed is back and it’s looking for enterprise wireless networks

A researcher has uncovered new ways to exploit the Heartbleed OpenSSL vulnerability, potentially exposing enterprise wireless networks, and the devices that connect to them, to a new wave of Heartbleed attacks.

Originally exposed in April, Heartbleed is a critical vulnerability in the OpenSSL encryption library that could expose up to 64 KB of memory on a vulnerable client or server if exploited, including keys used for X.509 certificates, authentication credentials and other communication protected by the open source encryption project.

The Heartbleed flaw was the result of a missing bounds check in the handling of the TLS heartbeat extension, and was thought to be exploitable only over TCP connections and after the TLS handshake. However, Luis Grangeia, a researcher with Portugal-based infosec consulting firm Sysvalue, found new ways to exploit the OpenSSL vulnerability.

In a May 30 blog post, Grangeia provided details on the new proof-of-concept, dubbed Cupid, which exposes TLS connections over the Extensible Authentication Protocol (EAP), and that allows for the deployment of authentication mechanisms like smart cards and one-time passwords over wireless networks. Grangeia explained that the EAP mechanisms potentially affected by Cupid include those that use TLS, namely EAP-PEAP, EAP-TLS and EAP-TTLS. Continue reading Heartbleed is back and it’s looking for enterprise wireless networks