Stagefright – Android malware

This past week, the mobile security firm Zimperium discovered a major vulnerability within the Android operating system. This vulnerability, nicknamed Stagefright, has the potential to impact around 950 million Android devices. This exploit is unique in that users do not have to do anything in order for the malicious code to be downloaded to their phones. Once a hacker has gained access, they can completely take over your phone, from stealing or deleting your data, to turning on your camera and microphone. Morning Edition on NPR has a good explanation of both the vulnerability and challenges with this security threat: Major Flaw In Android Phones Would Let Hackers In With Just A Text

Several smartphone manufactures and wireless carriers have already developed and deployed necessary patches to resolve the issue; others are actively working on a patch release. In the meantime, Android users can defend themselves in the following ways:

Turn off “Auto Retrieve MMS” in all messaging apps
The scariest part of this particular vulnerability is that the user does not need to open the message for the virus to be activated. Many androids are set to automatically download images and videos within messaging apps, the virus is automatically downloaded upon receipt. To avoid this, the Office of Information Security (OIS) recommends turning off “Auto Retrieve MMS” in all messaging apps. Instructions can be found on the Digital Trends website.

Enable automatic updates
Turning on automatic updates will ensure that patches are installed as soon as they are released. Patches are targeted at known vulnerabilities, so automatic updates help you to protect yourself from security threats. In fact, a recent security study done by Google found that the top practice recommended by security experts was installing software updates.

Never play a video multimedia text message (MMS) from anyone you do not recognize
Stagefright happens when message containing a video with embedded malicious code is received. As with emails, you should never click on any links or images in text messages from people you do not know. Remember, regardless whether it is an email or text message, opening messages from people you do not know can be dangerous.

Questions or concerns? Please contact the Office of Information Security at OIS@neu.edu.

For the latest news on security issues, visit the Office of Information Security website or follow SecureNU on Twitter. To stay updated with all things tech-related, please visit the ITS website or follow NortheasternITS on Twitter.

Related links:
ZDNet – Stagefright: Just how scary is it for Android users?
Twilio – How to Protect Your Android Phone From the Stagefright Bug

Posted in Malware, Anti-Virus, Phishing, Scams, Safe Computing | Comments closed

Adobe Flash Vulnerabilities

The Hacking Team, a group of digital activists, was hacked earlier this summer. Within the data that was compromised, three Adobe Flash vulnerabilities were discovered; CVE-2015-5123, CVE-2015-5122, CVE-2015-5119.

Adobe has patched two of the three vulnerabilities but has yet to release a patch for the third. While Adobe has committed to patching all three vulnerabilities by the end of the week, many organizations are putting protections in place. For example, Mozilla Firefox is now blocking Adobe Flash by default. The block will remain in place until a version is running that contains a patch for all three vulnerabilities.

Below are some additional tips to protect yourself from the Adobe Flash vulnerabilities:

– Make sure you have Symantec installed and updated! (http://www.northeastern.edu/its/services/software/sep/)
– Avoid using Adobe Flash. Please see below for instructions on how to disable Adobe Flash in your browser.
– If you must use flash, use Firefox or Chrome. Both have a built-in “sandbox” feature which “adds an additional layer of protection to your browser by protecting against malicious web pages that try to leave programmes on your computer, monitor your web activities or steal private information from your hard drive” (https://tools.google.com/dlpage/res/chrome/en-GB/more/security.html)

—–
Disabling Adobe Flash:

Internet Explorer versions 10 and 11
Open Internet Explorer
Click on the “Tools” menu, and then click “Manage add-ons”
Under “Show”, select “All add-ons”
Select “Shockwave Flash Object” and then click on the “Disable” button
You can re-enable Adobe Flash Player by repeating the same process, selecting “Shockwave Flash Object”, and then clicking on the “Enable” button.
Guidance for users of earlier versions of Internet Explorer is available on the Microsoft website. Select the version of Internet Explorer you are using at the top right corner.

Firefox
Open Firefox
Open the browser menu and click “Add-ons”
Select the “Plugins” tab
Select “Shockwave Flash” and click “Disable”
You can re-enable Adobe Flash Player by repeating the same process, selecting “Shockwave Flash”, and then clicking on the “Enable” button.

Chrome
Type “chrome:plugins” in the address bar to open the page
On the Plugins page that appears, find the “Flash” listing
To disable Adobe Flash Player completely, click the “Disable” link under its name
To enable Adobe Flash Player, click the “Enable” link under its name

Posted in Uncategorized | Comments closed

Tips for Sending Sensitive Information via Email

Thanks to the internet, we are sharing more than ever! Most of the time, we don’t think anything of it. Need to send over those tax documents to your accountant? No problem! Just send them over via e-mail, right?

Before you hit send, here are a few tips on how to better secure your information when sending it over e-mail.

tips for sending info via email

Posted in Safe Computing, SecureNU Information | Comments closed

China is conducting a massive DDoS attack against GitHub

GitHub.com, a popular code repository, hosts two projects that allow users in China to bypass the Great Firewall of China (GFW) to view the New York Times and GreatFire.org.

This attack is designed to take down GitHub and the GFW projects using a technique called Man-on-the-Side attack. When a user visits a website that is behind the GFW, the firewall itself returns to the user browser attack code that takes part in a distributed denial of service (DDoS) attack against GitHub. The attack code tells the browser to continuously reload the GitHub project URL with the purpose of overloading the server. This process is magnified over millions of times to create what GitHub has called “the largest DDoS attack in github.com’s history”.

As described by Netresec:

In short, this is how this Man-on-the-Side attack is carried out:
1. An innocent user is browsing the internet from outside China.
2. One website the user visits loads a javascript from a server in China, for example the Badiu Analytics script that often is used by web admins to track visitor statistics (much like Google Analytics).
3. The web browser’s request for the Baidu javascript is detected by the Chinese passive infrastructure.
4. A fake response is sent out from within China instead of the actual Baidu Analytics script. This fake response is a malicious javascript that tells the user’s browser to continuously reload two specific pages on GitHub.com.

As stated on Vice.com: “In other words, even people outside China are being weaponized to target things the Chinese government does not like[.]”

Fortunately this latest attempt at Internet censorship can be prevented with encryption. Encrypting web traffic through HTTPS makes it much harder for the GFW to view and manipulate network traffic between client and server. With network traffic encrypted the firewall would not be able to read let alone insert attack code sent back to the client. This option is not foolproof and there are a ways that the GFW can read encrypted traffic, but encrypting all web traffic will go a long way to prevent these types of attacks from nations and criminals alike.

Lets Encrypt https://letsencrypt.org Sponsored by EFF, Cisco, Mozilla, Akamai

More Information about the attack:

Netresec.com China’s Man-on-the-Side Attack on GitHub:

TechDirt.com China’s Great Firewall Turned Around: Why China Wants To Censor Global Internet

EFF.org China Uses Unencrypted Websites to Hijack Browsers in GitHub Attack

ThreatPost: DDOS ATTACK ON GITHUB LINKED TO EARLIER ONE AGAINST GREATFIRE.ORG

Posted in Uncategorized | Comments closed

Antivirus works – here are the numbers

Here are the malware and virus statistics for the past month:

The Northeastern offered Symantec Endpoint Protection (SEM) has blocked or deleted over 20 thousand pieces of malware and Trojan viruses from protected OS X and Windows computers. This includes 80 instances of ransomware, malware that makes a computer unusable until the victim pays a ransom. SEM has blocked Fake Adobe Flash updates, fake anti-virus popup alerts, browser and computer exploit kits, generally malicious network activity, and others.

Antivirus along with keeping the operating system and software up-to-date, maintaining an active firewall, and smart email and web browsing habits are all part of a safe computing posture that will help keep the attackers out.

There are at least 80 people at Northeastern this past month who have not been locked out of their data thanks in part to antivirus software.

Symantec Endpoint Protection is available free for the Northeastern community.

Get Symantec Endpoint Protection today!

Posted in Malware, Anti-Virus, Phishing, Scams, Safe Computing | Comments closed

Phishing Email – Your New Salary As Adjusted

phishing2015Click image for larger version

The Northeastern Community has received a new phishing email with the subject: “Your New Salary As Adjusted.” The email asks the user to click on a link and enter their myNEU credentials.

This email is a fake. Do NOT click on the link in the email. Delete from your inbox.

If you clicked on this email and entered your credentials you must change your password and password reset challenge question immediately. Please contact the Service Desk for assistance at 617-373-4357.

Northeastern will NEVER ask your to confirm your credentials in an email. This is a sure sign that the email is fraudulent. Please contact the Service Desk if you are unsure if an email from Northeastern is real.

Posted in Malware, Anti-Virus, Phishing, Scams | Comments closed

Changes to Remote Desktop – VPN Access

Starting today, the new standard for remote desktop access goes into effect. Under this standard, all individuals using certain remote desktop applications – such as Microsoft Remote Desktop Protocol (RDP), PC Anywhere, and Apple Remote Desktop – to connect to Northeastern resources must use the VPN in order for those applications to work properly. A full list of applications is provided below.

At this time, other applications and services are not impacted by the new remote desktop access standard; SSH, FTP, HTTP, HTTPS will continue to be accessible without the new VPN. Please note that the VPN requires a myNEU username and password in order to log in, so individuals who do not have a myNEU username and password (including non-Northeastern researchers and/or contractors) will need to obtain one through a Sponsored Account.

Impact
This new standard only impacts individuals trying to access on-campus computers or servers, from an off-campus location, using one of the remote desktop applications listed below. These individuals must connect to the VPN first, then they may start using those specific remote desktop applications.

Getting Started with the VPN
To use the VPN, you will need to install the new VPN client software – Palo Alto GlobalProtect. This software is ready and available to the Northeastern community, as detailed in the How To’s link below. A list of operating systems that support the new GlobalProtect VPN client software is available here.

VPN Installation, Set Up & Connection How To’s

Applications That Require The VPN To Function Properly From Off-Campus
• AirDroid
• Apple Remote Desktop
• Avocent
• BeInSync
• Dell Remote Access Card (DRAC)
• DeskShare
• eklogin
• exhelp
• Glide
• Jump Desktop
• klogin
• Layer 2 Tunneling Protocol (L2TP)
• Mocha RDP
• Mosh (Mobile Shell)
• Microsoft Hyper-V Virtual Machine Connection
• Microsoft Remote Desktop Protocol (RDP)
• PC Anywhere
• PC-over-IP (PCoIP)
• Pocket Controller Pro for Windows
• Point-to-Point Tunneling Protocol (PPTP)
• Rexec
• vR-services
• Radmin
• RDM+ Remote Desktop
• rlogin
• Remote Shell (rsh)
• ScreenConnect
• Synergy
• TeamViewer (direct IP-IP)
• Telnet
• VNC
• Webot
• webRDP
• X Font Server
• X11
• XDMCP
Questions or concerns? Please contact the ITS Service Desk at 617.373.4357 (xHELP) or help@neu.edu.

Posted in NU Policy, Safe Computing | Comments closed

JAN 26, 2015 Blizzard Public Information Statement MEMA

The Massachusetts Emergency Management Agency sent out these steps to help stay safe through what is being called a potentially “Historic Blizzard.”

*You can also view the UniversalHub French Toast Alert for the latest storm updates.

MEMA’S TIPS FOR PREPARING FOR THE STORM

FRAMINGHAM, MA – “Before the arrival of the storm this evening, it is important that you take the proper steps to ensure the safety of your family and home,” said Massachusetts Emergency Management Agency (MEMA) Director Kurt Schwartz.

• Ensure your Emergency Kit is stocked with supplies to enable you to survive on your own for at least three to five days. There should be a first-aid kit, essential prescription medicines, non-perishable foods (those that require no refrigeration such as canned goods, dried fruits and nuts), a manual can opener, water (one gallon per person, per day), flashlights and extra batteries along with a portable radio or NOAA Weather Radio, baby-care or pet supplies items, extra blankets, sleeping bags and a fire extinguisher.

• Ensure that your Winter Emergency Car Kit is well stocked to keep you and your vehicle safe.

• This storm has the potential to bring widespread power outages, so take the opportunity to fully charge your cell phone, laptop, and any other devices in advance of a power outage.

• Those along the coast should be aware of potential flooding. Pay close attention to directives from you local public safety officials.

• Keep extra batteries for your phone in a safe place or purchase a solar-powered or hand crank charger. These chargers are good emergency tools to keep your laptop and other small electronics working in the event of a power outage. If you own a car, purchase a car phone charger because you can charge your phone if you lose power at your home.

• Gas up you automobiles because many local filling stations may also lose their ability to pump gas.

• Download the free Massachusetts Alerts app to your smartphone to receive important weather alerts and messages from MEMA. Easy instructions are available at www.mass.gov/mema/mobileapp.

• Trim dead tree branches and limbs close to your home. Ice, snow and wind can combine to snap limbs that can take down power lines or damage your home.

• Clean gutters. Melting snow and ice can build up if gutters are clogged with debris. When thawing begins, the water can back up under your roof and eaves causing damage to walls and ceilings.

• Check your homeowner’s insurance policy to ensure adequate coverage.

• Ensure that your Smoke and Carbon Monoxide (CO) detectors are working correctly and have fresh batteries. Check your outside fuel exhaust vents, making sure that they are not obstructed by snow or ice. Never use cooking equipment intended for outside use indoors as a heat source or cooking device

• Have sufficient heating fuel, as regular sources may be cut off. Have the option of emergency heating equipment and fuel (a gas fireplace, wood burning stove or fireplace) so you can safely keep at least one room livable. Be sure the room is well ventilated.

• To keep pipes from freezing, wrap them in insulation or layers of newspapers, covering the newspapers with plastic to keep out moisture. Let faucets drip a little to avoid freezing.

• Know how to safely shut off gas, electric power and water valves.

• If you use medical equipment in your home that requires electricity, talk to your health care provider about how you can prepare for its use during a power outage. Ensure you have extra batteries for medical equipment and assistive devices.

• If you have life-support devices that depend on electricity, contact your local electric company about your power needs for life-support devices (home dialysis, suction, breathing machines, etc.) in advance of an emergency. Some utility companies will put you on a “priority reconnection service” list. Talk to your equipment suppliers about your power options and also let the fire department know that you are dependent on life-support devices.

• Find out about individual assistance that may be available in your community if you need it. Register in advance with the local emergency management agency, the local fire department, other government agencies or non-profit groups. Tell them of your individual needs or those of a family member and find out what assistance, help or services can be provided.

• If you use in-home support services, Meals-on-Wheels, Life Alert or other support services, work with them to personalize emergency preparedness plans to meet your needs so you can keep in touch with them during and after an emergency. That contact may be your lifeline to other services in a disaster.

• If you have or may have transportation needs, work with local transportation providers and/or disability services (e.g., Paratransit, Independent Living Centers) to plan ahead for accessible transportation.

• Develop back-up plans for personal assistance services, hospice or other forms of in-home assistance.

• Be a good neighbor. Check in on friends, family, and neighbors, particularly those most susceptible to extreme temperatures and power outages such as seniors and those with access and functional needs.

MEMA is the state agency charged with ensuring the state is prepared to withstand, respond to, and recover from all types of emergencies and disasters, including natural hazards, accidents, deliberate attacks, and technological and infrastructure failures. MEMA is committed to an all hazards approach to emergency management. By building and sustaining effective partnerships with federal, state and local government agencies, and with the private sector – – individuals, families, non-profits, and businesses – – MEMA ensures the Commonwealth’s ability to rapidly recover from large and small disasters by assessing and mitigating threats and hazards, enhancing preparedness, coordinating response operations, and strengthening our capacity to rebuild and recover.

For additional information about MEMA, go to www.mass.gov/mema. Also, follow MEMA on Twitter at www.twitter.com/MassEMA; Facebook at www.facebook.com/MassachusettsEMA; and YouTube at www.youtube.com/MassachusettsEMA. Massachusetts Alerts: to receive emergency information on your smartphone, including severe weather alerts from the National Weather Service and emergency information from MEMA, download the Massachusetts Alerts free app. To learn more about Massachusetts Alerts, and for additional information on how to download the free app onto your smartphone, visit: www.mass.gov/mema/mobileapp.

Posted in Uncategorized | Comments closed