Police Body Cameras Infected with Conficker Worm

Posted on November 18, 2015 by Carmelo

Conficker is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. It uses flaws in Windows OS software and dictionary attacks on administrator passwords to propagate while forming a botnet, and has been unusually difficult to counter because of its combined use of many advanced malware techniques. The Conficker worm infected millions of computers including government, business and home computers in over 190 countries, making it the largest known computer worm infection.

iPower Technologies, a Boca Raton based network integrator, discovered the a security vulnerability in the Martel Frontline Camera with GPS which is sold and marketed as a body camera for official police department use.  iPower is currently working to develop a cloud based video storage system for government agencies and police departments to store and search camera video.

The video below shows a test computer that is clean, with wireshark running, before attaching the body camera to after attaching the camera and infection taking place. You can see it start scanning the local network, looking for more victims to attack.

The question is, how does a fresh, out of the box, body camera, come complete with a worm from 7 years ago? It had to be infected during manufacturing.

Posted in Security Blog | Tagged , , , , , , , , , , , , , , , , | Comments Off on Police Body Cameras Infected with Conficker Worm

A Different Terror in France!

Posted on November 18, 2015 by Carmelo

Airport systems in Paris Orly International Airport use a system called DECOR, which is used by air traffic controllers to communicate weather information to pilots. Pilots rely on the system when weather conditions are poor. The problem with DECOR is that it runs on Windows 3.1 which hasn’t been supported since 2001.

DECOR’s breakdown on Saturday prevented air traffic controllers from providing pilots with Runway Visual Range, or RVR, information. The RVR is a value that determines the distance a pilot can see down the runway. Add to the mayhem, Orly was engulfed by a fog even as the engineers tried to find and patch the glitch in the operating system. The result was that all flights landing and taking off from Orly airport were grounded as a precaution through the day. Flights were diverted to other Airports in Paris, such as Charles de Gaulle and Lyon.

scandiskdos

Installation of MS-DOS 6.22, the underlying operating system Windows 3.1 sits on top of.

There are only 3 people who know how to perform maintenance on this system and 1 of them is retiring soon. They plan on decommissioning the system and upgrading by 2017.

Note to self, only fly into Charles de Gaulle.

 

 

“Orly Airport P1190137” by David.Monniaux – Own work. Licensed under CC BY-SA 3.0 via Commons – https://commons.wikimedia.org/wiki/File:Orly_Airport_P1190137.jpg#/media/File:Orly_Airport_P1190137.jpg

Posted in Security Blog | Tagged , , , , , | Comments Off on A Different Terror in France!

Anonymous Reacts to Attacks in Paris

Posted on November 16, 2015 by Carmelo

The video is in French, but below is the translation.

The Anonymous collective has also reacted very quickly to the attacks that took place in the French capital . The next morning , a video was put online, directly declaring ( cyber ) war Daesh and EI . Everything is there, staging worthy of the biggest blockbusters , voice synthesis and especially about very significant. According to their words: ‘ These attacks can not go unpunished , which is why the anonymous world will hunt you down ‘ and the voice goes on to say ‘ we will launch the biggest operation ever undertaken against you. Expect many, many cyber attacks ‘ . Anonymous had already reacted following the attacks of January 2015 by publishing some 9200 accounts related Tweeter according Daesh them . A threat to be taken seriously.

Posted in Security Blog | Tagged , , , , , | Comments Off on Anonymous Reacts to Attacks in Paris

Bad News, Good News

Posted on November 13, 2015 by Carmelo

It’s with a heavy heart to announce that Jaime’s Uncle, Forrest, passed away during the night.
20308317721_ea8fc8425d_k

I didn’t find out until I got back from my morning run.
He was a great guy and really funny. We’ll miss him.

After some grieving, Jaime made breakfast and I opened a few gifts.

20151113_172108029_iOS

Jaime and I brought the Magnum to the shop to get new tires. Then we got changed and had a nice dinner with the family at the Cheesecake Factory.

20151114_003004273_iOS

After we went home, I spent a LOT of time replying to text messages, emails, and Facebook posts. I am humbled with the amount of love I got, or at least felt.

Love my family and love my friends!

Posted in life | Comments Off on Bad News, Good News

M

Posted on November 12, 2015 by Carmelo

M is Facebook’s artificial intelligence personal assistant, that is still in beta testing.

Arik Sosman wrote a blog post about his interaction with M and gave it an anti-turing test. He writes “When communicating with M, it insists it’s an AI, and that it lives right inside Messenger. However, its non-instantaneous nature and the sheer unlimited complexity of tasks it can handle suggest otherwise“.

Check out his experience with M.

Posted in Security Blog | Tagged , , | Comments Off on M

How Long Is Your PIN? IT DOESN’T MATTER!!!!

Posted on November 9, 2015 by Carmelo

I can’t fathom setting up and memorizing a PIN as long as the person in this video has. Sometimes, no matter how secure you think you are by enabling encryption on your iPhone and using an ultra-long PIN number… Your PIN has potential to be cracked.

19771231119992525526221151041041881041911073923021501231287365 is this person’s PIN number. Thanks to prying eyes!

Do you remember Law #12: There really is someone out there trying to guess your passwords. It’s from my post called the 19 Laws of Information Security

Posted in Security Blog | Tagged , , , , , | Comments Off on How Long Is Your PIN? IT DOESN’T MATTER!!!!

Cybersecurity Bill of Rights Adopted by NAIC

Posted on November 4, 2015 by Carmelo

On October 14th, 2015, the National Association of Insurance Commissioners (co-developer of the Model Audit Rule) has adopted the Cybersecurity Bill of Rights

The Cybersecurity Bill of Rights describes what you can expect from insurance companies, agents, and other businesses when they collect, maintain, and use your personal information. These include your rights as an insurance consumer when you get a notice that your personal information was involved in a data breach. Specific rights may vary based on state and federal law.​

The Cybersecurity Bill of Rights vests insurance consumers with the following rights:

  • To know the types of personal information collected and stored by an insurance company, agent, or other business that the insurance company contracts with;
  • To expect that the insurance company will maintain a privacy policy on its website, and provide a hard copy upon request, that describes the collection, storage, and protections practices of the insurance companies and consumers’ choices regarding the use and protections of their data;
  • To expect that the insurance company, agent, or other business that the insurance company contracts with takes reasonable steps to secure consumer data;
  • To expect to receive written notification of a data breach from an insurance company, agent, or other business that the insurance company contracts, within 60 days of discovery of the data breach;
  • To expect at least one year of identity theft protection paid for by the insurance company or agent involved in the data breach; and
  • To take steps to protect and minimize any damage to the consumer’s identity, including fraud alerts, credit freezes, obtaining credit reports, and managing fraudulent charges and debt collection efforts.
Posted in Security Blog | Tagged , , , , , | Comments Off on Cybersecurity Bill of Rights Adopted by NAIC

SPY Car!

Posted on November 4, 2015 by Carmelo

Is a name for an Act for the “Security and Privacy in Your Car Act of 2015. An act that requires automakers to adhere to certain standards of protection against privacy and hacking that would be developed by the Federal Trade Commission (FTC) and the National Highway Traffic Safety Administration (NHTSA).

Existing dangers of car hacking, thanks to Charlie Miller and Chris Valasek, have finally had the right levels of media exposure, has convinced certain Senators to write and push the bill.

Arxan_Connected_Car_Hack1

How do you protect against car hacking? One method I suggest, wait for maturity of security systems to vehicles. Connected cars are not just connected to the Internet, but all their systems seem to be connected together. An attack through a USB drive for the stereo to run a playlist may affect the rest of the vehicle through lack of segregation. Other suggestions are to do your research before you buy and to keep your vehicle updated as often as possible by staying up-to-date on vehicle software releases.

Posted in Security Blog | Tagged , , , , , , , , | Comments Off on SPY Car!

Unbreakable Encryption!!!

Posted on November 3, 2015 by Carmelo

Cryptowall is a new strain of Cryptolocker. So strong in fact that the FBI’s Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program, Joseph Bonavolonta, normally advises those who have fallen for phishing attacks that release and encrypt storage with cryptowall laden ransomware, to “just pay the ransom”.

A later released statement from the Bureau explains what the options are for businesses that are affected and how it’s up to individual companies to decide for themselves the best way to proceed. That is, either revert to back up systems, contact a security professional, or pay.

It was discovered that over 4,000 malware samples relate to CryptoWall 3.0 and well over 800 URLs of Command & Control servers. The area most targeted was the USA, likely because it is a target-rich environment. Around half of all CryptoWall victims were American. Past transactions and the amount of Bitcoin in the central and lower tier wallets show that the group has made around $325 million.

cryptowall-3-0-ransomware-1

cryptowall-3-0-ransomware-2

cryptowall-3-0-ransomware-3

The evil genius behind both ransomware strains is FBI’s most wanted list of cybercriminals: Russian hacker Evgeniy Bogachev. Bogachev, the authorities believe, was responsible for operating both GameOver Zeus which captures banking credentials and then authorize transfers from their accounts and CryptoLocker which together have infected hundreds of thousands of machines.

russian-hacker-evgeniy-bogachev

Prevention is the best security, learn about phishing techniques and keep a clean machine. Both interrupt the kill chain at the start.

Posted in Security Blog | Tagged , , , , , , | Comments Off on Unbreakable Encryption!!!

Don’t be a Billy: NCSAM

Posted on October 26, 2015 by Carmelo


A fun, old-ish video on Cyber security.

Posted in Security Blog | Tagged , , | Comments Off on Don’t be a Billy: NCSAM