Tag: computer security

Sunday’s Wandering Thoughts

Spent part of yesterday & today answering friends’ call for help.

Short story: someone was on the net and was duped into some ‘click here’ bait. A warning sprang up with an number and a directive: call here for help. Social engineering took over after that.

Sometime in the course of being fleeced, the user awoke to something nefarious happening and shut it down. The resulting question was: how bad was it?

He called his daughter and SIL in LA for help. They enlisted my assistance as hands and eyes on the infected machine. I picked it up, did some top level examination of what’d been downloaded, installed, and accessed. Worse culprit was the Supremo app. That’s an app that let’s others remotely access and control the machine. Downloaded but never installed, I trashed that thing.

Then I set it up so that the SIL had remote access by installing an IT app that he requested I install. He sorted through files to confirm nothing had been seriously compromised. Some banking log in information had been compromised. Fortunately, the new location wasn’t recognized and the log in was challenged and denied. That two-factor authentication paid off.

Bottom line: fresh and clever scams are out there. While others have tricked people with banking issues or special offers, this friend was tricked into clicking on an offer to see what new childhood classmates had been found. On my end, I was tricked through a offer for flowrs for Mom’s birthday.

With so many scams hitting us, remember to be careful out there.

1

A Dream About Previous Work

It was such a long, uninterrupted dream. It involved Michele, an ex-coworker, and the BlackICE computer security product we sold and supported.

I came across Michele. She and I had worked together for ten years. She told me that BlackICE was working again. I was surprised; did it ever stop working? Not that I knew. She told me that it had ceased and then disappeared from the market. Then, suddenly, it was back. She, along with others, were trying to learn who brought it back.

I offered to help, which was gratefully accepted. She led me down a narrow path through a short field past a few trees. Going through a gray metal door, we entered a two-story place. A minimalist place, constructed from cinder blocks, it had two dirty windows. Old wooden workbenches with old, old, large computer pieces lined the walls. Up narrow metal stairs which shook when we walked up them, was a loft with an old gray desk, monitor and computer on it. Two people, men who I knew were engineers, were working, one downstairs, one up. Both greeted me.

“There it is,” one man said. “It’s live again.”

Michele had explained to me that they hoped that it would go live, allowing them to trace it. That’s what they started doing. She told me a more senior engineer was due and asked me to go outside and wait for him so I could bring him in. As I went to leave, he entered, slender with a gray beard and hair, wearing a tan trench coat, carrying a brown attaché. Someone said, “That’s Alexc,” to which I replied, “I know.” Seeing me, Alexsaid, “Oh, you.”

It sounded a little derogatory. I replied, “You know me, Alex. We’ve met before.”

He nodded, I guess acknowledging that.

Alex went to a computer, studied it, and then directed some activity. We were to continue monitoring the systems for further activity. Michele was told to go upstairs. She did. Though I wasn’t officially involved, I went up after her. There was another room up there which I hadn’t noticed before. Very dark, it lacked furniture but was loaded with stacked servers, keyboards and monitors, and was very cold. She settled on the floor in near darkness and used her jacket as a blanket. I told her, “I’ll stay up here with you if you want.”

She answered, “I appreciate that.”

I sat on the floor beside her, our backs against the wall. Alex came up to check on her. He said, “It’s going to take a very long time. We’re setting up another place. When it’s ready, I’ll send for you.” He then thanked me for helping and departed.

Michele and I began falling asleep. We decided to nudge each other to stay awake. One of the monitors leaped into life. Numbers and graphs danced across it. Jumping up, I said, “Michele, look.” Her eyes were closed and she was snoring. I shook her awake. Another engineer came up and said, “We’re set up at the new place. Come on.”

We arrived at the new place after a short walk through the night. This new facility was low and modern, cement, with blacked out glass windows. The three of us entered. Long consoles loaded with gear were manned. People greeted us. Michele was shown to her workstation. Alex asked me if I wanted to stay and be a part of it. This is where the dream ended.

0

The Computer Painting Dream

It began like I was in one of my previous professions. At work, I received a phone call. A customer was having problems with his computer security. Well, those products ere being discontinued and his license keys had expired. Nonetheless, I cut new keys for him, directed him to a site to download them, and walked him through reinstallation. This is a process that would’ve taken some time but in dreamland, it was just a few minutes. Also, my dream office was much nicer and impressive than my real digs. It all seemed so sharp, it could’ve been real time.

The CEO came by. We chatted, and then drifted in opposite directions to new meetings. In my meeting, we were preparing to paint. Friends entered with the tablets. We stretched them out into large electronic canvases Then we painted on the screens. The tablets absorbed it, becoming a malleable medium. My painting was a large portrait of a blond woman in a yellow dress juggling tangerines.

Chinese food was brought in. We stopped to eat and talk about our work. A nearby young woman had been complaining about her finger. I told her to show me. She stuck out a blackened pinky.

“Your blood isn’t flowing,” I said. “Get me a needle and bowl.”

Holding onto her finger, I pricked her and squeezed her finger. Thick, black drops that behaved like mercury fell into the bowl. After doing that for about twenty seconds, her finger was normal.

End dream.

 

0

The Password Is

It was a fascinating read about Passwords, with many intriguing links.

First, it shouldn’t surprise anyone, but people wanting to crack passwords study passwords. They buy up databases of stolen passwords, and when possible, link them to their owners, and then use the information they’ve gained to look up the owner on the Internet and social media to learn what they can. They’re not targeting these people to hack them; they’re targeting them to understand demographic patterns.

Second, people continue to use words or personal information as passwords. Cracker programs and applications have databases that automatically look for words first. Match and done, cracked. Naturally, they also look for names.

from Mark Burnett, xato.net, via https://wpengine.com/unmasked/

Third, more scary, but not surprising, is that password crackers are also including the “Leet” (or 1337) methodology so many employ. It isn’t surprising, because it’s commonly known and used (because it’s been around for a long time), so of course anyone trying to crack passwords will include that information in their processing.

Fourth, the thinking behind websites and applications about how password strength and password entropy is weighed varies. Zxcvbn (recognize the pattern?) in a remarkable post compared multiple sites and gave the results for the same passwords. Intriguing.

Returning to the Unmasked article, they also used Full Contact’s Person’s API to go through seventy eight thousand passwords to find rich and famous people. From that, they selected forty passwords that were matched to see if they could be cracked, and how long it took.

Most were too easily unmasked. That’s one thing to remember: if you’re targeted, your password can probably be cracked, but it’ll take time. Thieves typically aren’t targeting most of us because we’re not notable or wealthy. So taking the time to create challenging passwords can help remove you from the list of low hanging fruit. That’s the same reason for frequently changing passwords. Yes, it is all a pain. It’s also why you shouldn’t use the same password — or easy variations — on multiple accounts.

A Github developer, whose password had an entropy of ninety-six, was hardest to crack.

 

 

0

Blog at WordPress.com.

Up ↑