Blog | SecurePC LLC - Computer Repair, Maintenance and Security

A Million Imgur Users Affected By Breach

<img class=”alignleft size-medium wp-image-7149″ src=”https://www.securepc-wi.com/wp-content/uploads/2018/07/AXMillion-300×195.jpg” alt=”” width=”300″ height=”195″ />Do you use the image hosting service, Imgur? If you do, there’s a slight chance that you’ll be prompted to change your password the next time you log on. That’s because the company’s servers were breached in 2014, and the hackers made off with 1.7 million usernames and passwords, which represents just a tiny fraction of the company’s 150 million users.

Although the breach happened a few years ago, the company only found out about it on Thanksgiving Day of this year. Their response was immediate and decisive. The company called people in over the holiday and notified their impacted users just 25 hours and 10 minutes after discovering the details of the incident.

Contrast that to Uber’s handling of their most recent hack. They kept their impacted users in the dark for more than a year, and worse, paid the hackers $100,000 to keep the incident quiet. It’s easy to see why security professionals around the world have lauded Imgur for their handling of the hack.

Three key things to note in relation to the breach:
<ul>
<li>Not much information was stolen during the hack because Imgur doesn’t ask its users for much in the way of personal information in the first place. However, if you use your Imgur password on other systems, you could be at additional risk.</li>
<li>At the time of the breach, Imgur was using SHA-256 encryption, which is fairly robust and impractical for most hackers to crack due to the amount of computational power required.</li>
<li>In 2015, the company switched to an even more secure algorithm, Bcrypt, so if the company is breached again in the future, it’ll be even harder for the hackers to glean anything useful from any data stolen.</li>
</ul>
All that to say, if you’re looking for a benchmark to compare yourself to if you’re ever hacked, Imgur’s example would be an excellent one to follow.

Corporate Attacks On The Rise Through Vulnerable Printers

Few things are more ubiquitous in an office environment than printers. Of course, these days, most printers are much more than simply that. They can also scan, copy and even send emails. As such, they’ve become an increasingly attractive option to hack, according to the latest data released by Barracuda Networks.

The reason is simple. Most printers aren’t as well protected as PCs and other devices on your network. They’re the weak point in your company’s defensive armor.

The upsurge in this type of attack seems to be focused on Cannon, HP and Epson printers, and works like this:

A printer is compromised and used to send spoofed scanned attachments, usually bearing an innocuous subject line such as “Scanned From HP,” “Scanned from Epson” or “Scanned from Cannon.”

Most employees don’t think twice about opening such attachments because they appear to be from a legitimate source inside the company, which is, of course, exactly what the hackers are counting on.

While any sort of payload can be delivered in this manner, the most common strain found installs a back door on the target PC, allowing the hackers to:

Monitor behavior and log keystrokes
Change computer settings
Copy files
Access other connected systems
And more.

In a clear indication that the malware could be used to launch a ransomware style attack, it also gives the hackers the ability to replace the PC’s wallpaper with any file they choose.

Employees should be more mindful about this type of attack and always double check to make sure the sender is valid. Also, it’s important to hover over the links embedded in such emails in order to be sure they’re valid before clicking on them.

If you haven’t been on the receiving end of an attack like this yet, count yourself lucky and stay vigilant.

Older iPhones Are Being Purposefully Throttled, According To Apple

Not long ago, observant Reddit users noted and began discussing a curious phenomenon. It appeared that older iPhones were unexpectedly slowing down, and no one could name the reason why.

It caught the attention of a number of security researchers who delved more deeply into the issue, including a man named John Poole, who confirmed the Reddit claims. His tests confirmed that on iPhone 6s and 7s, Apple made tweaks to iOS versions 10.2.1 through 11.2.0.

These changes are designed to throttle the phone’s performance when the battery degrades beyond a certain point. While the company itself has subsequently confirmed the findings, they didn’t offer much in the way of a detailed explanation other than to say:

“Our goal is to deliver the best experience for customers, which includes overall performance and prolonging the life of their devices. Lithium-ion batters become less capable of supplying peak current demands when in cold conditions, have a low battery charge or as they age over time, which can result in the device unexpectedly shutting down to protect its electronic components.

Last year we released a feature for iPhone 6, iPhone 6s and iPhone SE to smooth out the instantaneous peaks only when needed to prevent the device from unexpectedly shutting down during these conditions. We’ve now extended that feature to iPhone 7 with iOS 11.2, and plan to add support for other products in the future.”

If you have an older iPhone, you may find yourself in disagreement that throttling its performance optimizes your user experience, and admittedly, it isn’t an optimal solution. On the other hand, having your phone power down unexpectedly when the battery life still reads 40 percent can be worse than annoying.

The only way around it is to replace your battery, which will not trigger the throttle built into the OS.

Major Security Flaw Discovered In Intel Processors

There’s some bad news if you own a computer driven by an Intel processor. Recently, a dangerous, catastrophic security flaw has been discovered in Intel’s X86-64 architecture that allows hackers to access the kernel, which sits at the heart of your OS. By accessing the kernel, a hacker can gain access to virtually everything on the targeted machine.

This is accomplished by way of a little-known feature called “speculative execution” which allows the processor to perform operations before it’s received definitive instructions that they need to be done. It’s a way of milking more speed out of the system.

Unfortunately, any such system runs the risk of giving programs permission to execute that, under normal circumstances, would not get permission. For example, a hacker could exploit this time-saving trick to force a piece of malware that Windows Defender (or related programs designed to safeguard your system) would otherwise catch and keep from running.

The truly terrifying part about this newly discovered exploit is its scope and scale. Intel chips are found in the majority of PCs and laptops being sold today, and this exploit has been sitting undiscovered until now, in every chip the company has made over the last ten years.

So far, Google researchers have identified two distinct attacks that could be used to exploit the flaw, dubbed “Meltdown” and “Spectre,” both being every bit as bad as they sound, and both capable of giving a hacker complete control over a target system. Fortunately, there have been no reported instances of either being used in the wild…yet.

The company is aware of the problem, and although they are playing things close to the vest, a fix is already in the works. Unfortunately, there’s a drawback. In order to implement the fix, it’s going to require a huge restructuring. This will likely eliminate the “speculative execution” feature, which is going to notably slow systems down. Early estimates are that when the fix is rolled out, you’ll see your system’s performance degraded by between 17-23%.

If there’s a silver lining in all this, if you happen to own a machine built around an AMD processor, give yourself a pat on the back. They don’t contain the flaw.

Bug in macOS Could Allow Hackers Root Access

Do you own a Mac? Is it running Apple’s latest macOS, the “High Sierra?” If so, be extra careful with who you allow access to your machine.

A security flaw recently discovered by a developer named Lemi Orhan Ergin can easily allow anyone unfettered access to everything on your machine, and by extension, give them an easy “in” to whatever network it’s connected to. All they need is physical access.

Exploiting this vulnerability is a lesson in simplicity. All a hacker has to do is enter “root” in the username field, leave the password field blank, and press Enter.

Done.

They now have total access.

Needless to say, this is a large and rather glaring security issue, and one which Apple will be remedying in the near future via a patch. Until they do, however, be aware that the physical security of your Mac is of paramount importance. Leaving your workstation unsecured and unattended, even for a few minutes, is all it would take to lose control over all the files on your machine and give a hacker access to the even more sensitive data lurking elsewhere on your company’s network.

Unfortunately, as bad as this security flaw is, it’s not the only recent stumble by Apple. Just last month, the company had to issue an emergency patch to fix a flaw that affected encrypted volumes, where the password hint section was displaying the actual password in plain text.

To try this exploit out for yourself to verify how easy it is to use, simply do the following:

Open your machine’s System Preferences and select “Users and Groups”
Click on the lock icon, which will allow you to make changes. You’ll get a user name and password box at this point
Type in “root” in the username field
Move the cursor into the password field and hit enter

That’s all there is to it.

Until Apple issues their patch, the best thing you can do is leave your machine on and lock your workstation when you step away. At least that way, the hacker would have to know your current password in order to gain access.

Of course, they could simply power the machine off and reboot, but that would take a bit more time, during which they could be discovered.

It’s far from perfect, but for the time being, it’s the best protection you have.

Virus Spread Through Facebook Messenger Mines For Cryptocurrency

Facebook scams are fairly common occurrences, owing to the sheer size of the platform’s user base. It’s no surprise that there’s a new one making the rounds that you should be aware of.

This latest threat was discovered by researchers at Trend Micro, and makes use of Facebook Messenger. If you get a message containing an embedded video file saved as a zip (the file name usually appears as “video_xxxx.zip”), don’t click on it, even if it’s from someone you know.

This file is a modified form of a legitimate piece of software called “XMRig”, an open source project that allows users to mine the cryptocurrency called Monero.

When the user clicks on this poisoned version, it will direct them to a website controlled by the hackers, in addition to quietly installing the corrupted software in the background. Once installed, the hackers put the infected PC’s processor to work for them, creating a distributed network of hash power to solve advanced cryptographic puzzles and generate new Monero “coins” for themselves.

The hackers have gone to some lengths to mask their true intentions. The site appears to be a video streaming service, and users who click on the embedded file will actually see a video playing. Of course, the website is also part of the C&C structure.

There are several intriguing things to note about this new threat:

It only affects people who use the Google Chrome web browser
It only affects PCs and Laptops. Smartphones are not impacted in any way
The miner software is actually controlled via the C&C server, meaning that the hackers can upgrade their malware, adding new functionality in the blink of an eye

So far, the virus has been spreading mostly in south east Asia, but has also begun appearing in the Ukraine and Venezuela. Given the global nature of Facebook’s user base, this is wholly unsurprising, so be on the lookout for it. Don’t click embedded files in Messenger, even if you think you know the sender.

Chrome OS To Get App Multitasking Soon

Chromebooks have brought Android apps to a much wider market, making them accessible to virtually everyone, but the Chrome OS has always lagged behind other platforms developmentally.

One of its most serious limitations where running apps was concerned centered on its inability to multitask. Basically, if the app you’re using is not “in focus” or in the window you’re currently viewing, all activity in the app ceases.

There are a few exceptions such as the Spotify app, but most apps that rely on real time data and most games will freeze when a user clicks out of the window. If you’re coming to Chromebook from almost any other platform, it can be annoying and hard to get used to.

Fortunately, you won’t have to deal with this for much longer. Google recently announced the release of Chrome OS 64, which will, among other things, allow apps to continue running in the background, even when you’re not using them in the active window.

Right now, the update is available on the company’s Beta channel, so it’s a fair bet that it will be rolled out to the general user base in the very near future. However, the company has not given a firm timeframe for that.

If you have a Chromebook, this is good news indeed as it corrects what many industry insiders have long seen as a glaring weakness of the platform.

While Chromebooks don’t get much use at the Enterprise level, they are a cost-effective computing option for students and low-income people, and it’s good to see Google spending time and resources improving them.

While the latest version offers a number of enhancements, the two biggest are the multitasking support mentioned above, and the “split view” feature which will further enhance the multitasking capabilities of the platform.

Microsoft May Remove Windows Paint From Operating System

“Paint” is one step closer to being a thing of the past.

In May of this year, Microsoft caught a surprising amount of flak when they announced that the venerable app, which had been included with the OS in every release since 1985, would be going away and replaced by a newer, sleeker version called Paint 3D.

The company had not expected any backlash on the matter and was sent scrambling when tens of thousands of people complained loudly in forums all over the internet.

The company quickly revised its position, explaining that while Paint would no longer come pre-installed on future releases of Windows, it would still be available on Microsoft’s app store. This move seemed to mollify Paint’s surprising number of fans and followers, but now, Microsoft is in the news again over the surprisingly cherished app.

In a recently released Windows 10 Insider Preview, the following message was discovered when accessing Paint: “This version of Paint will soon be replaced with Paint 3D. Classic Paint will then become available in the store.”

Note that this message was not displayed upon opening Paint itself, but rather upon clicking the “Product Alert” button at the top right corner of the app screen.

While the news is certainly no surprise, given the above, the sparse wording of the message does raise the question of whether the transition will be occurring during the next Windows 10 release. So far, the company has not offered any sort of clarification or confirmation.

In any case, we’re now one step closer to saying goodbye to Paint. While it was never a very good image editing program, it has proven to have a surprisingly deep base of support. Support or no, however, the day is soon coming when it will be a thing of the past, unless users go to the store and manually download and install it.

Nvidia Dropping Driver Support For Older Operating Systems

AMD long ago dropped support of 32-bit operating systems, and now, Nvidia is following suit. The long-anticipated move by the company will mean the end of driver support for the 32-bit builds of Windows 7, Windows 8, Windows 8.1, Windows 10, Linux and FreeBSD.

Nvidia is taking a balanced, responsible approach here. The company has pledged to continue offering 32-bit driver security updates until January 2019, but will immediately discontinue making performance updates to the drivers of older OS’s.

In some respects, it’s long overdue. Today’s application environment is incredibly resource intensive, with a growing number of applications requiring more computing horsepower than 32-bit systems can deliver, since a 32-bit OS can only support up to 4GB of RAM.

The picture gets even bleaker if you’re a gamer. Even modest games tend to require more than 4GB of RAM these days, and most top-tier titles no longer offer support for 32-bit systems. That, combined with the fact that 32-bit systems are somewhat less secure overall, it’s probably time they were put to pasture.

Given this landscape, it’s probably time to pronounce the 32-bit operating system dead. If you’ve got some legacy applications still running on an old machine, now is the time to get serious about your migration plan.

Most of the older OS’s are no longer receiving security updates, which leaves you increasingly vulnerable to a wide range of hacks. That, coupled with the increasingly sparse driver support makes it inevitable that you’ll have to migrate at some point, and it’s always better to do it on your terms than someone else’s.

If you haven’t yet worked out what to do about your old legacy systems, it’s long past time to do so. The clock has been ticking for a while now, and the ticking just got a little bit louder.

Sound Waves May Be Used In Future Hard Drive Attacks

Another week, another attack vector, and this one deserves extra points for creativity.

New research has proved the viability of using something as simple and innocuous as sound waves to disrupt the normal functioning of HDDs, which can be used to sabotage a wide range of equipment from Pcs, to CCTV systems, ATMs and more.

Researchers have toyed with, and been aware of the possibility of using sound waves to disrupt the normal functioning of an HDD for more than a decade, but the most recent research conducted by scientists from Princeton and Purdue universities have outlined exactly how such an attack could be carried out.

The attack exploits a peculiar design feature of HDDs. Because they store large amounts of data on small platters, they’re designed to shut down in the presence of excessive vibration to avoid scratching or damaging the platter, and thus, destroying information on the drive.

If a hacker can determine the optimal attack frequency against a given HDD, then he could play a sound aimed at the drive that would cause it to stop functioning. If the sound were played long enough, it would require the system to be manually restarted to get it working again.

As the researchers demonstrated, finding the optimal attack frequency is a trivial enough task, but it should be noted that this is a fairly exotic type of attack, and not likely to see widespread use.

The biggest threat one would potentially face from such an attack would be the disruption of the functioning of security cameras to create a blind spot at a facility, which could then be physically breached. But given that the tones are within the range of human hearing, anyone in the vicinity could come and investigate.

Nonetheless, it’s an intriguing bit of research with potentially damaging implications.