Tag: Technology News

Blizzard Games Vulnerability Could Leave Gamers Open To Hacking

Do you play Blizzard online computer games such as World of Warcraft, Diablo III, Hearthstone, Starcraft II, or Overwatch?  If so, there’s a potential problem you need to be aware of.

Tavis Ormandy, a researcher on Google’s Project Zero team, recently discovered that the Blizzard Update Agent is vulnerable to hacking, via a technique known as “DNS Rebinding.”

The update agent is designed to accept commands to install, uninstall, change settings, update and  perform other maintenance related options. This means it has a lot of power and access to the system you’re playing the game on.

Unfortunately, because the update agent in use (JSON-RPC, port 1120) doesn’t include a validation step to check the identity of the server issuing commands, it’s possible for a hacker to insert himself into the middle of the process. This includes possibly injecting malicious commands and using the updater to hijack your machine.

Ormandy developed a proof of concept of the attack, and contacted Blizzard when he made the discovery.  The company was receptive for a time, but then suddenly and inexplicably ceased all communication.  Ormandy had this to say regarding the matter:

“Blizzard was replying to emails but stopped communicating on December 22nd.  Blizzard is no longer replying to any enquiries, and it looks like in version 5996, the Agent now has been silently patched with a bizarre solution. Their solution appears to be to query the client command line, get the 32-bit FNV-1a string hash of the exename and then check if it’s in a blacklist.  I proposed they whitelist Hostnames, but apparently that solution was too elegant and simple.  I’m not pleased that Blizzard pushed this patch without notifying me or consulting me on this.”

Since Ormandy went public with his findings, Blizzard has been in contact again, stating that a more robust fix is in the works, one that will adopt the strategy of whitelisting hostnames. Meanwhile, Ormandy is continuing to test the exploit on other online games with a user base of over 100 million to see if others are also vulnerable.  If you’re an online gamer, be aware that you could be leaving the door unlocked for hackers.

Performance Issues Plague PC’s Updated With Spectre Patch

Recently a critical flaw was found inside every Intel chip made during the last decade.  The flaw makes two different exploits possible.  These exploits have been dubbed “Meltdown” and “Spectre.”

The flaws are incredibly severe, and make it possible for a hacker to gain complete, unfettered access to the targeted PC or laptop.  Although no instances of the exploit have yet been found in the wild, now that both are commonly known, it’s only a matter of time before that happens.

Based on that, and given the severity of the flaw, Intel scrambled to release an update, but here’s the catch:  The update would hurt system performance, lowering it by as much as 23%.

In the end, it didn’t matter.  To ignore the problem was simply not an option, so the company scrambled to get a fix ready and has since released it.  Unfortunately, the fix has proved to be even more problematic than was originally estimated.  In addition to degrading machine performance, it also interferes with a variety of maintenance activities and leads to an inordinate number of system reboots.

Initially, Intel advised its customers to proceed with the download in order to protect their systems, even in light of the performance degradation.  However, as the number of complaints have grown, the company reversed course and has now advised against downloading its latest update, asking users to wait for a revision to be published.

At this point, the company has not given an ETA on when the revised firmware update will be ready, but until it is, you’re placed in an awkward position.  Waiting for the update means exposing your company to risk, should a hacker target one of the machines on your network with the exploit.  Proceeding with the current firmware update means you’ll suffer performance issues, leaving you stuck between a rock and a hard place, at least for the short term.

Electronic Health Record Company “Allscripts” Hit By Ransomware

Another day, another high-profile ransomware attack.  This time, the victim was Allscripts, an EHR (Electronic Health Record) company that hospitals, pharmacies, and ambulatory centers around the country rely on.

The company’s data was thought to be safe on the cloud, but that proved not to be the case. Disruptions of services were felt by Allscripts clients around the country.

At this point, reports are sketchy, incomplete, and in many cases, contradictory.  According to Allscripts, the attack only impacted “a limited number” of applications, and that they were working to restore them.  The company’s statement continued with, “most importantly, to ensure our clients’ data is protected.  Although our investigation is ongoing, there is currently no evidence that any data has been removed from our systems.  We regret any inconvenience caused by this temporary outage.”

According to Twitter, where many of Allscripts’ customers have been talking about the issue, the problem goes much deeper. Some clients reported an inability to access critical patient data now stretching into its third day, with predictable impacts on health care delivery.

To complicate matters further, some heath care providers preemptively disconnected from Allscripts servers in a bid to protect their own networks.  Northwell Health, based out of New York, is an example.

In any case, as of the time of the writing of this piece, most, but not all of the disrupted services seem to have been restored. You can bet, based on the contradictory information surrounding the attack, that Allscripts’ handling of the incident will be discussed for a long while to come.  This will probably filed under “how not to handle a ransomware attack.”

The company’s communication was spotty and their business continuity plan seems to have failed them.  There are lessons here for all business owners.  Take heed.

iPhone Throttling Issue To Be Addressed In Upcoming Update

Recently, Apple found itself in hot water with its normally adoring user base. This happened when it became known that the company was intentionally throttling (slowing down) the speed of older iPhones.

The company’s intentions were good.  They clearly meant well.  The move was designed to even out performance in older equipment.  As cellphone batteries age, they tend to lose charge more quickly.  What was happening was that people with older equipment would drop from 20% battery to 0% in the blink of an eye, causing their old phones to simply shut down at inopportune moments.  Apple’s strategy was simply designed to help keep that from happening.

Well-intentioned or not, the company didn’t formally announce the change, and it was discovered by chance by security researchers.  Needless to say, the legions of people who still use older iPhones were not amused and the company has faced backlash from an angry user base since.

Apparently, the backlash got bad enough that they listened.  Apple just announced that as of the next OS update, version 11.3, the OS will include a toggle switch that will allow users to choose whether or not to throttle their  phones to extend battery life.

This is the latest in a series of moves the company has made to get back in the good graces of its users.  Previous efforts have included a public apology and an offer to reduce its fee for battery replacement to just $29.

This has been a PR disaster for the company.  It probably won’t hurt their bottom line much, but perception matters. While the company has been trying bravely to save face, the simple truth is that this was a self-inflicted and avoidable wound.

There’s a lesson here for businesses of all shapes and sizes.  Transparency matters, and if you’re going to do something that directly impacts large segments of your user base, be upfront about it and give them a viable choice.

700,000 Potentially Malicious Apps Removed From Google Last Year

Google recently released their Play Store stats for 2017.  The results are both encouraging and disheartening.  Overall, Google caught and removed more than 700,000 malicious apps from the Play Store, minimizing their impact on the company’s massive Android user base.

That’s unquestionably good news, but it comes with a bit of a dark side.  That figure represents a staggering 70 percent increase in the number of apps removed compared with 2016 figures.  The hackers are not only relentless in their efforts, but they’re picking up the pace dramatically.

Last year, Google made a significant change, putting Play Store security under the umbrella of the Google Play Project.  This system is driven by “smart” detection software that automatically scans and provides alerts for any software that exhibits questionable behavior and gets better on its own thanks to Machine Learning protocols.

So far, that approach seems to be working pretty well.  It’s not without its flaws, of course.  Google found itself in the news a few times last year when some malicious apps managed to slip through their impressive detection mechanisms, and got downloaded by several thousand users.  Even so, it’s clear that the company is committed to the process and takes the security of its users very seriously.  Given today’s digital landscape, that’s important.  That means something.

As for Google’s plans for 2018:

More of the same.  Continued, incremental improvements in the Google Play Project, continued support for the Zero-Day initiative, and keeping a watchful eye on all things security-related.  The company is by no means perfect, but it’s nice to know that we’ve got such a large company out there, fighting back.

Of course, it still falls to each individual user to be careful what apps you install on your various devices.  No matter what Google does in the coming year, due diligence is still your last, best defense.

Fitness Trackers Could Be A National Security Risk

If ever there were two phrases that didn’t seem to go together, they would probably be “Fitness trackers” and “National Security Risk.”  The very idea that a simple fitness tracker could pose such a risk seems laughable on the surface, but this is no laughing matter.

Recently, a popular fitness tracking app called “Strava” published a heat map, which displayed the activity of its massive user base from around the world.  In all, the heat map contained more than a billion activities, tracking every jog, bike ride, walk, swim, downhill, and other activity that users opted to log.

Unfortunately, this app is a favorite of military personnel, and when the heat map was published, researchers made a disturbing discovery.  In logging their physical activity, military personnel gave away the locations of their (sometimes secret) bases.

Although the data was stripped of personally identifying markers before being loaded onto the map, other researchers have been able to de-anonymize the data, tying individual activity routes to specific people.

From a national security standpoint, this is disturbing on two levels.  First, of course, is the fact that the locations of supposedly top-secret bases could be discovered so easily, and by something as innocuous as a fitness app.

Second,  and every bit as disturbing, is the fact that since it has been demonstrated that the data can be de-anonymized. This means that enemies of any existing government  can accurately locate key personnel.  Armed with an activity map that establishes a “reliable pattern of life,” it can use that data to plan carefully orchestrated attacks against specific individuals.

Needless to say, the presence of apps that know so much about us and our precise whereabouts is going to require a total rethink by government agencies around the world.  One has to wonder, how many other unintentional side effects will we see in the months and years to come?

If your Point Of Sale Uses Oracle, Update Now

Oracle is currently the third-largest provider of POS (Point of Sale) software on the market today, which means that there’s a fairly good chance you’re using an Oracle POS system.  If you are, there’s trouble ahead.  A recently discovered security flaw could put your system at risk.

Oracle has already identified and patched the security flaw, but there’s a problem.  Since POS systems are deemed “mission critical” by most businesses, System Administrators rarely schedule maintenance for them on fears that an unstable patch or update could cause undue downtime for the company.  Because of that, it will likely be a month or more before the new update finds its way to all 300,000 of the at-risk systems.

As security flaws go, this one is fairly nasty, too, as it allows a hacker to collect configuration files from any vulnerable Micros POS system.  This data can then be used to grant the hacker full, unrestricted access to the POS system,  as well as the database and server it feeds information to.

Most hackers attacking a POS would be content with simply collecting credit card details for resale on the Dark Web However, with this exploit, any sort of malware could be installed to use against the company later.

Even worse, a hacker need not be in close proximity to the device in question.  A carefully crafted HTTP request could trigger the security flaw and open the door.  Of course, if a hacker is in close proximity to the system, then there are many easier ways to infect it.  One only needs to distract the sales clerk long enough to attach a simple Raspberry Pi board equipped to run the exploit code and the damage is done.

The bottom line is, if you use an Oracle POS, make installing the latest security patch a priority.  You’ll be vulnerable until you do.

Malware Makers Testing Vulnerability Of Meltdown And Spectre

Security researchers from around the web are reporting finding an increasing number of instances of proof of concept (PoC) code that incorporates the recently discovered Spectre and Meltdown vulnerabilities.

If you somehow missed those earlier reports, Spectre and Meltdown are a pair of critical security flaws recently discovered in literally every Intel chip set made over the last decade.  Exploiting these vulnerabilities would give a hacker root-level access to the impacted system.

Since the discovery, the chip giant has been scrambling to fix the issue. However, their first attempt to do so caused so many system problems for people who installed the patch that the company is now recommending that users avoid it until they can come up with a better solution.

Unfortunately, that leaves you between the proverbial rock and a hard place.  Installing the patch will protect you, but cause you to experience system reboots several times a day and seriously degraded performance.  Not installing it leaves you at the mercy of the hackers.

So far, at least, it appears that most of the proof of concept code found is the result of security researchers playing with the exploits.  This includes testing them, seeing how they work, and how to prevent them.  That said, the researchers point out that it’s all but certain that some of the PoC examples were created by teams of hackers who plan to use them in their next round of attacks.

To make matters worse, Mozilla has confirmed that the Spectre flaw can be executed remotely by inserting commands into Javascript.  Given that, plus the increased appearance of PoC code fragments, it seems it’s just a matter of time before we see the first ever Spectre-based hack.  The clock is ticking.

Microsoft is Adding Much Needed Feature To Windows Defender

Microsoft is getting tough on so-called “registry cleaners”, and it’s about time.  The company recently announced a planned change to Windows Defender (the anti-malware program that comes standard with every Windows installation).  The change will see to the deletion of an increasing number of these registry cleaners.  It’s a great move, and the company deserves credit for it, but there’s a catch.  This type of software has been around for decades. So the move, as welcome as it is, comes very late in the game.

It’s overwhelmingly likely that you’ve seen these programs in action.  They’re usually free downloads (though there are a few web based services too) that scan your system to find problems with your registry that the software claims are causing performance issues and slowing your machine down.

There are two major problems with this:  First, the software tends to be light on details, refusing to provide much information about exactly why the “problems” that have been identified are impacting system performance.  Worse, the software often incorrectly identifies critical system files and registry entries as being problematic. So of course, when they are deleted, they actually create many more problems than they solve.

Second, in order to actually fix the problems that have been identified, you’ve got to buy the premium version of the package.  The result is that you’re losing money, and the software often breaks your system.  Not a pretty picture.

This latest move by Microsoft builds on action they took back in 2016, when the company started penalizing the makers of such registry cleaners if their software didn’t provide adequate information. This missing information included why the problems they found needed to be fixed in the first place, and if they utilized a high pressure up-sell technique.

Ultimately, those moves proved to be insufficient, so Microsoft decided to take things to the next level.  Now, they’re simply going to start deleting these no- or low-value programs.  Late or not, that’s one less headache for you, and a very good thing.

Ransomware Affected Over 50 Percent Of Surveyed Companies

Sophos has released the results of their annual “State of Endpoint Security Today”, and it doesn’t paint a pretty picture. A full 54% of companies surveyed reported having been hit by a ransomware attack in 2017. Another 31% reported that they expect to be on the receiving end of such an attack in the near future.

If the headline statistic wasn’t bad enough, it only gets worse from there.  According to the data collected, the average cost of a ransomware attack (including network costs, manpower, downtime, and device replacement cost) was $133,000. Five percent of respondents reported total costs between $1.3 million and $6 million, before factoring in the cost of any ransom paid.

As bad as those figures are, what makes them even more painful is the frequency. On average, survey respondents report having been struck an average of twice in the past year.

Dan Schiappa, the Senior VP and General Manage of Products at Sophos explains: “Ransomware is not a lightning strike – it can happen again and again to the same organization.  We’re aware of cyber criminals unleashing four different ransomware families in half-hour increments to ensure at least one evades security and completes the attack.

If IT managers are unable to thoroughly clean ransomware and other threats from their systems after attacks, they could be vulnerable to reinfection.  No one can afford to be complacent.  Cybercriminals are deploying multiple attack methods to succeed, whether using a mix of ransomware in a single campaign, taking advantage of a remote access opportunity, infecting a server, or disabling security software.”

In light of this relentless attack methodology, and in spite of the headlines all last year warning of the dangers, Schiappa warns that most companies are starting 2018 woefully unprepared for a ransomware attack. With all that said if you haven’t done so already, it’s well past time to review the state of your network security.