Archive for RB

| July 2, 2016
Comments Off on Independence Day 2016

Independence Day 2016

Independence Day is the time when Americans celebrate freedom from a tyrannical government in the 18th century. While gaining that freedom, the founding fathers used encryption. They used encryption while risking their lives to gain the freedom we celebrate on July 4th. The EFF documents how many of the Founding Fathers of the United States used encryption to secure our freedoms.

  • Thomas Jefferson Thomas Jefferson invented an encryption devicewas the principal author of the Declaration of Independence and the country’s third president. He is known to be one of the most prolific users of secret communications methods. He even invented his own cipher system—the “wheel cipher”  or the “Jefferson disk” as it is now commonly referred to. Mr. Jefferson also presented a special cipher to Meriwether Lewis for use in the Lewis and Clark Expedition.
  • George Washington was the first president of the United States. He frequently dealt with encryption and espionage issues as the commander of the Continental Army. He gave his intelligence officers detailed instructions on methods for maintaining the secrecy and for using decryption to uncover British spies.
  • John Adams was the second U.S. president. He used a cipher provided by James Lovell—a member of the Continental Congress Committee on Foreign Affairs. He was an early advocate of cipher systems—for correspondence with his wife, Abigail Adams while traveling.
  • James Madison was the author of the Bill of Rights and the country’s fourth president. He was a big user of enciphered communications. Numerous examples from his correspondence prove that. The text of one letter from Madison to Joseph Jones, a member of the Continental Congress from Virginia, dated May 2, 1782, was almost completely encrypted via cipher. And on May 27, 1789, Madison sent a partially encrypted letter to Thomas Jefferson describing his plan to introduce a Bill of Rights.

TechDirt correctly concludes that If encryption was good enough for the Founding Fathers to use in the 18th Century … it’s pretty ridiculous that we’re still having this debate now in this age of constant government monitoring, warrantless searches, corporate data aggregationdata sharing, and tools like IBM’s Non-Obvious Relationship Awareness software (NORA). The time is now to fight shortsighted “going dark” claims by the FBI and efforts by clueless politicians like Sen. Dianne Feinstein (D-CA) who have plans to ban encryption.

rb-

Seems to me that the biggest threat to America this Independence Day is the political ambitions of technically illiterate know-nothings in the gooberment. Be like the Founding Fathers and encrypt something start with HTTPS Anywhere from the EFF.

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Holidays | Tags: , , , , , , , , , , , , , , , , , , , , ,
| June 25, 2016
Comments Off on Malware Steals Your Cash At ATM

Malware Steals Your Cash At ATM

Malware Steals Your Cash At ATMOn September 2, 1969, America’s first automatic teller machine (ATM) started dispensing cash to customers at Chemical Bank in Rockville Center, New York. Since then ATMs have been a trusted avenue for many banking transactions. However, Business Insider warns that the next time you pull cash out of the ATM, or “Tap the Mac” you should take extra care. BI reports that Internet security firm Kaspersky Lab has announced the return of a newer and more dangerous version of the Skimer malware.

TATMs hackedhe report characterizes Skimer as an especially dangerous malware that turns whole ATMs into card-skimming machines. The malware first appeared in 2009 and has been distributed at ATMs all over the world.

The majority of ATM fraud takes place through card skimming. Card skimming is usually physical, as criminals typically install an illegal card-reading device into ATMs, film people entering their PINs on keypads, and then create duplicate cards for sale and use, reports the New York Times. Fortunately, users can uncover these card skimmers because they’ll spot a problem with the card reader or notice an unusual camera.

Gas pump skimmerSkimer is particularly problematic because it is software-based. The article explains the threat is undetectable to the common ATM user since there is no physical sign of the ATM being tampered with. The Russian-based program lets criminals access an ATM remotely, install the malware, and then gather data such as PINs, card numbers, and account numbers over the course of time. A “money mule” can then insert a special magnetic stripe card into the ATM to access the stolen data, take out money, or print card numbers onto a receipt.

The attack begins by gaining access to the ATM system either through physical access or via the bank’s internal network. Then Backdoor.Win32.Skimer malware is installed which infects the core of the ATM. The ATM core is responsible for the machine’s interactions with the banking infrastructure, cash processing, and credit cards. After that, the ATM has become a skimmer. The compromise allows the attackers to withdraw all the funds in the ATM or grab the data from cards used at the ATM, including customers’ bank account numbers and PIN codes.

Kaspersky logoKaspersky is trying to help banks detect Skimer and is providing techniques for identifying affecting machines and securing their ATM networks in the future. Sergey Golovanov, a principal security researcher at Kaspersky Lab explains it is possible for banks to stop Skimer.

We have discovered the hardcoded numbers used by the malware, and we share them freely with banks … they can proactively search for them inside their processing systems, detect potentially infected ATMs and money mules, or block any attempts by attackers to activate the malware

To prevent ATM attacks, Kaspersky recommends that banks:

  • Perform regular AV scans,
  • Use whitelisting technologies,
  • Have a good device management policy,
  • Enable full-disk encryption,
  • Protect the ATM’s BIOS with a password,
  • Only allow HDD booting,
  • Isolate the ATM network from any other internal bank network.

ATM fraud continues to growDespite a way to control Skimer, ATM fraud continues to grow according to BI. A recent FICO study found the number of compromised ATMs in the U.S. surged 546% from 2014 to 2015, thanks in large part to the slow EMV migration of debit cards and ATMs. The article speculates that EMV upgrades would stop Skimer. The resistance to EMV means ATM fraud could grow even more from 2015 to 2016.

John Heggestuen, at BI Intelligence, explains that EMV cards are being rolled out with an embedded microchip for added security. The microchip carries out real-time risk assessments on a person’s card purchase activity based on the card user’s profile. The chip also generates dynamic cryptograms when the card is inserted into a payment terminal. Because these cryptograms change with every purchase, it makes it difficult for fraudsters to make counterfeit cards that can be used for in-store transactions.

EMV cardsRetail card fraud cost U.S. retailers approximately $32 billion in 2014, up from $23 billion in 2013. To solve the card fraud problem across all channels, payment companies and merchants are implementing new payment protocols that could finally help mitigate fraud. In the article, BI’s Heggestuen describes some of the other technologies that financial institutions are utilizing to reduce fraud risks.

Encryption of payments data is being widely implemented. Encryption degrades valuable data by using an algorithm to translate card numbers into new values. This makes it difficult for fraudsters to harvest the payments data for use in future transactions.EncryptionPoint-to-point encryption electronically changes sensitive payment data from the point of capture at the payments terminal all the way through to the gateway or acquirer. This makes it much more difficult for fraudsters to harvest usable data from transactions.

Point-to-point encryption
Tokenization increases transaction security. Tokenization assigns a random value to payment data, making it effectively impossible for hackers to access the sensitive data from the token itself. Tokens are often “multiuse,” meaning merchants don’t have to force consumers to re-enter their payment details. Apple Pay uses one emerging form of tokenization.Tokenization
3D Secure is an imperfect answer to user authentication online. One difficulty in fighting online fraud is that it is hard to confirm that the person using card data is actually the cardholder. 3D Secure adds a level of user authentication by requiring the customer to enter a passcode or biometric data as well as payment data to complete a transaction online.

rb-

The best recommendation to protect yourself from Skimer and other ATM threats is to use the ATMs at your bank or credit union. These ATMs are harder for thieves to install any type of skimmers or malware on because of the higher traffic and monitoring. ATMs located outside a financial institution like at a 7-11 are highly suspect.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , , ,
| June 17, 2016
Comments Off on Your Next Job

Your Next Job

Your Next JobHate your job? The Business Insider says that only 19% of IT professionals are really happy at work. Still feeling the bite of the 2008 depression, market correction, recession, recovery that wont recover? Here is an out-of-this-world opportunity. NASA wants you to apply for a  job on Mars.

Work on Mars

The space agency released a series of recruitment posters that advertise potential positions that may one day need to be filled on Mars. The posters feature ads for farmers, surveyors, teachers, technicians, and other positions.

Journey to Mars‘ (PDF) plans to colonize the Red Planet envisions people living and working in Martian colonies beginning in 2030.

You can download all the posters from the NASA website.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| June 11, 2016
Comments Off on What You Need To Know About Germs on Your Cell

What You Need To Know About Germs on Your Cell

What You Need To Know About Germs on Your CellOver 2.6 billion Americans now have a cell phone. And they are walking around with some nasty stuff on their phones. I’m not talking about porn or malware but real viruses. An article by Caroline Kee and Taylor Miller at Buzzfeed found that most phones are covered with some pretty scary germs.

Swab cell phones for germsThe author took swabs of people’s cell phones to prove the point. Ms. Kee shared her swabs with Dr. Susan Whittier from Columbia University. They found that all phones had germs, bacteria, protozoa, viruses, and fungi on them, some of which are good for us and some of which are bad for us. The tests revealed that most phones had five kinds of harmless germs from the skin, mouth, nose, and environment.

Staphylococcus epidermidis (not aureus): Dr. Whittier says if you were to just swab your skin, this is what you’d find. It is normal and would get on the phone from regular daily use, like touching or talking on it.

All phones had germs, bacteria, protozoa, viruses, and fungi on themMicrococcus: Dr. Whittier says this makes up the normal skin flora, especially on the face. Everyone has different skin bacteria; it depends on the person. It can get on your phone if you touch your face a lot or talk on it often.

Streptococcus viridians: This bug lives in the mouth and throat, so it can get on your phone from talking, your fingers after touching your lips, coughing, etc. It’s usually harmless, but it can also cause infections in vulnerable people.

Moraxella: This is from sinuses, and it’s often found in people with recurrent sinusitis or post-nasal drip. In high levels, it can cause inner ear and bloodstream infections. It’s still a pretty normal thing to find on a phone.

25,000 germs on a cell phoneBacillus: Bacillus is a common bacteria from the environment, so it’s basically a sign that you’ve been outdoors. A lot of Bacillus means the phone is super dirty.

The bad news is that pathogens – potentially disease-causing strains of bacteria – were found on some of the phones tested. This is alarming. Think – salmonella, Ebola, bird flu, etc.

The most dangerous bug found on a phone was MRSA. MRSA, the flesh-eating bacteria, is a Staphylococcus aureus bacteria that is resistant to many antibiotics, including methicillin. It can cause serious infections in the skin and internal organs and can be fatal in vulnerable people. MRSA can spread easily between people and surfaces—often in health care settings, but it can also live on surfaces like subway handles, doorknobs, community bathrooms, showers, and especially gyms.

MRSA, the flesh eating bacteriaColumbia’s Whittier explained, “It’s a little worrisome for a phone to test positive for MRSA because it isn’t part of our normal flora.” We also know that MRSA loves to lurk on gym equipment and locker rooms, so it’s not completely abnormal to have it on your phone. About half the population carries Staph aureus with no problems. But this also makes it easy to spread between people and causes disease. Dr. Whittier warns that if Staph aureus gets into an open wound, it can cause major skin and blood infections, which can result in boils, food poisoning, toxic shock syndrome, and even death.

Poop. You’ve heard of E. coli. E. coli outbreaks have shut down restaurants like Chipotle and have caused many supermarket foods recalls. It was found on mobile phones. It’s a fecal organism, so it’s usually found in poop, but it can also live in the gastrointestinal tract along with other gut bacteria. Buzzfeed reports there are different types of E. coli, and some strains are way more pathogenic than others.  E. coli has the potential to cause serious food poisoning and even death.

E.Coli bacteria

E. coli infections spread through the fecal-oral route. You will get sick if you touch your mouth with contaminated hands after using the bathroom or touching fecal matter. It turns out this is very common. In 2015, Verizon found that 90% of cell phone users use their mobile phones in the bathroom. A 2013 study by Michigan State University found that just 5% of people properly washed their hands after using the bathroom.

The Columbia MD warns this is why you shouldn’t bring your phone to the bathroom or use it while eating. E. coli on a phone could be from the person’s stool if they didn’t wash their hands or another person’s stool if the phone went into a public bathroom because fecal matter sprays everywhere when the toilet flushes

Dont bring your phone to the bathroomWhat to do? Even if you’re an avid hand-washer, your phone can still pick up germs all day. The Buzzfeed article makes two recommendations to keep your phone safe. Keep your mobile phone out of the bathroom (where gross stuff like Norovirus lurks). And don’t use your cell phone while you’re eating since that can transmit bacteria and viruses to your mouth and get you sick.

How can you keep those nasty bugs off your phone? The article recommends cleaning your phone once a week using this magical “phone soap.” It’s not actually soap — it’s a charger box that shoots out UV lights that “kill 99.9% of germs using UV rays” at Amazon.

rb-

Back in 2013, I wrote about dirty mobile phones spreading Ebola here.

Wash your handsThe advice from 2012 on how to disinfect your cell is still the same as in 2016. Use a soft, slightly damp, lint-free cloth. Avoid getting moisture in openings. Don’t use window cleaners, household cleaners, aerosol sprays, solvents, alcohol, ammonia, or abrasives to clean your iPhone. The front and back glass surfaces have an oleophobic coating. To remove fingerprints, wipe these surfaces with a soft, lint-free cloth. The ability of this coating to repel oil will diminish over time with normal usage, and rubbing the screen with an abrasive material will further diminish its effect and may scratch the glass.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , ,
| May 29, 2016
Comments Off on U.S. Memorial Day 2016

U.S. Memorial Day 2016

Remember, Memorial Day is about them:

U.S. Memorial Day 2016

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Holidays | Tags: , ,
« Older Entries   Recent Entries »