Category Archives: Internet – Security Information

News articles about Internet security

Russian hacker warning: How to protect yourself from network attacks | ZDNet

…with home users and small businesses said to be vulnerable to these exploits, there are concerns that these individuals and organisations will remain vulnerable to attacks because the users don’t understand how to secure the devices.Even the NCSC advisory says the very reason attackers select these devices is they’re known to be vulnerable and are often not patched.”Network devices are often easy targets. Once installed, many network devices are not maintained at the same security level as other general-purpose desktops and servers,” said the advisory.It added how few of these devices run antivirus or security tools and that “manufacturers build and distribute these network devices with exploitable services, which are enabled for ease of installation, operation, and maintenance”.The report urges manufacturers not to design products to support legacy or unencrypted protocols and to design the devices so that users are required to change the default passwords before using the device.

Source: Russian hacker warning: How to protect yourself from network attacks | ZDNet

The dots do matter: how to scam a Gmail user

Gmail users Beware! Look carefully at the TO address [not just the FROM address] when you get a suspicious email!

I recently received an email from Netflix which nearly caused me to add my card details to someone else’s Netflix account. Here I show that this is a new kind of phishing scam which is enabled by an obscure feature of Gmail called “the dots don’t matter”. I then argue that the dots do matter, and that this Gmail feature is in fact a misfeature.

Source: The dots do matter: how to scam a Gmail user

Omitting the “o” in .com Could Be Costly — Krebs on Security

Take care when typing a domain name into a browser address bar, because it’s far too easy to fat-finger a key and wind up somewhere you don’t want to go. For example, if you try to visit some of the most popular destinations on the Web but omit the “o” in .com (and type .cm instead), there’s a good chance your browser will be bombarded with malware alerts and other misleading messages — potentially even causing your computer to lock up completely. As it happens, many of these domains appear tied to a marketing company whose CEO is a convicted felon and once self-proclaimed “Spam King.”

Source: Omitting the “o” in .com Could Be Costly — Krebs on Security

Beware the smart toaster: 18 tips for surviving the surveillance age | Technology | The Guardian

The Internet has become a place for espionage, dirty tricks, hacking, and surveillance…. even as it still provides useful information and connectivity. The task is to be aware of the dangers in order to benefit from the usefulness.

We’ve come a long way since the web was just a fun place to share cat gifs – now it’s a place mostly dedicated to finding and selling your personal info. Here’s what you need to know in this new era

Source: Beware the smart toaster: 18 tips for surviving the surveillance age | Technology | The Guardian

Cambridge Analytica Whistle-Blower Contends Data-Mining Swung Brexit Vote – The New York Times

This may be a bit of a stretch for a LeverettNet Blog, but the article provides a good overview of the dangers associated with “data mining” from social networks: In other words, what the social media companies do with the information they collect about users of these sites.

Click on the picture or the headline to go to the article.

URL Homograph (Unicode) Attacks

More than a decade ago ICANN (the Internet registration authority) allowed the registration of internationalized domain names, regionalized for various languages and alphabets, spelled using Unicode characters. Some of these Unicode characters are visually identical to standard Latin characters. This visual resemblance has opened the door for attackers to register domains that can fool users that don’t pay close attention to the URL string. The use of these visually identical characters for malicious purposes is called a “homograph attack.”

How can we protect ourselves from homograph attacks?

Browser tools have been created, such as Punycode Alert and the Quero Toolbar, to aid users in alerting them of potential homograph attacks. Users have the discretion of adopting them alongside the built-in security mechanisms in today’s browsers. However, no tool can replace vigilance when browsing online and a solid cybersecurity hygiene. This includes:

    • Regularly updating your browser (They may be your first line of defense against homograph attacks)
    • Confirming that the legitimate site you’re on has an EVC
    • Avoid clicking links from emails, chat messages, and other publicly available content, most especially social media sites, without ensuring that the visible link is indeed the true destination.

Remember: Eyes open.

Stay safe!

The team from Phish.ai has developed and released a Google Chrome extension that can detect when users are accessing domains spelled using non-standard Unicode characters and warn the users about the potential of a homograph attack.

Source: Chrome Extension Detects URL Homograph (Unicode) Attacks

Spectre and Meltdown: What You Need to Know Right Now – SANS Internet Storm Center

By now, you’ve heard about the processor vulnerabilities affecting almost every processor in common use today; those vulnerabilities are called Meltdown and Spectre. … Below are advisories of most of the relevant companies. The patches should be considered preliminary to protect against the most obvious paths to this vulnerability, but future patches are likely planned to deal with the potential significant performance hits from these patches and for better mitigation coverage. Spectre, in particular, will require follow-on patching. Due to the nature of these patches, reboots will be required. So in the short term, patch and reboot everything.

Source: Spectre and Meltdown: What You Need to Know Right Now – SANS Internet Storm Center