Mac Malware

No, Mac Users Are Not Immune To Malware

Macs. They’re like a high school quarterback. They’re good looking, trendy and all the girls want one.

I like Macs. For a lot of the same reasons most people do. They’re nice looking and they’re as reliable as their user allows them to be. While we’re at it I’ll make an exception for the newer Mac Book models. Much like their handheld counterpart, the iPhone, they’re headed in the wrong direction design-wise. Apple, stop minimizing the amount of ports in your devices.

I’m on my way to a point. Don’t worry.

The common justification someone will give me when I ask why they want a Mac Book is this: They don’t get viruses.

This is of course, not true. I’ve explained this briefly in my Russian hacking article. You can get more detail about the matter there. For now I want to talk about the most recent threat to the 3.5% of users around the world who use Mac OS X: OSX/Dok. Dok is a newly discovered form of malware that was first seen in May and is getting some attention in tech media right now.

OSX/Dok was originally develop to basically spy on OS X users but has since been modified to allow its implementer to steal money and banking credentials. Like most common forms of malware it is dependent on phishing methods, therefore human interaction is necessary for the malware to be implemented. So the more you know about phishing scams, the less likely you will be to fall for one. However, these scams are becoming more sophisticated by the month making it increasingly more difficult to spot one.

Check out this detailed article via ZDNet for more information about OSX/Dok.

Read more...
KeeFox KeePass Ubuntu

Installing KeePass and KeeFox on Ubuntu 16.04

I’ve found numerous instructions with varying techniques on how to properly install KeePass2 and integrate it with KeeFox on Ubuntu Desktop 16.04. Unfortunately, following the wrong directions lead me to backtrack numerous times and the whole process seemed like it was more trouble then it was worth. Luckily for you, I’ve gone through the pain so you don’t have to. As of the day of this post’s publishing this is the technique that will yield the desired results.

Step 1: Install KeePass and Mono

KeePass2, of course, is your password database program. Mono is an open-source implementation of the Windows .NET Framework. It helps certain programs, like KeePass function properly in both Windows and Linux.

Installing KeePass on Ubuntu 16.04

Do not download KeePass2 via terminal. If you have done this, uninstall it using this command:

  sudo apt-get remove keepass2

Instead, visit the KeePass official download page. Download the latest portable version of KeePass in ZIP format.

Once downloaded, extract the contents of the ZIP into the directory of your choosing. I chose “home/{user}/keepass2”.

Installing Mono

In order to use KeePass, we need to install mono. To do this, we need to add the proper repositories and install mono. Open up terminal and execute these commands:

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
echo "deb http://download.mono-project.com/repo/ubuntu xenial main" | sudo tee /etc/apt/sources.list.d/mono-official.list
sudo apt-get update
sudo apt-get install mono-complete

Step 2: Install KeeFox

Open up Firefox (which you are probably viewing this post with) and visit the KeeFox download page.

Install Keefox normally, restarting Firefox when installation is complete.

When Firefox starts up again, you should be greeted with an orange KeeFox page. If this is not the case, click on the new KeeFox icon in the top right of your tool bar and click “Launch KeePass”. Here there will be some instructions which may look familiar. Ignore these and let’s move on to step 3.

Step 3: Configure KeeFox

Next, we need to copy a plugin file from the KeeFox extension’s folder into our KeePass2 plugins directory. Use this command (replace {} fields to reflect yours) to copy it:

sudo cp /home/{username}/.mozilla/firefox/{****}.default/extensions/keefox@chris.tomlinson/deps/KeePassRPC.plgx /home/{user}/keepass2/Plugins

Now that our plgx file is where it needs to be, let’s set up KeeFox’s default folders. Click the KeeFox icon and select “Options” and open the “KeePass” tab.

Integrate KeeFox on Ubuntu

Enter the correct directories for KeePass and mono installations as shown in the image above (replace the bracketed text for your username) and click on the “Remember” checkbox.

Restart Firefox and you should be ready to go.

 

Read more...

2016: A Hack Odyssey

What is Hacking?

As of late, the media has been saturated with topics about hacking, leaks, phishing etc. For the most part these terms are used quite loosely and without explanation. This blog was never intended to be geared toward politics. I figure if these terms are being tossed around in the news the general public is going to need some knowledge in these areas before they could make a decision based on what the media reports.

The form of “hacking” that these media stories are generally referring to is simply defined as using a computer or electronic device to maliciously gain access to information which does not belong to you. The terms “hacker” usually conjures thoughts of a person in a dark room, wearing a hooded sweatshirt, incessantly clicking away at his keyboard while little green letters and numbers dance across the screen faster than anyone could comprehend. Hacking is more often than not seen as criminal and unsavory. However, a hacker could just describe someone who is proficient in computing and programming. It’s usually quite benign. You just don’t hear about it because it’s not interesting and not worth a news story. Some of these “hacking” techniques you read about serve legitimate purposes.

Consider this: You’re the CEO of a new and quickly growing online business. You have a big meeting today and a power-point presentation saved on your MacBook. The same MacBook you’re kid watched Shrek on the night before. Before your meeting, you power it on, type your password in… and it doesn’t work. You try again and again. You can’t bother the kid. He’s in school. You bring the computer over to your tech guy and he manages to gain access to the laptop. The day is saved. You change your password, go to your meeting, have your presentation, make a billion dollar deal, buy a boat, thank your computer guy, buy your computer guy a Ferrari, thank your computer guy, THANK YOUR COMPUTER GUY, BUY HIM A BOAT THNAK YUR COMUTER GUY …

My point is you gained access to something you did not have access to. That is hacking. Hacking isn’t always criminal. Hacking isn’t always bad. Look at the context. Look at the motive. Thank your computer hacker guy.

Lex: I’m a hacker!
Tim: That’s what I said: you’re a nerd.
Lex: I am not a computer nerd. I prefer to be called a hacker!

– Jurassic Park (1993)

“Hacking” in Recent National News

The 2016 US presidential election and events leading up to it produced stories of hacking and international espionage covered extensively by large media outlets. Big news stories, especially those in reference to the big event that happens every four years, are conducive to water-cooler talk. Everyone is taking whatever chance they get to stay in the know on current events for when the topic comes up when they are talking with their co-workers and friends. They want to be as informed if not more informed than their friends. As well as these stories are reported (well, sometimes they are) very few of them actually attempt to define the terminology they use. The recent election gave us a number of stories involving technology and hacking. Let’s go over a couple of them to hopefully give you a better idea of what they mean and why it is important to understand the difference between them.

 

The DNC and Podesta Emails a.k.a. Password is Password

Before we jump into any of this let me tell you as tempting as it is to discuss whether or not Russia had anything all to do with any of these items is irrelevant. So I’ll do my damnedest not to go off on a tangent in the middle of typing this. Anyway.

On the March 19, 2016 John Podesta, Campaign Chairman for Hillary Clinton received what is called a “phishing email”. A phishing email is an email that is sent to a person with the intention of the recipient performing an action in response to the email that allows the sender to gain access to information. The email is commonly meant to appear perfectly legitimate and not suspicious to most people. In the case of Podesta the email was meant to look like a simple notification from Google asking him to change his password. The email contained a link to a web page containing username and password fields. After entering that information and sending it forward the sender gained access to the username and password of John Podesta’s Gmail account. His emails were collected and given to the Wikileaks organization. Wikileaks then displayed the collections of emails on their web page.

Good to know!:

Do not confuse a “leak” with a “hack”. Many news sources fail to make this distinction apparent. In this instance: the hack is the obtaining of information. The leak is the release of the information to an interested party. That’s how these terms should be used in this example. A leak is not always a hack.

Phishing is a common practice. Government officials and working class citizens alike are susceptible to these types of attacks. Hackers send these emails to working folk like myself in hopes of locking us out of our accounts, obtaining personal information, credit card numbers, social security numbers, you name it. John Podesta was specifically targeted. However common people are often not. Lucky for us, there are things we could do to make sure this doesn’t happen to us.

 

How to Protect Yourself from Phishing Attempts and Password-Related Hacks

1. Use sophisticated and lengthy passwords.

This is the most important thing. If you are going to make any attempt to protect yourself online, do this one thing. Guess what? I know P@55woRd seems like a safe bet to you, but to someone with intent to gain access it is nothing. Make your password as unpredictable as possible. Anytime you are asked to create a password online as soon as you see this field to type it in, STOP. Take a minute. Take five. Think of something completely outrageous and random. The longer the safer. Use numbers. Not your kid’s birthday. Not your house number. Random numbers. Instead of putting them at the end of the password. Stick the numbers in the middle. You get the idea. BE UNPREDICTABLE.

2. Make your passwords unique.

Do not use the same password twice. No matter how much of a hurry you are in. I understand it’s hard to remember multiple passwords. You can use a safe and encrypted password vault like KeePass to store them. KeePass is effective, free and open source.

3. Change your passwords periodically.

Online sites have security breaches often. And for that reason alone it is important to change your passwords regularly. Have I Been Pwned is a website that you should visit to make sure your online accounts have not been compromised. Data on the site shows over 350 MILLION MySpace accounts have been compromised to date. So if you’re like me and you’ve had a particular email account for over 10 years you should check if you’ve been “pwned” yourself.

4. Make sure your email provider utilizes spam filters and antivirus/antimalware protection.

5. Know what a “phishy” email looks like.

As I stated earlier, these phishing emails often look legitimate to an untrained person. There are some key factors to consider when you are checking an email for legitimacy. Any time an email asks you for any information you should be suspicious. No matter who it is supposedly from. If an email brings you to a web page, make sure that page in secured and the connection is encrypted. To do this just take a look at the upper left hand corner of the screen, just before the URL.

 

If the URL bar does not show this green text and lock icon, you should think twice before entering any personal information on that page (especially banking information).

Ghost in the Machine

On the night of December 31, 2016 the Washington Post reported that a laptop in a Vermont power plant contained a malware code associated with a Russian hacking operation. The report turned out to be inaccurate and has since been removed from their website (the link to the article is archived courtesy of archive.org.)(UPDATE 7/10/17: The web archive link is dead now.) It kind of makes you feel as though there’s another cold war happening under our noses. This one is being carried out by little men with pocket protectors and thick black-rimmed glasses guzzling down coffee and “out-coding” each others computers. Right? That’s how computers do things? No. Not at all actually. However, this brings another form of cyber attack, cyber-security lingo into the homes and offices of the American populous. MALWARE. It even sounds icky and infectious. Doesn’t it?

As if that wasn’t confusing enough the U.S. intelligence community has a name for this alleged Russian cyber-attack campaign. GRIZZLY STEPPE. Geez. I don’t know whether to be scared or giggle to myself in a corner. In all seriousness this terminology is intimidating to say the least. The sad truth is that the layman does not have the knowledge and usually doesn’t have the time to conduct their own research. And to delve into the web to learn about these things is… well, quite frankly it is pretty boring. And yet that’s why I have a job. I’m bored so you don’t have to be.

In addition to the hastily written claim of Russian malware infecting “the grid”, according to sputniknews.com the U.S. intelligence community claimed that “876 unique IP addresses were used to infiltrate the Democratic National Committee and John Podesta’s email accounts.” The details of how they got that information are not 100% clear, but this brings up another valuable line of defense when you are connected to the internet. FIREWALL.

A decent router is commonly the first line of defense against intrusion. Organizations all over the world scan IP addresses 24/7. Some of these scans are port scans, looking for open ports in someone’s firewall. They could then use these open ports to try and force their way into a network’s infrastructure. Some of them with malicious intent. A restrictive firewall is important in keeping unwanted visitors out. Some firewalls have the function of even blocking any IP belonging to a specific country. Worried about uber Russki haxxorz? Enable GeoIP Blocking on your router.

 

Dealing with Malware

You’ve heard it at least once before. “I love Apple. I use a Macbook because Macs don’t get viruses.”

There are several types of malware. And they all stink! Malware files can render your computer unusable, allow an unknown party to manipulate your computer, generate ads and more. Basically its job is to make your day ten times worse than it already was and usually try to steal your information. Malware is malicious.

Let’s go back to the claim at the top of this portion. The claim is in a way both true and false. In a way. As of the release of this blog post netmarketshare.com shows that 88.67% of the computer operating system market is dominated by Microsoft Windows. Even after considering that, another 2.21% belongs to Linux (primarily used on servers like the one this website is hosted on). That leaves 9.12% of the market belonging to the Mac OS X operating system. So, put yourself in a hacker’s shoes for a moment. Your job is to program viruses and malware to infect systems and gain access to information etc. Are you going to write code compatible with Mac and ignore 90% of the population of the world? Probably not. So are Macs more secure? It just depends on how you look at it. The fact is Macs are susceptible to infection just like Windows. It just isn’t as big of a target.

Dealing with most malware is quite simple. Windows Defender (standard on Windows) is surprisingly effective at detecting malware in real-time. I always teach my clients that the best defense against viruses and malware is to be responsible users and be smart about what you do online. Going on an all-out clickfest can be fun on those lonely nights but it has its consequences. Be especially careful if you are accustomed to torrent downloading. The torrent community is a hotbed of viruses and malware. And if you find yourself in one of those “oopsy” moments and you clicked 6 ads for prostate pills off your screen and your machine is doing somersaults before your eyes be sure to at least have Malwarebytes installed. Malwarebytes has long been an industry standard in malware removal. They have a free version and they update it frequently.

Stay Informed

So don’t fret. Keep yourself informed and use these practices to keep you and yours safe whether it be from the hacker elite or just your nosy coworkers. Stay current and reset your passwords. And if it hits the fan you could always give me a call. Don’t worry. If your spouse or your boss asks me why I had to fix it … it was the Russians.

 

 

 

 

Read more...

The Loch Tech Blog

Hello World!

As I continue to make preparations and complete this website piece by piece I would like to take a break from the hard work to simply introduce the Loch Tech Blog. I’ll give you a quick rundown of what type of content you could expect from us in the future.

The Loch Tech Blog will be a weekly blog focused on the technology industry. The main purpose of the blog is to keep our guests informed of the latest developments in many fields ranging from cyber-security to consumer electronics. I also plan on writing opinion pieces on these topics to provide my own two cents. No gimmicks, nothing to sell just a place to come for news and thoughts. Everyone is welcome. This is going to be a main empasis of our mission statement (once I have that page up, that is.) Other tech companies Ive observed base their model on putting little effort in and hoping their clients stay blind. My plan is to change that way of doing business. I want to make sure our clients understand their technology and why they should care about it.

The current state of Loch Tech

Loch Tech is currently in its infancy. I’m just one guy trying to get this project off the ground and I’ve been trying to for some time now. I have big plans for myself and for the company. Before I could put the effort I would like to into this blog I will have to build around it first. The website at this point is nothing more than a few words on the front page. That being said it’s time to get back to work. I look forward to providing news and other content to this blog in the future. Until then…

-Anthony Loch

Read more...