malware

Linksys routers are under attack, and here’s what you can do about it

Dave Farquhar security , ,

A couple of my college buddies posted a link to an Ars Technica article about Linksys routers getting hacked. Sorry I didn’t find it myself, I’m prepping for a job interview. Excuses, excuses, I know.

Researchers have been doing this kind of stuff for at least a year, but now we’re seeing the bad guys do it. It was just a matter of time, because bad guys are going to attack whatever is easiest to attack, and consumer routers are direct-connected to the Internet and their security isn’t really all that much better today than it was when Linksys released its first router in 2000.

What’s worse is that two of the affected models, the Linksys E1000 and E1200, are no longer supported by Linksys. The answer is DD-WRT. Visit the linked page, type in the name of your router, check the version (it’s on a sticker), then load DD-WRT like you would load Linksys firmware. If you’re not comfortable doing it, a computer-savvy friend or acquaintance can do it in half an hour for you. I’m running DD-WRT on two routers myself, and put it on my mother-in-law’s router, and find there’s no comparison between it and anything any of the manufacturers are shipping from the factory.

Is its security perfect? Probably not, but it doesn’t even have the feature this exploit is using. And turning off undesirable features is the beginning of good security.

More details on the Target hack come to light

Dave Farquhar security , , , , ,

Yesterday I read, via Ars Technica, that the malware resided on cash registers (which I’d heard elsewhere before), and that the first step to getting there was via a compromised web server.

And that led to a question in the comments, that sounds like it came from an IT professional:

don’t they have their network segregated into zones!!!? It shouldn’t be possible for a web server to touch a POS system in a store….

The commenter right, it shouldn’t be. But it doesn’t need to be, either. Read more

Another day, another router backdoor

Dave Farquhar security , , , , , , ,

Ars Technica dropped this bombshell toward the end of the day yesterday: A backdoor in Linksys and Netgear (and possibly other) routers. The exploit works on a weird port, so it’s not remotely exploitable, nor is someone going to drop it with some crafty Javascript like the recent D-Link backdoor, but it’s not out of the question at all for malware to do a pivot attack. Here’s how it would work: Once a computer is infected, it could attack the router and infect it too, so that once someone disinfects their computer, the router could re-infect the computer at a later date. A router is a great place to hide, because nobody looks at it, and they have ample storage on them to exploit..

What can you do about it? Read more

Hostsman makes it easy to block malware with a hosts file

Dave Farquhar security , , , ,

I’ve written before about using the hosts file to block domains that are hosting malware. The idea is pretty simple. There’s a known list of domains that are either hosting or controlling malware, so by blocking your computer from accessing those domains, you make it much harder to get infected in the first place, and in the event that you do get infected, at least you block access to the command and control servers.

The problem is that Windows doesn’t make this easy. Well, I found an easy way: Hostsman. You can have it up and running in minutes.

Update: Don’t mess around with hosts files. It’s more efficient and more effective to change DNS servers instead.

Read more

How to edit a hosts file in Android

Dave Farquhar Android , , , ,
How to edit a hosts file in Android

Someone asked me how to edit a hosts file in Android, which was a trick I used to recommend in Windows. Editing a hosts file is really two questions: Do you really want to edit it, or do you want to replace it?
Read more

The outbound firewall controversy

Dave Farquhar security ,

So, do you need an outbound firewall? Two people say no.

I agree but I disagree. I like the idea behind an outbound firewall, but in practice, I find they don’t work. The human element makes them fail. Whenever a computer asks for permission to do something, people generally fall into two camps: People who say yes all the time, and people who say no all the time. With the people who say yes all the time, the malware gets to do whatever it wanted anyway, so the firewall fails to do its job. With the people who say no all the time (Why does Internet Explorer want to connect to the Internet?), nothing works.

Ultimately, the argument against them is that if you don’t trust a piece of software to connect to the Internet, you shouldn’t have that software on your computer at all. I agree completely with that argument. Only install trusted software that you get from trusted sources, learn how to check the MD5 or SHA1 signatures to ensure the software is what it says it is, and then and only then install it.

A firewall is one of the most basic of security tools. You need one to protect yourself against basic threats. Not having one is negligent. But trying to turn that firewall into something other than a basic tool–something it’s not–generally isn’t going to get you very far. A firewall with training wheels on it isn’t a substitute for security awareness.

And here’s the thing. The Windows built-in firewall does block certain outbound connections, mostly on antiquated ports that are generally used for malware more frequently than for legitimate purposes anymore. It just doesn’t jump up and down and tell you that it’s doing it. It just quietly does its job, which is exactly what you want your firewall to do.

How to make an LG LD301EL dehumidifier drain the water out of a hose instead of the bucket

Dave Farquhar Landlording , , , ,

I recently came into possession of an LG LD301EL dehumidifier. It was supposed to be draining out of the hose, but it wasn’t. I figured out why.

If you have one of these or a similar dehumidifier, chances are you have the same problem. The instructions on the back of the dehumidifier aren’t as clear as they could be and the diagrams are tiny. The manual doesn’t quite seem to explain it either. If you don’t have the manual and don’t want to download one from a dodgy web site–and as a computer security professional I recommend that you don’t (more on that at the end)–here’s how to get it done.

Read more

Reports of the Droidpocalypse have been greatly exaggerated

Dave Farquhar Android, security , , , ,

I was listening to the excellent Risky Business analysis of the Droidpocalypse  this week, and I’m happy to report that the vulnerability that affects 90% of Android devices ever made, while serious, is vastly overstated. Read more

Cyanogenmod 10.1 runs surprisingly well on a Nook Color

Dave Farquhar Android , , , , , ,

Cyanogenmod–the open-source distribution of Android for undersupported/abandoned devices–went to version 10.1 this week. Version 10.1 is based on Android 4.2.2, so it matches what’s in stores right now.

My Nook Color was sitting unused, so I figured I had nothing to lose by loading Cyanogenmod 10.1 on it. It was slow and laggy and crashed a lot under 7.2, so it wasn’t like it could be much worse.

Read more

How I accidentally found a way to mess with “Peggy”

Dave Farquhar scams, security , , , ,

“Peggy” from “Computer Support Department” just won’t give up. He called me again at about 8 PM this evening. This time, I played along. I had a thrift-store junker PC for him to infect with his malware. The only problem was, the hard drive wasn’t connected and neither was the power cord. So I quickly hooked all that up, booted up, and then played along.

“I want you to click on Internet Explorer.”

“OK.”

“What do you see?”

“Page cannot be found.”

Thus I learned that Peggy isn’t very good at troubleshooting network issues. Read more