Google is attempting to notify DNSChanger malware victims before they lose internet connectivity

Posted over on the Google Blog, you will find an article titled, “Notifying users affected by the DNSChanger malware“.

They tried this last year with limited success, but this time, they are more serious about it and the chances are good that you are, in fact, infected if you receive the message, “Your computer appears to be infected. We believe that your computer is infected with malicious software. If you don’t take action, you might not be able to connect to the Internet in the future.”

What is this malware anyway?  DNSChanger affects DNS only, as the name applies, and redirects queries to other websites. Some of the affected DNS servers have been replaced with temporary servers, however, on July 9th a court order will expire and those DNS servers will be shutdown, causing potentially hundreds of thousands of computer users to be without internet connectivity.

For more information about DNSChanger, malware in general or any other computer security related issues that may affect your business, please call 864.990.4748 or use our handy CONTACT FORM.

 

76

Physical Security: Cracking a MEILINK safe with a lost combination is actually possible! #SafeCracker

MEILINK Fire Safe

A similar MEILINK fire safe

Do you need to get in a locked safe? Are you wanting a new career as a safecracker? Boy do I have news for you – It’s easier than you might think.

My wifey has a MEILINK fire safe that holds important documents like birth certificates, and the millions of dollars in spare change we have (bah!) which is rarely accessed, and never locked. It’s just for fire purposes, not really security.

Wellllll, long story short, somehow this safe got locked. I blame the cats. But either way, it was locked, and Pamela McAbee Hoyt could not remember the combination. She thought she knew it, but wasn’t sure. She came up with 5 or 6 numbers that she was pretty sure it could be, but questioned the order.

She wrote them down as she tried them. She spent HOURS trying to get into the thing, all the while getting more frustrated. Then she tore the house apart (literally, not figuratively), searching for the card that had the combination on it. Newp, nowhere to be found.

I called a locksmith and safe technician friend of mine, he said he would have to drill this safe that has been in her family for 30-40 years, which would leave it in an inoperable state without costly repairs, so that was not appealing.

I then tried to make contact with a man who claims he could “manipulate” the safe (crack it), but no response.

We called the manufacturer who could actually give you the default factory combination (for a fee) if you provide the serial number. There was no serial number anywhere on it (There is one INSIDE, but what good is that?!?!).

Sooooo, I googled for “how to open a meilink safe” and came upon several links, the most interesting of which was a fella with a very similar safe that he has lost the combination to. And in that article, he has further links to “How Mechanical Safes Work”, and one that was far more interesting to me, being a geek, entitled,  “Safecracking for the computer scientist” (updated link below).

I followed that last link and read it, not once, but a couple parts a few times.  From the article, I knew that I could go buy myself a massive drill and a diamond bit, and be in that puppy, but I was really drawn to the “manipulation” part, and after I had absorbed what I could, I pulled this safe out of its cubby hole into the living room, where I had light and wasn’t cramped and started working the dial. This was around 2:00 or 2:15 this morning.

Luck was on my side! The first number was easy to determine, obviously, that wheel was where the fence was making contact first, unlike in the article. And when I looked at the attempted combinations that Pamela had tried, guess what? It was one of the ones she had guessed at, in fact, it was her 3rd guess.

I found the 2nd and 3rd numbers were also the numbers she knew them to be, and actually in the right order.  But why was I able to open it when she could not?

She had used the correct pattern for that safe, which is:

  • Turn the dial to the right several times to “clear it”, stop on “0”
  • Turn the dial to the left (ccw) 3 times past the first number and stop on that number on the 4th go-round
  • Turn the dial to the right 2 times past the second number and stop on that number on the 3rd time around
  • Turn the dial to the left 1 time past the third number and stop on the 2nd time around
  • Turn the dial to the right until the dial stops
  • Twist the handle and pull the door open

Easy, right?

Yeah, kinda.  You see, when a safe ages, and especially if the people opening it for years have been kinda quick with the dial, it becomes worn and what may have been 55, could “drift” and be several numbers off.  There are lots of articles on the web about that, and my locksmith friend had told me that from the start.

That is apparently the case with this safe…  It has probably never been serviced and my wife admits to twirling that dial back in the day as fast as she could, so we’ll go with that.

Bottom line – the safe is open, and I have verified the combination works, multiple times now, and before it ever gets locked again, we’ll probably verify it a few more times.

Lessons learned include:

  • Put the combination in more than one location
  • Make sure someone else knows how to operate the safe besides you
  • Verify the combination works before locking the door closed
  • If you want to use it as a fire box, and not actually lock it, remove or disable the combination lock components
  • If the combination has never been changed, knowing the serial number could help – write it down
  • The internet is not just for porn. You can find some great articles that will help you become a safecracker =)

Need help getting in your own safe? Read those articles, you might surprise yourself.

Now if only I could remember the password to the file where I stored the safe combination.

UPDATE: 2019-06-03

It’s been 7 years since I posted this blog post, and I get emails, replies and phone calls all the time asking me to help.  I’m sorry, I cannot help you with your 40 year old safe located in Indiana.

Your options are:

  1. Contact a reputable locksmith that specializes in safes and have them either try to manipulate it, or drill it.
  2. Contact Meilink, who is now owned by Fireking.com it would appear, and if you are lucky and the combination has not been changed, and you have the serial number – pay them a small fee and they will send you the original combination.
  3. Attempt to manipulate it, or drill it yourself.

Here’s an updated link to the one above “Safecracking for the computer scientist”

If you managed to get into your safe using any of these methods, feel free to respond. I don’t approve all responses – but I will do so for any relevant information you send me.

Good luck!

John

UPDATE – 2021-03-07:

This article was originally published in 2012, and to this day, the author receives multiple inquiries per week about how to get into a safe, or change a combination.

While we try to answer all phone calls, emails, chat requests and even replies to this post, we typically end up passing along the same information.

We can’t give you a combination.  Your only hope is to contact the manufacturer and give them the serial number and see if they have the default combo.  Optionally, you can call a locksmith.

You can get more information from Meilink’s parent company here:

https://www.fireking.com/brands/meilink

UPDATE – 2022-03-01:

Another year has passed, and still phone calls, emails and responses come in asking if we can open a safe, give a default combination, change a combination, and the like. While I am sure we COULD – that is not what we do. We are a Business IT provider. We would LOVE to help you with your computer, server or network, business related issues. We offer sales, service, support, consultation for anything connected to your network in the Greenville and Upstate South Carolina area.

Let us help you with your business computer needs, and let’s leave the locksmithing to the professionals.

If you need assistance with a lock or safe, go to Google or your favorite search engine and put in “local locksmith near me” and you will be in business!

Good luck!

-John

Hard drive stolen from Miami’s Upper Valley Medical Center #encryption #dataloss #privacy

Here’s another case of a missing device from a medical facility… “Computer hard drive missing from UVMC hospital

A man walked into a medical center, and apparently stole a hard drive that from a computer in a patient admitting area near the main lobby.

The quote that gets me was “The hospital does not believe any patient personal information is contained on the hard drive”….

That’s great that they don’t believe there was anything important on it, but the thought that they COULD be wrong keeps haunting me.  If you have been following this blog for a while, you might remember the computer server that we recovered thousands of medical files from that was purchased on craigslist. I believe the previous owners also believed that server did not contain any patient personal information, but boy were they wrong.

Had the medical facility utilized free encryption that is included as part of the Microsoft Windows Professional operating system, not only could the hospital claim that they did not believe any data was contained on the hard drive, but they could also say that if, by chance, there is data on the hard drive, that thanks to encryption, it is highly unlikely that the data will be recoverable.

If you would like more information about how data encryption can be used for your mobile fleet of business laptops or even a desktop workstation that is in a publicly accessible area, please call us at 864.990.4748 or use our handy CONTACT FORM. We provide computer and network security to Greenville and Upstate SC!

 

Bovinova 2.0 / 2012 was a great experience! Did you miss it? If so, there’s always Bovinova 3.0 in 2013!

Okay, so this last weekend was amazing… Bovinova 2.0 blew the first event out of the water!

The bar has been raised considerably, so Bovinova 3.0 next year is going to have to be exponentially cooler to top it!

What IS Bovinova you ask? It is a big (no, bigger than “big”) BBQ! They roast an entire cow over a fire, and goat, lamb, chicken, turkey, hotdogs, hamburger and a llama. Wait, did this guy just say llama? You bet I did!

Also, during the Friday before the event, there is live entertainment, including a band, which I was lucky enough to play with for the second year running, and a local entertainer known as Tim TV who has his “Secret Cirkus” and they twirl lighted hulahoops and play with fire! (Eating it, fire-hooping, etc).

You can keep up with the Bovinova happenings at www.Bovinova.com

"Burnt Offering", the official Bovinova Band featuring John M. Hoyt and Joey Loman

Data Killer – Could tape & hard drive shredding & “DOD” wipes be a thing of the past?

Currently, the ONLY true way to ensure that your data is not recovered from an old hard drive is to destroy that drive by shredding it.

In the video below, you will see a device that has the potential for erasing the data using the same method that was used to record that information, albeit much more powerful.

It remains to be seen whether data will be truly rendered unreadable using the “Data Killer”, but in theory it could work, and the fact that the hard drive itself would remain operable is quite attractive.

One thing is for sure, a “DOD wipe” is not enough to protect your data. We have successfully recovered data that was erased or wiped using 5 passes or more of common software.

 

If you have backup tapes or hard drives that you would like to securely dispose of, please contact us in the Upstate of SC, we can arrange for the secure shredding of those devices.  864.990.4748 or use our CONTACT form for more information

Greenville / Upstate musicians wanted for fun & funky band!

Okay, this has nothing to do with Homeland Secure IT, but it has everything to do with fun!

Most of you who follow this blog also know I am a musician and you may or may not know that I am “between bands”.

I’ve decided that starting a new, fun and funky band is what I really want to do. Not doing the average country rock, southern rock, classic rock or any one other genre, but instead, to do a variety of music that people want to hear at events, festivals, fairs, corporate grand openings, dances, parties, wedding receptions and the like.

We’re talking tunes from across all genres, from rock to reggae, disco to country, jazz to blues. So basically, anything with a great groove is fair game! No downer, “cry in your beer” type songs here, and just a sprinkling of the well loved, and maybe over-done songs. Maybe some originals thrown in for good measure.

And while it will be a “cover band”, these covers will not be performed exactly as the original. If people wanted to hear the original music, they wouldn’t book a band, they would hire a DJ!

The project is called “Hot As A Pepper”!

If this sounds like something you want to get involved in if you are a guitarist, vocalist, keyboard player or drummer, then let’s talk. Or maybe you know someone who might fit into a group like this… Please pass on my contact information to them…

There are a few requirements though…

  • Must be reliable – this requires work, you will need to be there
  • There will be at least one rehearsal per week, more if everyone is up for it
  • This will be a gigging band – at least a gig per month, probably averaging 2 to 3 per month
  • This will be PRIMARILY local to the Upstate – no touring here
  • There WILL BE smoky bars/clubs with maybe intoxicated people around
  • There WILL BE late night gigs (hopefully more events/festivals after a year or so though)
  • You have to have a great personality – fun to be around.
  • This is not ONLY for money… If you are driven ONLY by money, uhmmm you won’t be happy!

Let me know if you want more information about Hot As A Pepper! Venue owners and those needing a great band for events should reach out immediately to see how we can help each other!

You can find us on facebook at http://facebook.com/HotAsAPepper and at our website of www.HotAsAPepper.com

Apple OS X security update released to address clear text password flaw

Yesterday, Apple released an important security update that fixes vulnerabilities in all current versions of OS X.

Over 35 security flaws are addressed in 19 different components that are part of OS X or OS X server including the Kernel, Bluetooth, Directory Service, QuickTime, Time Machine and others which could lead to elevation of privileges, DoS (Denial of Service) and code execution.

More information about these updates and vulnerabilities can be found in the security update bulletin

Apply these and all other updates to keep your Apple OS X computer as safe and secure as possible. If you require assistance with computer security or service  here in the Greenville or Upstate SC area, please call us at 864.990.4748 or use our CONTACT form.

Adobe releases patches to keep your Shockwave, Flash Professional, Photoshop and Illustrator secure

When prompted to install updates for your Adobe products, please do so…  A number of patches are available that will address multiple vulnerabilities.

This comes from our friend and partner, WatchGuard’s blog (follow the links through for Adobe’s official explanation):

Adobe Patch Day: Shockwave, Flash Professional, Photoshop, and Illustrator Updates

by Corey Nachreiner

Severity: High

Summary:

  • These vulnerabilities affect: Adobe Shockwave Player, Flash Professional, Photoshop, and Illustrator
  • How an attacker exploits them: Multiple vectors of attack, including enticing your users to open malicious files or visit specially crafted web sites
  • Impact: Various results; in the worst case, an attacker can gain complete control of your computer
  • What to do: Install the appropriate Adobe patches immediately, or let Adobe’s updater do it for you.

Exposure:

Today, Adobe released four security bulletins describing vulnerabilities in many of their popular software packages, including Shockwave Player, Flash Professional, Photoshop, and Illustrator. A remote attacker could exploit the worst of these flaws to gain complete control of your computer. The summary below details some of the vulnerabilities in these popular software packages.

  • APSB12-13: Five Shockwave Code Execution Vulnerabilities

Adobe Shockwave Player displays interactive, animated web content and movies called Shockwave. According to Adobe, the Shockwave Player is installed on some 450 million PCs.

Adobe’s bulletin warns of five security vulnerabilities that affect Shockwave Player 11.6.4.634 and earlier for Windows and Macintosh. Adobe’s bulletin doesn’t describe the flaws in technical detail, only characterizing them as memory corruption vulnerabilities. All five flaws share the same impact. If an attacker can entice one of your users into visiting a website containing some sort of malicious Shockwave content, he could exploit these vulnerabilities to execute code on that user’s computer, with that user’s privileges. If your Windows users have local administrator privileges, an attacker could exploit this flaw to gain full control of their PC.

Adobe Priority Rating: 2 (Patch within 30 days)

  • APSB12-12: Flash Professional Buffer Overflow Vulnerability

Adobe Flash is a platform for creating interactive or animated web content and video. Flash Professional is the Adobe authoring environment used to create Flash content.

Flash Professional 11.5.1.348 and earlier for Windows and Mac suffers from a buffer overflow vulnerability. Adobe does not share any relevant detail about this flaw, nor how an attacker might exploit it. However, we assume that if you open specially crafted Flash content in Flash Professional, an attacker can leverage this flaw to execute code on your computer, with your privileges. As usual, if you have administrative or root privileges, the attacker would gain complete control of your machine.

Adobe Priority Rating: (Patch at your discretion)

  • APSB12-11: Photoshop TIFF Handling Vulnerability

Photoshop is a popular image editing program. Photoshop CS5.5 (for Windows and Mac) suffers from two vulnerabilities; a vulnerability involving its inability to properly handle specially crafted TIFF images, and an unspecified buffer overflow vulnerability. By tricking you into downloading and opening a malicious image in Photoshop, an attacker can exploit the TIFF flaw to execute code on your machine, with your privileges. If you have local admin privileges, the attacker gains complete control of your computer. Adobe doesn’t describe how an attacker might leverage the second buffer overflow vulnerability.

Adobe Priority Rating(Patch at your discretion)

  • APSB12-10:  Five Illustrator Code Execution Vulnerabilities

Illustrator is Adobe’s vector drawing software. It suffers from five unspecified memory corruption vulnerabilities. Adobe doesn’t describe these flaws in any other detail, other than calling them code execution vulnerabilities. If forced to guess, we assume that if you handle specially crafted, Illustrator-compatible files (perhaps an image), an attacker could exploit this flaw to execute code on your computer with your privileges. Again, if you are an administrator, the attacker gains full control.

Adobe Priority Rating(Patch at your discretion)

While we’re on Adobe updates, if you haven’t installed the early Flash Player update that Adobe released last week, we recommend you do so immediately. That update is much more severe than the ones released today.

Solution Path:

Adobe has released updates for all their affected software. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you.

NOTE: Adobe has chosen to only release some of these fixes as paid updates (CS6). If you didn’t already plan to pay for these updates, you will have to decide if these security issues change your mind. On a positive note, attackers don’t often target the products in question (Photoshop, Illustrator, Flash Professional). Nonetheless, it’s difficult for us not to recommend the latest security updates, and we wish that Adobe had extended these security updates to previous versions as well.

For All WatchGuard Users:

Attackers can exploit these flaws using diverse exploitation methods. A properly configured UTM device may mitigate the risk of some of these issues. That said, it cannot protect you from local attacks, nor can it prevent attacks that leverage normal HTTP traffic. Therefore, installing Adobe’s updates is your most secure course of action.

Status:

Adobe has released patches correcting these issues.

References:

This alert was researched and written by Corey Nachreiner, CISSP.

Corey Nachreiner | May 8, 2012 at 4:35 pm | Tags: adobe, Flash Player, patch, Photoshop, shockwave, updates | Categories: Security Updates | URL: http://wp.me/pVP8E-xd

Should you require assistance with these Adobe security updates or any security or network updates for your business here in the Greenville / Upstate area, please do not hesitate to call upon us at 864.990.4748 or use our handy CONTACT form!

Is your smartphone spying on you? Privacy and security experts say that it could be…

I’ve posted links on Facebook & Twitter in the past, as well as a blog post here and there about privacy and security as it applies to smartphone and mobile computer users.

Did you know that for just a few dollars an app can be  purchased, and even installed remotely in some cases on a smart phone that will allow the phone itself to be used as a spy tool?

One of the “best” apps available (and most expensive to purchase) for Android and (jailbroken) Apple phones allows:

  • Remote installation (you don’t have to have access to the phone to install it)
  • Remotely wake up a phone that is “off”
  • Auto-reinstall upon reload of OS
  • Complete stealthing (almost impervious to detection)
  • Turn on the camera (front or rear facing)
  • Turn on the microphone (monitor anything said in a room)
  • Access GPS (see where the phone is)
  • Eavesdrop on phone conversations (both sides)
  • Eavesdrop on Skype and other video conferencing (both sides)
  • Enable keystroke logging (everything typed is viewable)
  • URL logging (where the phone owner has browsed to is viewable

In addition to those features it can do some other interesting things….

  • If a phone wanders outside of a defined area, alert the person watching
  • If the phone exceeds a set maximum mile-per-hour, alert the person watching
  • If the phone is called or texts a particular number/s, alert the person watching
  • If the phone is used to call or text a particular number/s, alert the person watching
  • Record conversations and upload (non-real-time access and archiving)
  • Record random camera shots (time-lapse of what phone sees)
  • Full remote access, to allow browsing files and installing additional apps

The same tools are available for computers and can be used on tablets, notebooks and even desktops.

What are some signs that your phone or computer may have monitoring software installed on it?

  • Slow internet access
  • Random reboots
  • Camera doesn’t respond when you want it to
  • GPS may indicate it is in use and tools like Waze may not be able to access it
  • WiFi may turn on and off randomly
  • GPS may turn on and off randomly
  • Echos on your phone conversations
  • Phone turns on automatically, even if turn it off or on timed shutdown
  • Emails and text messages may show as being read
  • After reinstallation of phone OS, issues begin again
  • Data usage seems higher than it should (maxing out your data plan)

What can you do about this? How can you remove smart phone spy software?

This can be a tough one! Many people have reported having their phone wiped and reloaded only gave them a short period of time before the software was reinstalled (remember, it can do it automatically and can be pushed to the phone remotely in some cases).

Can you buy a new phone and get away from it? In some cases, yes… But in others, if the person applying the software still has access to the phone physically, or knows the number, they could reinstall the software.

A good option might be to change platforms (If you are on IOS, go to Android, or vice-versa) so the person at least has to buy a new version of the software.

Changing your phone number can help. But only if the person doing the spying does not know your phone number. There are other ways for them to find you too, but I won’t get into that here.

Installing quality mobile anti-virus can help keep you from getting the software installed in the first place.

Worst case scenario?  Turn off the data plan on your phone.  How inconvenient!

How does it get installed remotely?

The person who wishes to monitor you can send you a text message, picture message, or an HTML link and once you visit that link, it can install the software and you will not even be alerted to that fact. Some anti-virus like Trend Micro’s mobile security product can detect that attempt and alert you.

How does it get installed locally?

Anyone who can access your phone for just a minute can visit the download link of the spy software and install it on your phone. After it is active, there are no traces for you to see (other than the potential for the symptoms listed above).

Use of a PIN or locking code that only you know can reduce the likelihood of that happening.

Isn’t this illegal?

Of course it is, but the majority of people would never suspect it, and if they do and actually FIND the spy software, tracing it back to the person who is doing the spying could prove extremely difficult, especially if they use proxies and other means for hiding their activities.

If you need help in your Upstate or Greenville, SC business regarding mobile computing or smart phone security, Homeland Secure IT may be able to help. Call us today at 864.990.4748 or use our CONTACT form…   You might want to do it from a land line, far away from the suspicious cell phone if you wish to avoid alerting them.

Microsoft May Patch Tuesday brings updates to Windows, Office and more

It seems like only last month we were talking about Microsoft updates…

The updates for May 2012 will include three critical bulletins aimed at plugging holes which allow remote code execution in Microsoft Windows, Office, .NET Framework and Silverlight.

There are four additional security bulletins rated as “important” and a total of 23 security issues to be addressed.

Read the full story here.

As always, please install these updates to insure your systems remain as secure as possible, and while you are at it, make sure your Adobe Flash, Reader, Acrobat and your Java are up to date too.

Should you need assistance with these or any other security issues that might affect your Greenville or Upstate business or corporate network, do not hesitate to call us at 864.990.4748 or use our handy CONTACT form.