Updates 2017-09-12

Hi, Folks!

It’s Patch Tuesday.

Be aware that Adobe Reader 11 will be end-of-life in only a month, so it’s time to either remove Adobe Reader completely, or replace it with Acrobat DC. Likewise, Windows 10 v1511 will be end-of-life in October as well — all prior versions are already end-of-life and should have been replaced. If you haven’t upgraded to v1703 (aka “Creators Update”) yet, do so now here.

The typical computer should see roughly 1.5gb in updates today. Let’s get started.

Microsoft released updates to Windows, Edge, Internet Explorer, Flash, .NET, and MSRT (~1.3gb). This includes security updates. A reboot is required.

ChromeOS 60.0.3112.112 is a security update. Use Menu, Help, About to install the most current version.

Adobe Flash Player 27.0.0.130 is a security update. Flash is being actively replaced with HTML5 on most sites and services, however, so unless you’re 110% positive you need it for critical functions, you should remove it instead. And, within those browsers that have it embedded (Chrome, Edge, Internet Explorer 11+) your best option is to disable it. It’s just not worth the risk.
Win: https://12pd.com/click?flash
Win: https://12pd.com/click?flashie
Mac: https://12pd.com/click?flashmac

AIR 27.0.0.124 is a security update. If you don’t have AIR already, don’t install it now.
Win: https://12pd.com/click?air
Mac: https://12pd.com/click?airmac

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Driver Updates

If you’re using this hardware – these updates are for you.

BullZip PDF Printer 11.4.0.2674 improves reliability and cosmetics on high-DPI displays and resolves several other bugs. This is not a security update.
http://www.bullzip.com/products/pdf/info.php#download

Display Driver Uninstaller 17.0.7.4 now requires Safe Mode to operate. This is not a security update.
http://www.wagnardsoft.com/display-driver-uninstaller-ddu

Intel Driver Update 2.9 improves reliability. This is not a security update.
https://www.intel.com/p/en_US/support/detect

Browser Updates

One or more of these are likely to be of interest to everyone.

Chrome 61.0.3163.81 is a security update. Use Menu, Help, About to install the most current version.

Firefox 55.0.3 resolves several bugs. This is not a security update.

Email Updates

One or more of these are likely to be of interest to everyone.

Thunderbird 52.3.0 is a security update. Use Menu, Help, About to get the most current version.

Internet Updates

One or more of these are likely to be of interest to everyone.

DiscordApp 8.15.2017 adds video support to many users and resolves several bugs. This is not a security update.
https://discordapp.com/download

Skype 7.40.0.103 resolves several bugs. This is not a security update.
http://12pd.com/click?skype

Line 7.10.0 now allows embedding YouTube videos directly within Line. This is not a security update.
http://line.me/update

WinSCP 5.11.1 follows shortly on the tails of 5.11 to resolve several bugs, including IPv6 tunneling. This is not a security update.
http://winscp.net/eng/index.php

FileZilla 3.27.1 is a security update.
http://filezilla-project.org/

FreeFileSync 9.3 improves performance and resolves several bugs. This is not a security update.
https://www.freefilesync.org/download.php

MaxMind GeoIP Data 201709 is a data refresh. This is not a security update.
http://dev.maxmind.com/geoip/geolite

IPNetInfo 1.77 removes the 256 IP address limit for address resolution. This is not a security update.
http://www.nirsoft.net/utils/ipnetinfo.html

Npcap 0.94 allows checksum offloading and Large Send Offloading on adapters that support them. This is not a security update.
https://github.com/nmap/npcap/releases

Evernote 6.7.4.5741 resolves several bugs. This is not a security update.
http://www.evernote.com/

Game Updates

These are unlikely to be of interest to most people.

EA Origin 10.5.2.49155 resolves several bugs, improves notifications, and revamps the My Home page. This is not a security update.
https://www.origin.com/en-us/download

Steam 2017.09.07 resolves a video playback bug and improves third-party integration. This is not a security update.
https://12pd.com/click?steam

Office Updates

One or more of these are likely to be of interest to most people.

Artweaver 6.0.5 increases maximum zoom to 3200%, improves stability, and resolves several bugs. This is not a security update.
http://www.artweaver.de/

Interactive Calendar 2.1 improves spell check, text editing, Unicode support and new color schemes. This is not a security update.
http://www.csoftlab.com/calendar

LibreOffice 5.4.1 resolves nearly 100 bugs. This should be treated as a security update.
http://www.libreoffice.org/

Notepad++ 7.5.1 adds 19 new programming languages, resolves several bugs and removes the Plugin Manager plugin (a replacement will be offered soon). This is not a security update.
https://12pd.com/click?npp

Adobe Reader 11.0.22 is a security update. This is not a security update. However, Adobe Reader and Acrobat 11 (XI) will be discontinued in only one month, so you’re better off switching to Acrobat DC instead of upgrading. Be sure to uncheck all the “optional features” aka crapware that the installer offers.
http://get.adobe.com/reader

Adobe Reader DC Patch 17.012.20098 is a security update. Use Help, Check for Updates to get install the most current version.

Adobe RoboHelp 2017.0.2 is a security update.
https://helpx.adobe.com/security/products/robohelp/apsb17-25.html

ColdFusion 2016.5 and 11.13 are security updates.
https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html

IcoFX 3.1 improves high-DPI support, resolves several bugs. This is not a security update.
http://icofx.ro/

Security Software Updates

One or more of these is likely to be of interest to most people.

Tails 3.1 is a security update.
https://tails.boum.org/install/index.en.html

Norton Power Eraser 20170823 adds new detections and removals. This is a security update.

Avast! Home Edition 17.6.2310 improves anti-phishing, cleanup, notifications, and threat information. This is a security update.
http://www.avast.com/free-antivirus-download

Wireshark 2.4.1 is a security update.
http://www.wireshark.org/

MSRT 5.51 is a security update.
http://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx

Wireless Network Watcher 2.13 adds option to reset dates for selected items. This is not a security update.
http://www.nirsoft.net/utils/wireless_network_watcher.html

RogueKiller 12.11.14 adds detections. This is a security update.
http://www.adlice.com/softwares/roguekiller/

Capture Updates

These are unlikely to be of interest to most people.

XSplit Broadcaster 3.0.1705.3124 resolves several bugs. This is not a security update.
http://www.xsplit.com/get/

Converter Updates

These are unlikely to be of interest to most people.

MakeMKV 1.10.7 adds support for new encodings, improves compatibility with macOS, and resolves several bugs. This is not a security update.
https://12pd.com/click?makemkv

CDex 1.91 improves compatibility and resolves several bugs. This is not a security update.
http://cdex.mu/?q=download

DVDFab 10.0.5.7 adds support for new encodings, and resolves several bugs. This is not a security update.
http://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

RoboForm 8.4.1 adds portable user options during sync, ability to import from several other password managers, duplicate detection, and resolves several bugs. This is not a security update.
https://12pd.com/click?rf

GoodSync 10.5.8 resolves several bugs including SSL reliability fixes. This should be treated as a security update.
https://12pd.com/click?goodsync

NTLite 1.4.0.5565 adds new compatibility features and resolves several bugs. This is not a security update.
https://www.ntlite.com/download/

1Password for Mac 6.8.1 improves cosmetics and resolves many bugs. This is a security update.
https://1password.com/downloads/

1Password for Windows 6.7.457 improves focus and alerts. This is not a security update.
https://1password.com/downloads/

CintaNotes 3.9.1 improves high-DPI support, removes unnecessary warnings, and resolves several bugs.
http://cintanotes.com/download

Cygwin 2.9.0 adds several new APIs, improves implementation of elf.h and adds %s support for strptime. This is not a security update.
http://cygwin.com/

DesktopOK 4.76 resolves several bugs. This is not a security update.
http://www.softwareok.com/?seite=Freeware/DesktopOK

DMDE 3.4.0.720 resolves a critical bug in RAID-6 support, adds support for Apple partitions and HFS+/HFSX, and improves FS detection. This is not a security update.
https://dmde.com/

FileLocator Pro 8.2.2739 resolves the thumbnail and icon bug and corrects the German Boolean expression bug. This is not a security update.
http://www.mythicsoft.com/filelocatorpro/download

BatteryInfoView 1.23 changes labels to be more accurate. This is not a security update.
http://www.nirsoft.net/utils/battery_information_view.html

BulkFileChanger 1.50 adds several new command line options and updates attribute display. This is not a security update.
http://www.nirsoft.net/utils/bulk_file_changer.html

CurrPorts 2.32 allows changing the font for the main window. This is not a security update.
http://www.nirsoft.net/utils/cports.html

Password Security Scanner 1.42 adds quick filter support. This is not a security update.
http://www.nirsoft.net/utils/password_security_scanner.html

WakeMeOnLan 1.81 improves targeting support. This is not a security update.
http://www.nirsoft.net/utils/wake_on_lan.html

OSForensics 5.1.1003 improves performance, reliability, logical limits, and adds several new features. This should be treated as a security update.
http://www.osforensics.com/download.html

CCleaner 5.34.6207 improves GUI and no longer removes favicons in Firefox.
https://12pd.com/click?ccleaner

SystemRescueCD 5.1.0 is a security update.
http://www.sysresccd.org/

TeamViewer 12.0.83369 doesn’t provide a current changelog, so should be treated as a security update.
https://www.teamviewer.com/en/download/windows/

WinScan2PDF 3.63 improves compatibility with HP and Brother scanners. This is not a security update.
http://www.softwareok.com/?seite=Microsoft/WinScan2PDF

WizTree 3.10 adds a 64-bit version, treemaps, high-contrast support, new keyboard shortcuts, and improved performance. This is not a security update.

Classic Shell 4.3.1 adds support for the Win10 Creators Update and resolves several bugs. This is not a security update.
http://classicshell.net/

GSmartControl 1.1.0 adds a 64-bit version, new statistics and data, “brief” format, interactive drive database update, and other fixes and improvements. This is not a security update.
https://gsmartcontrol.sourceforge.io/home/index.php/About

Kingston SSD Manager 20170829T102642 does not provide a changelog, so should be treated as a security update.
http://www.kingston.com/us/support/technical/ssdmanager

Easy2Boot 1.95 resolves several bugs. This is not a security update.
http://www.easy2boot.com/download/

Rufus 2.17 adds support for several new formats, improve security checks, and resolves several bugs. This should be treated as a security update.
http://rufus.akeo.ie/

Sysmon 6.1 adds monitoring of WMI filters and consumers and fixes a bug in image load filtering. This should be treated as a security update.
https://live.sysinternals.com/

Process Monitor 3.4 now includes a /runtime switch for terminating monitoring after a specified amount of time and fixes a bug in automated boot log conversion. This is not a security update.
https://live.sysinternals.com/

Autoruns 13.8 adds additional autostart entry points, has asynchronous file saving, fixes a bug parsing 32-bit paths on 64-bit Windows, shows the display name for drivers and services, and fixes a bug in offline Virus Total scanning. This is a security update.
https://live.sysinternals.com/

AccessChk 6.11 adds a cache to improve queries that enumerate multiple objects, and has the -s switch start container enumeration at the specified container when -d is specified.
https://live.sysinternals.com/

Developer Updates

These are unlikely to be of interest to most people.

TortoiseSVN 1.9.7 resolves a bug with drag-and-drop. This is not a security update.
http://tortoisesvn.net/downloads.html

SQLite 3.20.1 should be treated as a security update.
https://www.sqlite.org/download.html

SQLite Database Browser 3.10.0 adds support for DBHub.io, improvements to virtual tables, CSV import, filters, table editing, and dozens of resolved bugs. This is a security update.
http://sqlitebrowser.org/

StrawberryPerl 5.26.0.2 resolves a bug. This is not a security update.
http://strawberryperl.com/

Web Package Updates

These are likely to be of interest only to web developers.

ownCloud Client 2.3.3 resolves several bugs and improves performance. This should be treated as a security update.
https://owncloud.org/install/

Plupload 2.3.3 resolves several bugs and updates libraries. This should be treated as a security update.
http://www.plupload.com/

TinyMCE 4.6.6 resolves dozens of bugs. This is not a security update.
http://www.tinymce.com/download/

Drupal 8.3.7 is a security update.
http://drupal.org/download

Joomla 3.7.5 resolves a bug that applied to new installations. This is not a security update.
http://www.joomla.org/

MailEnable Enterprise 9.76 resolves several bugs. This is not a security update.
http://www.mailenable.com/

phpMyAdmin 4.7.4 resolves several bugs. This is not a security update.
http://www.phpmyadmin.net/home_page/news.php

bbPress 2.5.14 improves PHP 7.1+ support, pagination and resolves a row-limit bug. This is not a security update.

BuddyPress 2.9.1 is a security update.

Contact Form 7 4.9 resolves several bugs. This is not a security update.

Multisite Enhancements 1.4.1 improves support for PHP 5.3.

NextScripts Social Networks Auto-Poster 3.8.7 improves reliability with Tumblr and resolves several bugs. This is not a security update.

Postie 1.9.4 resolves a minor bug. This is not a security update.

Really Simple CAPTCHA 2.0.1 improves reliability. This is not a security update.

Redirection 2.7.3 resolves several bugs. This is not a security update.

Sucuri Security 1.8.11 adds support for regular expressions, ability to ignore directories, post-types, and several other fixes. This is not a security update.

Super Post Cleaner 1.1 only changes develop information. This is not a security update.

Widgets on Pages 1.3.0 resolves several bugs. This is not a security update.

WooCommerce 3.1.2 improves importer, and resolves several bugs. This is not a security update.

WPtouch 4.3.19 is a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Updates 2017-05-16

Hi, Folks!

It’s not Patch Tuesday, but Apple, Microsoft, Adobe, Google, and more have released updates today.

If you haven’t heard of “WannaCry” then you’re living under a rock. WannaCry is the closest current equivalent to the Code Red worm in the last 15 years. This ransomware uses a known vulnerability for which a patch had been released (three months ago!), to infect computers, encrypt their contents and the contents of network locations, and sell access back to the victim – while also infecting other vulnerable network devices. If you’ve installed your updates within the last three months you’re not vulnerable to the specific network-level vulnerability in SMB that it uses to propagate, but that doesn’t mean you can safely open phishing messages, email attachments or random downloads. The UK NHS was hit hard by this malware primarily because they take almost 6 months to patch their PC hardware that they do support. Some single-purpose devices (MRI machines, for example) are simply never maintained, but are still granted network access. Sigh. Don’t do that.

The vulnerability exploited by WannaCry was first divulged by Shadow Brokers when they released a trove of hacking tools created and used by the NSA. In fact, one of the tools WannaCry utilizes is the same ETERNALBLUE exploit directly from the NSA toolset. This is not a coincidence. These tools were written specifically to be universally effective and able to be repurposed at will for additional access. It should come as no surprise that when a government agency is hacked, the tools they created are released and the public suffers as a result.

If a positive side to this event can exist, it’s that Microsoft actually released a security update for Windows XP to address the vulnerability. Since XP has been End-of-Life for years, this is really surprising.

The lesson everyone should take from this event, but particularly businesses and government agencies, is that the turnaround time for malware authors is much lower than they think. Delaying or even ignoring security updates because “it won’t happen to us” is foolhardy at best and welcomes disaster. You should have sufficient skilled IT staff to be able to fully test and roll out any security updates within days, not months. If that’s not possible, you should at least hire a good PR firm and have the releases prepared in advance so you can spin your incompetence in the news when you are inevitably hacked later.

Okay, back to our regularly scheduled program.

The typical computer should see approximately 300mb of updates. Let’s get started.

Microsoft released updates for Windows and .NET, including Windows XP!

Apple released macOS 10.12.5, Security Update 2017-002, iTunes 12.6.1, Safari 10.1.1, and iCloud for Windows 6.2.1. Use the Apple App Store or Apple Software Update to install the most current versions.

Apple iOS 10.3.2, watchOS 3.2.2 (and 3.2.1), and tvOS 10.2.1 are security updates. Use Settings, General, Updates to install the most current version.

Google Chrome OS 58.0.3029.112 is a security update. Use Menu, Help, About to install the most current version. A reboot is required.

Don’t forget to check your mobile devices, too! Many updates will also apply to your tablet, phone, kindle or television – so check your device-appropriate App Store and install updates.

Important Notes

Everything above this section should be checked by everyone on every computer. Chances are good that close to every single computer you touch will be affected by those updates. This is not the case with the items below, though you should still check each line item below to see if it applies to software you have installed.

Please remember that while I list many different applications within these updates, most people should ONLY install updates for a program if they already have a previous version of that program installed.

It is essential to maintain all the applications you have installed on your computer, but often you can minimize the time investment and the potential for exploitation simply by uninstalling software you do not need.

Also note that using the applications own “check for updates” function, when available, will best preserve your current settings, and often avoid any crapware that might come with a fresh installer. Use this option if it’s available to you.

Finally, if you’re sick of doing this all yourself, let me! Call or email me any time, and we can set you up with subscription SaferPC updates which will be installed each month whenever necessary. Click, call or email for more details:
https://saferpc.info/updates/
209-565-12PD
shawn@12pointdesign.com

Internet Updates

One or more of these are likely to be of interest to everyone.

Skype 7.36.0.101 improves quality and resolves several bugs. This version also imposes a requirement for a newer MSVCRT, which may trigger problems on any OS prior to the Windows 10 Creators Update (1703). If you receive an MSVCRT error upon running Skype after updating, download the current version of the MSVCRT.
https://12pd.com/click?skype

BrowsingHistoryView 2.05 adds ability to load history from remote device when full admin rights exist to remote device.
http://www.nirsoft.net/utils/browsing_history_view.html

Media Updates

These are unlikely to be of interest to most people.

iTunes 12.6.1 is a security update. Use Apple Software Update to install the most current version.

Office Updates

One or more of these are likely to be of interest to most people.

Notepad++ 7.4 adds document peeking, bug fixes, and reliability improvements.
https://12pd.com/click?npp

Security Software Updates

One or more of these is likely to be of interest to most people.

Wireless Network Watcher 2.12 improves reliability on devices with multiple wireless network adapters. This is not a security update.
http://www.nirsoft.net/utils/wireless_network_watcher.html

RogueKiller 12.10.9 adds detections. This is not a security update.
http://www.adlice.com/softwares/roguekiller/

Converter Updates

These are unlikely to be of interest to most people.

DVDFab 10.0.3.9 adds support for newer protections, incorporates BDInfo. This is not a security update.
http://www.dvdfab.cn/download.htm

Utility Updates

These are unlikely to be of interest to most people.

GSmartControl 0.9.0 resolves several bugs, improves reliability and stability, adds newer hardware support, and improves drive type detection. This is not a security update.
http://gsmartcontrol.sourceforge.net/home/index.php/

Everything 1.4.1.873b resolves several bugs, and adds pause/resume capability. This is not a security update.
http://www.voidtools.com/

CCleaner 5.30.6063 improves cleaning, SSD detection, and resolves several bugs. This is not a security update.
https://12pd.com/click?ccleaner

Rufus 2.15 improves compatibility with Windows 10 v1703, updates libraries, resolves several bugs. This should be treated as a security update.
http://rufus.akeo.ie/

WinScan2PDF 3.46 improves hardware support. This is not a security update.
http://www.softwareok.com/?seite=Microsoft/WinScan2PDF

ProcDump 9.0 adds multiple dump sizes, and Kernel Dump process association. This is not a security update.
http://sysinternals.com/

Autoruns 13.71 adds Microsoft HTML Application Host (mshta.exe) as hosting image so it displays the hosted image details, and now doesn’t apply filters to hosting images. This is not a security update.
http://sysinternals.com/

BgInfo 4.22 honors applocker policy for VB scripts specified as the source of field data. This is not a security update.
http://sysinternals.com/

LiveKd 5.62 is now signed with a certificate trusted by Win7. This is not a security update.
http://sysinternals.com/

Process Monitor 3.33 resolves several bugs, and is now signed with certificate trusted by Win7. This is not a security update.
http://sysinternals.com/

Process Explorer 16.21 resolves a bug with VT support, and is now signed with a certificate trusted by Win7. This should be treated as a security update.
http://sysinternals.com/

Web Package Updates

These are likely to be of interest only to web developers.

SMF 2.0.14 is a security update. This version also changes PHP requirements, so if the upgrade will not complete try upgrading PHP first then upgrade SMF.
http://download.simplemachines.org/

TinyMCE 4.6.1 resolves several bugs. This is not a security update.
http://www.tinymce.com/download/

WordPress 4.7.5 is a security update.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Another Reason Why You Need a Password Manager

This Wordfence article is a great demonstration of why using a password manager is so important.

The message the author is pushing is “these browsers suffer because it’s easy to phish them” when the reality is that the specific “vulnerability” is actually the way the Internet is designed. The weakest link for all phishing is always PEBCAK – aka, “Problem Exists Between Chair and Keyboard”. Phishing is not your typical security problem, because it’s not the computer the attacker needs to convince, it’s the person.

Don’t get me wrong, I’m not saying that there should not be some visual and functional indication for IDN domains, but the user is still going to be the weakest link. Any indicator would go unnoticed or misunderstood by most people anyway.

A better solution is to use a password manager such as RoboForm. RoboForm bypasses this issue by preventing you from authentication to the forged domains. RoboForm (and most other password managers) authenticate only to trusted domains, so even though the IDN domain may visually appear to be the same, it will not be treated as the real domain within the password manager.

See how RoboForm addresses this problem. In the first image you can see the emboldened stored credentials which will only appear if the domain is a match for the stored login.

Demonstration of RoboForm Domain Match

RoboForm Domain Match

Here we have the punycode IDN variation, which, since it is actually a different domain, has no match in RoboForm.

Demonstration of RoboForm Domain Mismatch

RoboForm Domain Mismatch

While the specific issue at hand is phishing for ways to trick the user into authenticating to a domain that appears to be the real thing using a specific cosmetic effect, there are many other ways that domains can be made to look like the real thing, and each of them still works well after this particular issue is addressed.

Using a password manager is the best and easiest way to ensure that you’re visiting the real site. It also provides strong authentication and far better passwords than you can create on your own.

Okay, now go get RoboForm.

That’s all for now folks. Keep it clean out there. 😉

Regards,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Catphishing on the Rise

In the last week I’ve had three separate Facebook friends re-friend me using new accounts. A few months ago I even had a cousin re-friend me “after Facebook sent him a million dollars and he could finally afford to create a new account!” His words, not mine. He was, of course, not actually my cousin but an impostor trying to get me to click through a third party link to infect my computer. It was kinda cute. 🙂

Clients have reported that online friends they’ve known for years are now re-friending them and asking for money to bail them out of strange situations — everything from jail to “beta testing” to solar investment loans. In all cases, contacting the person directly with their (previously known) offline contact methods (phone, text, IRL) results in first surprise, then horror, as the person realizes what has been done in their name.

And that’s the real issue here. It’s not like you’re witnessing your friends falling for a scam from an anonymous Nigerian Prince. No, they’re friending you and you (in their mind) are responsible for anything that happens to them. From that moment forward, even long after they learn it was not really you, they’ll always associate you with this event. Some won’t talk to you anymore out of embarrassment. Some will blame you as though there were some way you could have prevented their folly. In any case, you’re both harmed by a total stranger using your name.

This phenomena is called catphishing: The process of creating a fake online persona based on someone else and using it to take advantage of the target’s friends. Impersonation through, quite literally, duplicity.

Here’s the problem

She was astonished to see how her grandmother looked.

She was astonished to see how her grandmother looked.

Online service providers, such as Facebook, Google, Yahoo, Microsoft and so on, don’t exactly perform DNA testing to ensure that the guy claiming to be your neighbor really is your neighbor. If they did, nobody would use their services. Since they don’t, it’s up to you to be able to identify whether it really is your neighbor.

They don’t make it easy.

These intelligent scammers will use just about any means possible to replicate the identity of the person they’re posing as. They’ll re-use the same or similar image as their personal photo. They might crop it differently than the original that they’ve harvested from the real person’s page, but it’ll be “real”. They’ll also migrate some content, mostly copied directly from the original account, onto the new catphishing page. They’ll also copy personal details, such as dates, employment or social history, possibly even replicating the victim’s relationships with additional accounts. All it really takes, when the information is already available only a click away, is the time to copy and paste.

These types of phishing accounts are usually short-lived. Within only a few days they’ll be identified by the targets friends as a phish, though in that time dozens or even hundreds of people may be victimized. This means the attacker will have to act fast. Once they’ve created the account they’ll quickly send out many friend requests to the targets existing friends. They’ll then add or contact many, and the few that answer quickly will then be social engineered.

First a little small talk, then mentioning some great event – like being mailed a million dollars by Mark Zuckerberg, or how they just saved a bunch of money by doing something different like taking advantage of a government program or loan gimmick. They won’t waste much time getting to the pitch, though they might not be able to respond to everyone all at once so it might be a day or two before they push. When you feign interest they’ll have a link at the ready to help you “research” their pitch. It might even be a personal page on a popular site or a typo-squatted version of a popular domain. They’ll seed the idea then send you a link to infect yourself or enable you to self-hijack by posting your account information at an untrustworthy site.

While you’re giving up your information, your real friend is completely oblivious to what is happening.

So how do you protect yourself?

First and foremost, don’t just friend everyone that asks. A very effective means of security (in most things) is to let other people be the guinea pig. This means you don’t respond to friend requests or new contacts immediately. Just wait. At least a couple days, but a week or more is ideal. By this time, there’s a good chance other people would have suffered at their hands if it’s a phish, and thus the account may have either been locked or shut down by the time you are prepared to accept the friend request. Patience really is it’s own reward.

Of course, if you suspect an account isn’t legitimate, report it. Most popular websites have tools to report various contacts and requests, and these are the tools you should be using. This allows the website owner (such as Facebook) to aggregate information about these attacks to block specific types of attacks or shut down entire networks of attackers all at once, and possibly prevent some of them in the future. It’s up to you to report it properly and fully, however. Simply blocking a user will not have any effect other than eliminating their unwelcome messages to you. If you want to stop it you have to be specific in how you report it.

On Facebook you can go to the fake user account page, click the account action button (…), select Report, Report this profile, then select “They’re pretending to be me or someone I know.” Then follow the prompts.

fb-report fb-report-profilefp-report-catphish

Don’t forget to tell the person they’re claiming to be, preferably through a previously known offline contact method.

What if they’re posing as me?!

Same thing. Report them quickly and warn your friends that may have succumbed to your fake friendship.

But wait, there’s more! In most states there are laws against phishing. Here in California the law is really written only to protect businesses, but you, as a victim, can sue an impostor for a half million dollars if they pose as your business.

It doesn’t hurt to regularly search social media for your own name, too. Not your account, mind you, just your name. This will return other accounts that are using your name so you can investigate them. Even a few minutes of effort once a month can save you and your friends from a lot of hurt down the road.

Another trick is to add a Google Alert to your name for social media. This bypasses your own social account (if configured correctly) and emails you whenever your name appears on a site. First go to Google Advanced Search and fill out the form to use a search phrase such as this:

“john t example” site:facebook.com -“johntexample”

This searches for his exact name, on Facebook, but excludes his Facebook slug/username. Now go to the Google Alerts page and search for the formula you composed above. “Show options” then set the alert to contact you once per day. It’s not a perfect solution, but it might catch a phish.

Good luck, and keep it clean out there,

Shawn K. Hall
https://SaferPC.info/
https://12PointDesign.com/

Enable SSL Certificate Revocation Checks

Today brings another disclosure of a popular entity SSL certificate being improperly issued. These certificates allow the attacker to spoof content, and perform phishing and man-in-the-middle attacks against users who might otherwise not have any reason to distrust their connections. The potential for exploitation increases significantly for untrusted networks, such as open Wi-Fi nodes, minimal security networks like coffee shops and airports and so on. I suggest you use OpenDNS to minimize the risk of DNS poisoning — it has many other benefits as well.

This is only the most recent example of a popular certificate being issued to the wrong party. Sadly, this type of thing happens on a regular basis.

Even so, many browsers and fail to perform proper certificate validation to ensure that this type of hijacking is a minimal risk. The default behavior for most recent operating systems and browsers is to perform some certificate revocation checks, but leave some options inadequately validating the trust level for revocation. You can verify that your browser is properly configured within it’s settings as below.

For Internet Explorer:

Go to Tools, Internet Options.

IE - Tools, Internet Options

Click the Advanced tab, then under the Security group check both “Check for publisher’s certificate revocation” and “Check for server certificate revocation“.

Check both "Check for publisher's certificate revocation" and "Check for server certificate revocation"

Check both “Check for publisher’s certificate revocation” and “Check for server certificate revocation”

Click OK to save the options.

For Chrome:

Go to Menu, Settings:

Chrome: Menu, Settings

Scroll to the bottom and click show advanced settings.

Chrome: Show advanced settings

Finally, check the box for Check for server certificate revocation. Your preference will be saved immediately.

Chrome: Check for server certificate revocation

For Firefox:

Go to Menu, Options.

Firefox: Menu, Options

Click the Advanced tab, the Certificates sub-tab, and the Validation button.

Firefox: Advanced, Certificates, Validation

In the popup check both options, “Use the Online Certificate Status Protocol (OCSP) to confirm the validity of certificates” and “When an OCSP server connection fails, treat the certificate as invalid“. Click OK and OK in the Options window to save the changes.

Firefox: Certificate Validation
And while all of this is important, don’t forget to setup OpenDNS!