TecTip #147: Use Chrome Commands

Use the chrome:// commands to access a few dozen Chrome commands available that allow you to do everything from viewing DNS information, GPU information, and much more. These commands can be accessed by typing chrome://chrome-urls in the Omnibox.

To learn more TecTips, check out http://tcgns.com/tec-tips #TCG #Chrome#TecTips

TecTip #146: Chrome Incognito Mode

Press "Control+Shift+N" key to open Chrome in Incognito mode. Websites you view in Incognito mode will not appear in your browser history or search history, and they will not leave other traces, like cookies, on your computer after you close all open incognito windows.

To learn more TecTips, visit our page: http://tcgns.com/tec-tips #tcg #tectips#chrome

TecTip #145: iOS 8 Health App

In the new iOS 8 Health App, fill in all of your health info and emergency contacts. If you allow it in the app, anyone can get to it, even if your iPhone is locked with a fingerprint. On the log-in screen with the number pad, anyone can click the "Emergency" link, either to make a 9-1-1 call, or to tap "*Medical ID" to get your info.

To learn about more TecTips, check out http://tcgns.com/tec-tips #TecTip#TCG #iOS8

USB Danger

USB's do not seem like a likely danger, but research has found that a USB could give another person full control over your computer! According to an article from WCVB news writer, Jose Pagliery, German researchers found that anything that can connect via USB can potentially be reprogrammed to pose as another device. This is known as BadUSB.

An example of this type of attack is if a USB was programmed to trick your computer into believing it was a keyboard. Once connected, it would allow someone to access your computer, type some commands, and then have total control over your computer. It could even be reprogrammed to reroute your internet traffic so that your internet activity can be spied on, or worse, your private data stolen. This is a huge potential danger, and according to Pagliery, any good computer engineer could do this. 

Other dangers arise if you download the wrong App on your phone, and then connect to your computer. The app can download malware onto your phone and then infect your computer when connected. All of these potential dangers makes borrowing a strangers USB or even letting someone charge their phone on your computer potentially very dangerous. 

Unfortunately, today's antivirus and protection software does not detect these sort of attacks on your computers, mainly because it "isn't technically a computer virus in action, just a device masquerading as another one," states Pagliery. 

So far IPhones and other smartphones have not been tested, but Androids are very susceptible to these types of attacks. To further enforce the danger of USB connection hacks, Pagliery tells us, "The Pentagon disabled its computers USB ports and banned the use of Flash drives in 2008 to prevent infection of government computers there." This precaution took place back in 2008, and now in 2014, researchers are finding even more problems associated with USB drives, so it is surely a cause to make sure you are not letting anyone else use your USB devices. 

Another article by Graham Cluley explains how someone could use this access to your computer, and "open[ed] a browser window which surfed to a webpage containing a zero-day exploit," and compromise your computer in a matter of minutes. 

Cluley offers some advice at the end of his article though, to help reassure people that there are some ways to protect yourself and business from these types of attacks. It must first be noted that these attacks are “sophisticated attacks which require considerable research and effort to pull off successfully . . . attacks are vendor-specific as every vendor creates their controllers differently” (Cluley). Also, if you have been keeping up with the latest software and making sure your computer is as highly protected as it can be, you may not be able to stop the USB from downloading the malware, but you may be able to detect and stop it before it fully compromises your computer. Most importantly, always be extremely cautious as to who you allow to use your USB. Cluley concludes with, “The golden rule is never plug anything into your computer that you do not 100% trust.”

 

In order to make sure your computer is fully updated and protected from these types of attacks, visit TCG's website www.tcgns.com and visit our Business Continuity page to learn how we can help protect and prepare your business from USB attacks.
To read the full article by Jose Pagliery, visit this website. To read the full article by Graham Cluley, visit this website.

 

Cluley, Graham. “Danger USB! Could a Flash Drive’s Firmware be Hiding Undetectable Malware?” Tripwire.com. 1 August, 2014. Online.

Pagliery, Jose. “USB Flash Drives have a Fatal, Universal Flaw.” WCVB.com. 2 August, 2014. Online. 

Hackers Use Google, Too?

Google is everyone's favorite search engine and it seems hackers love it, too! An article from Network World informed us that Google's many free services have recently been discovered to have been used by hackers to disguise data that was stolen from corporations and government computers. This form of attack has been deemed the Poisoned Hurricane. It uses a remote access tool known as Kaba, to infect systems and steal data. 

The unfortunate victims of this attack are US and Asian based companies and governments. The hackers used spear phishing attacks to compromise various systems, then installed malware to steal information and send it to remote servers. This type of attack is very unique according to Network World's Gonsavles because it "disguised traffic between the malware and command-and-control servers using Google developers and the public Domain Name System (DNS) service of Fremont, Calif. based, Hurricane Electric."

This is used as a sort of transfer station where traffic could be redirected and seemed to be headed toward legitimate domains such as adobe.com, update.adobe.com and outlook.com.  

These tactics are "clever enough to trick a network administrator into believing the traffic was heading to a legitimate site" claims Gonsalves. Hackers used forged HTTP's that identified with 21 legitimate domain names, and then would sign the Kaba malware up with a certificate from an expired organization. 

The hackers used both a Google Developer Platform along with Hurricane Electrics Platform to transfer the stolen data. Through the Google Developers platform, developers can use the site to share code. This is where the attackers used the service to host code that would decode the malware traffic and determine the IP address for the real destination, and then redirect the traffic to that location. 

With Hurricane Electric, the hackers took advantage of the fact that anyone can register for an account hosted DNS service, and this service allowed the hackers to "create A records for the zone and point them to any IP address" (Gonsalves). Google and Hurricane Electric have since removed the mechanisms that the hackers used. 

Hackers are becoming very creative in their means of attacks and have proven to use common resources to do so. Be very aware of these new tactics in order to know how to protect yourself from these data breaches.  

To learn how TCG can help protect your business from data breaches and other attacks, visit our Business Continuity Page! 

To read the full article, visit the page!

Gonsalves, Antone. “How hackers used Google in stealing corporate data.” Network World.  8 August, 2014. Online. 

TecTip #144: Find Battery Draining Apps

To find which Apps use the most Battery in iOS 8, go to "Settings > General > Usage > Battery Usage". Here you'll be able to see if a certain app has been used more than others. 
To learn about more TecTips, go to http://tcgns.com/tec-tips #TecTips #TCG#iOS8