Samsung silently disables Windows Update on PCs

June 26, 2015 – 7:34 PM

New data from Microsoft MVP and researcher Patrick Barker shows that Samsung has been disabling Windows Update on at least some of its laptops distributed with Windows 8 and 8.1, and the company’s responses thus far have been astonishingly tone-deaf. Not only does Samsung disable the Windows Update capability, it installs a utility that prevents the user from re-enabling the feature at all.

Barker has written an extensive blog post detailing his examination of the software. Samsung distributes its own update software with its PCs, dubbed “Samsung Update.” One of the components of the software package is an executable called “Disable_WindowsUpdate.exe.” The Samsung Update software creates and schedules a job that runs this program each and every time the system is rebooted. While it doesn’t completely disable Windows Update, it does change the setting to “Check for updates but let me choose whether to download or install them” This behavior persists even if the Samsung software is uninstalled; the application must be manually removed.

Barker then spoke to a Samsung representative, who implied that the executable is distributed to prevent Microsoft from distributing USB 3 drivers that might not be compatible with the laptop, saying: “For example if there is USB 3.0 on laptop, the ports may not work with the installation of updates. So to prevent this, SW Update tool will prevent the Windows updates.” Samsung corporate then followed this up by claiming “”It is not true that we are blocking a Windows 8.1 operating system update on our computers. As part of our commitment to consumer satisfaction, we are providing our users with the option to choose if and when they want to update the Windows software on their products.”

The problem with this statement is that Samsung isn’t accused of blocking the installation of Windows 8.1 or any specific update. Instead, it’s preventing Windows Update from operating either in its default state or after the end-user has manually changed the setting.

Source:
http://www.extremetech.com/extreme/208939-samsung-silently-disables-windows-update-on-pcs

 

Why We Encrypt

June 23, 2015 – 5:13 PM

Encryption protects our data. It protects our data when it’s sitting on our computers and in data centers, and it protects it when it’s being transmitted around the Internet. It protects our conversations, whether video, voice, or text. It protects our privacy. It protects our anonymity. And sometimes, it protects our lives.

This protection is important for everyone. It’s easy to see how encryption protects journalists, human rights defenders, and political activists in authoritarian countries. But encryption protects the rest of us as well. It protects our data from criminals. It protects it from competitors, neighbors, and family members. It protects it from malicious attackers, and it protects it from accidents.

Encryption works best if it’s ubiquitous and automatic. The two forms of encryption you use most often — https URLs on your browser, and the handset-to-tower link for your cell phone calls — work so well because you don’t even know they’re there.

Encryption should be enabled for everything by default, not a feature you turn on only if you’re doing something you consider worth protecting.

This is important. If we only use encryption when we’re working with important data, then encryption signals that data’s importance. If only dissidents use encryption in a country, that country’s authorities have an easy way of identifying them. But if everyone uses it all of the time, encryption ceases to be a signal. No one can distinguish simple chatting from deeply private conversation. The government can’t tell the dissidents from the rest of the population. Every time you use encryption, you’re protecting someone who needs to use it to stay alive.

Source:
https://www.schneier.com/blog/archives/2015/06/why_we_encrypt.html

Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X

June 17, 2015 – 9:14 PM

Six university researchers have revealed deadly zero-day flaws in Apple’s iOS and OS X, claiming it is possible to crack Apple’s password-storing keychain, break app sandboxes, and bypass its App Store security checks.

Attackers can exploit these bugs to steal passwords from installed apps, including the native email client, without being detected.

The team was able to upload malware to Apple’s app stores, and passed the vetting processes without triggering any alarms. That malware, when installed on a victim’s Mac, raided the keychain to steal passwords for services including iCloud and the Mail app, and all those stored within Google Chrome.

Lead researcher Luyi Xing told El Reg he and his team complied with Apple’s request to withhold publication of the research for six months, but had not heard back as of the time of writing.

They say the holes are still present in Apple’s software, meaning their work will likely be consumed by miscreants looking to weaponize the work.

Apple was not available for immediate comment.

Source:
http://www.theregister.co.uk/2015/06/17/apple_hosed_boffins_drop_0day_mac_ios_research_blitzkrieg

LastPass Hacked: what this means for you

June 16, 2015 – 4:28 AM

Online security company LastPass published an announcement yesterday on the official company blog that it detected and blocked suspicious activity on the company network.

According to the information posted on the blog, the company did not find evidence that LastPass user accounts were accessed or user vault data was downloaded. The company did not mention when it first noticed the breach but some users reported that they started to receive spam to email addresses used exclusively for the password manager account on June 8th.

LastPass’ investigation confirmed that account email addresses, password reminders, server per user salts and authentication hashes were compromised.

The company, confident in the service’s protective features, enabled additional security measures for the majority of accounts.

For instance, it requires all users to verify the account by email again if a new device or IP address is used to access the account. This is not the case for log ins on known devices or from known IP addresses, and also only the case if multi-factor authentication is not used.

In addition to that, users will receive prompts to update their master password.

Source:
http://www.ghacks.net/2015/06/16/lastpass-hacked-what-this-means-for-you/

Y-router configuration adds additional security to your home network

June 10, 2015 – 8:58 PM

I’m helping someone reconfigure their home network and realized that I never posted about the Y-router configuration.  Most folks have a home modem that is leased from their ISP and most of these newer modems have built-in router functionality and provide both LAN and WLAN connectivity, but this modem is public facing and can be potentially taken over by a bad actor via the WAN connection or from the wireless connection.  When/if this happens, none of your traffic can be trusted.  The key defense here is network isolation.  If somebody does take over your public-facing device or your wireless network, all of your other traffic is at risk of exposure as well.  Even the hard-wired devices that you think are secure.  A simple, not zero-cost unfortunately, change to your network can provide all of the isolation that you will need.  Most of us have an extra router or two laying around from past upgrades.  If not, they are pretty cheap overall and worth the extra cost once you understand the benefits that you will receive from it.  The basic idea is to have a total of 3 routers and configure them in a “Y” configuration as shown here:

Yrouters

The idea here is that each router is of course a different network (by design) and therefore provides complete isolation between the wired network and the wireless network and they simply cannot talk to each other.  If somebody does take over your wireless network, your wired network traffic remains private and secured.  If the public-facing router gets compromised, the attacker (or malware or whatever) cannot travel backwards to compromise your internal networks.  Total network isolation for the cost of a couple of additional home routers and about an hour of your time.

Note: Never forget to do the basics to secure your public-facing router such as change the default admin passwords to something secure (use LastPass or another password manager to make truly secure passwords), block inbound ICMP, turn off “remote management” from the WAN, disable any unnecessary services, etc.  There are many resources out there to help you.