Trails End Computer Club

Bulletin for the month of JULY 2015


MEETINGS WILL

 CONTINUE

IN THE FALL


SPECIAL INTEREST GROUPS:

If you would like to meet in a small group to discuss special computer related subjects or form a Special Interest Group lets discuss it.

Our bulletin is also available on line by visiting tecc.apcug.org and clicking on bulletin.


tecc.apcug.org

See Bulletin Selector, Lessons Selector, 
Top Downloads, Top Web Sites & APCUG Benefits.

It's loaded with ideas, how  to's, learning and
Education sites.

Upcoming Events

Wednesday DECEMBER 2, 2015 Meeting
  Thanks for making the 2014/2015 season a success. The Computer Club will continue with meetings in December. In the meantime there will be a monthly e-mail and bulletin. Near the end of each month the email announcement will be sent out with a link to the bulletin that is published on the Computer Club web site www.tecc.apcug.org.


The Best Virus Protection…ever

By Phil Sorrentino, Member of The Computer Club, Florida

http://scccomputerclub.org

Philsorr.wordpress.com

philsorr (at) yahoo.com


Virus Protection isn’t really a very popular topic, until you’ve concluded that your computer has just been infected by one of those nasty viruses. You know the symptoms: strange pop ups, abnormal operations, and/or very slow responses. It seems like computer viruses have been around for a very long time. As it turns out, computer viruses have been around longer than personal computers. Here is just a little computer virus history. The first experimental self-replicating program, called “Creeper”, was written in 1971, and was intended to infect Digital Equipment Corp. (DEC) PDP-10 computers running the TENET Operating System. How’s that for a bit of history trivia? Fast forward to the personal computer era, when in 1981 a virus called “Elk Cloner” was written for the then very popular Apple II personal computer. Followed, in 1983, by a very early Trojan Horse designed for the IBM PC. This virus deleted all of the files on the computer’s diskette (remember 5 1/4’” floppy diskettes?), cleared the screen and typed ARF – ARF. (ARF was a reference to the common “Abort, Retry, Fail” message you would get when a PC could not boot properly.) Also, in 1983, the term “virus” was coined, to describe self-replicating computer programs. And in 1984 the operation of these viruses, that of including a copy of itself, was termed “infection”. And so computer viruses have been with us, infecting our computers ever since.

The term “Malware, which is short for malicious software, is currently used as an umbrella to describe any software that is used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. (Malware usually does not include software that causes unintentional harm due to some design deficiency; that’s just bad design.) Malware does not usually include all those programs that come along for the ride when you are downloading something of interest. These are typically termed Potentially Unwanted Programs, or PUPs. And, just for completeness, the term “spyware” refers to malware that aids in gathering information about a person or organization without their knowledge and that may send such information to another entity without the owner’s consent.

So, even though we all use virus and spyware protection, most of us, maybe all of us, have been the victim of some type of infection. So, what’s a person to do when all of a sudden the computer seems to be operating strangely or unusually slow? Well, as most of you know there are a few very useful tools that you can try. Tools like MalwareBytes, SuperAntiSpyware, and Panda. Sometimes they may do the job, by eliminating or quarantining the virus, and sometimes they just may not help at all. What happens when they don’t help? I know there are some very capable computer experts out there who have toolboxes full of very capable software tools that could probably fix any type of virus infection, but those experts may not always be available when you need them. And, virus removal by an expert may be a very costly undertaking.

So, we need to have a fall back plan for this eventuality if, or rather when, our computer becomes infected and there seems to be either no easy out, or the cost is too dear. This kind of plan would truly be the best virus protection. One plan of approach is to have a recent Image of the computer System, so that it can be restored to the computer. Yes, I know this will take time, and you will have to reload anything that isn’t included in the recent Image, but this will always work, no matter what type of virus is present (as long as the virus hasn’t been included in the previously saved Image). Note too, this is also a good solution for a crashed disk drive, a hardware problem. This is a good solution only if you have backed up all of your valuable data, but I’m sure you regularly do this.

There are a few ways to get a System Image. The first possibility is that you may have an original Image of your system. It may be a D: partition that may be called a Rescue or Restore partition or something similar, or it may only be labeled with the manufacturer’s name. Restoring this Image will bring your computer operation back to the way it was when you bought it. Unless you’ve had an unusual early disk drive failure or just bad luck to have become infected with a nasty virus, this Image is probably not very “recent”. If the computer has been around for a while, the update process that needs to follow the restored image will probably take a good amount of time. I’ve restored some computers that needed 12 to 14 hours of updates to get back to current operation. So, though this operation will always work, it may be very time consuming, and take a lot of patience.

The second way of getting a System Image is to use a commercial System Imaging application to create a system image whenever your software system changes (or at least every 6 months). Most of these have a one-time cost, usually between $40 and $50, but it will probably be less than an hour or two of an expert’s time needed to try to remove a virus. Some of these applications are Acronis True Image, Paragon Hard Disk Manager, O&O Disk Image, Active@ Disk Image, and Macrium Reflect. If you create an Image every 6 months, your latest Image will always be less than 6 months old and the time to update the restored software system should be reasonable. Always keep the last 2, 3 or 4 images, just in case something unexpected happens to one of them.

The third way of getting a System Image is to use Microsoft’s “Backup and Restore” software included in Windows 7 and 8.

–In Windows 7 you can find “Create a system image” on the Backup and Restore Applet, in Control Panel. Click this and you can select a hard drive or set of DVDs as the destination for the Image. An external hard drive is the best destination, but sometimes it feels good to have a copy on DVDs also. Once the destination is selected, select the C: drive as the Image, and finally click “Start backup”. Make sure you get back to the Backup and Restore screen to “Create a system repair disk”, which is what you will use to boot up the system in order to restore the Image.

–In Windows 8, you will find “Create a recovery drive” on the Recovery Applet, in Control Panel. Click this and click “Yes” at the “User Account Control” window, then uncheck “Copy the recovery partition from the PC to the recovery drive”, click Next, and then choose the destination drive, and finally click “create”.

Creating the Image in either OS is relatively straightforward. Restoring the Image is a little more complicated, but with perseverance and maybe some advice and direction from someone who has previously done it, it will be easy enough to do, and it will become routine. Now, with an Image on an external drive, bring on the viruses.


IraNewly Detected Security Bug Threatens Secure Web Connections

by Ira Wilsker

 
WEBSITES:

https://weakdh.org

https://www.ssllabs.com/ssltest/viewMyClient.html  (TEST BROWSER FOR MULTIPLE VULNERABILITIES)

http://www.techsupportalert.com/content/security-attack-called-logjam-makes-browsers-vulnerable.htm

http://www.engadget.com/2015/05/20/logjam-browser-vulnerability-fix/

http://www.eweek.com/security/logjam-ssltls-vulnerability-exposes-cryptographic-weakness.html

http://www.businessinsider.com/edward-snowden-talks-about-logjam-on-reddit-2015-5

http://www.tripwire.com/state-of-security/vulnerability-management/logjam-researchers-identify-another-web-encryption-vulnerability/

https://nakedsecurity.sophos.com/2015/05/21/anatomy-of-a-logjam-another-tls-vulnerability-and-what-to-do-about-it/

http://www.thewhir.com/web-hosting-news/logjam-vulnerability-could-impact-more-than-500-cloud-providers-report

http://blog.lumension.com/10143/logjam-vulnerability-faq/

http://thehackernews.com/2015/05/logjan-ssl-vulnerability.html

http://en.wikipedia.org/wiki/Logjam_%28computer_security%29

 

            For several years, cyber security and safety pundits, myself included, have advised web users to be sure that sensitive information is only transmitted over secured web connections.  Virtually all modern browsers, and most websites support the "HTTPS" communications method where  the common "HTTP" (Hypertext Transfer Protocol) which is universally listed at the beginning of a web address is "layered" with some form of bi-directional encryption intended to make the web connection secure between the sending and receiving parties.  The most common layered encryption protocols used with the HTTPS secured connections are "SSL" (Secure Sockets Layer) and "TLS" (Transport Layer Security), and while having been previously considered reasonably secure against third party listening, have now been shown to be vulnerable to "man in the middle" interception.

            While this "geek speak" may be almost indecipherable to the general public, these potential and very possible interceptions of our personal and sensitive data sent over the internet may be a very real threat to our privacy, as well as our financial and physical security.  For years, I have been telling readers of this column as well as listeners to my former radio show to be certain that they only connect to ecommerce websites, as well as online banking, and other financial service websites that have the prefix "HTTPS://" appears before the web address in the browser address bar.  Likewise, many browsers displayed a small "padlock" icon, often in the lower right corner of the browser window; if "open" then the internet connection was insecure; if the padlock was "closed" (locked), then the connection was considered reasonable safe and secure.  For several years, it had been considered reasonably safe for web users to take advantage of these safe browsing features, assured that their sensitive data was being safely and securely sent and received.  Now, a new breed of web and browser vulnerabilities nicknamed "Logjam"  has appeared which threaten the online security that we have come to expect while conducting online transactions. 

            If a web user wants to quickly and easily determine if their browsers of choice are vulnerable to this new type of security vulnerability, simply open the webpage at weakdh.org; a red banner across the top of the page will clearly display the browser vulnerability, if present.  At present, I am using the most up-to-date version of Firefox, version 38.0.5, but the red banner says, " Warning! Your web browser is vulnerable to Logjam and can be tricked into using weak encryption. You should update your browser."  My preferred alternative browser, Google's Chrome, "Version 43.0.2357.65 m Google Chrome is up to date" also displays the same vulnerability warning, indicating that both of my preferred browsers have the Logjam vulnerability, even though they are the latest versions available .

            In simple terms, the commonly used HTTPS used at the beginning of a web address, either entered manually or by browser default, is no longer considered as secure as it had been in the past.  For the common web user who does online purchasing on many of the popular ecommerce websites, online banking, online investing, and other forms of personally sensitive transactions online may not be as well protected against interception as previously thought.  Recent published articles have also indicated that users of many of the large and popular  "Cloud Service Providers" which have been providing secured backup and data services,  may also have had their "secured" web connections compromised.  It has also recently been determined that many of the widely used email servers, which typically incorporate SSL or TLS encryption to secure email communications, have also been struck by this vulnerability, theoretically allowing unauthorized third party interception of emails.

            While it is being debated in the media whether this vulnerability is simply a bug in the security protocols and the popular web browsers, or it is actually a spyware type of malware, it has very recently (late May) been given the moniker "Logjam".  Since this Logjam threat is bidirectional, considering that a user's web browser is creating a secured (HTTPS) connection with a server, one of the primary weaknesses is in the user's web browser itself, with almost all of the current browsers being vulnerable to Logjam.  At present, the major security suites utilized by most PC and MAC users, offer little or no protection from this Logjam vulnerability. 

            With possibly millions of ecommerce, financial service, email servers, and other sensitive web based services in widespread use, the number of vulnerable websites and servers is staggering.  According to a website dedicated to exposing the threats of Logjam, weakdh.org, a team of computer scientists from the University of Michigan, CNRS, Microsoft Research, Johns Hopkins University, University of Pennsylvania, and others, performed a study of internet servers vulnerable to the Logjam vulnerability.  The study found that servers using the very widely used 512-bit " DHE_EXPORT " encryption methods were often vulnerable to Logjam, based on their purpose and function.  The researchers found that of the "Top 1 Million Domains"  using the HTTPS protocols to encrypt the data being sent and received, 8.4%, or about 84,000 were vulnerable to Logjam.  HTTPS enabled servers which were previously designated as "Browser Trusted Sites" had a Logjam vulnerability rate of 3.4%.  Email servers were especially vulnerable to Logam, with 14.8% of the mail servers using the common "SMTP+StartTLS" being vulnerable, along with 8.9% of the "POP3S" mail servers, and 8.4% of the IMAPS email servers.

            Websites that are using some of the more sophisticated, and considered more secure 1024-bit encryption methods may be even more vulnerable to "passive eavesdropping from an attacker with nation-state resources" according to the computer scientists researching Logjam.  The term "nation-state resources" implies that this Logjam vulnerability is not likely being perpetrated by the typical hackers and crackers, but instead may be possibility utilized by nations and states that have access to the extensive resources necessary to crack the dynamic encryption keys generated by the 1024-bit encryption protocols.  If a "nation-state" with extensive resources could theoretically crack the 1024-bit encryption protocol key, the rate of data interception may be significantly increased.  According to an article published on May 21,  by Business Insider (businessinsider.com/edward-snowden-talks-about-logjam-on-reddit-2015-5), "Edward Snowden weighs in on the huge internet vulnerability that could have helped the US spy on citizens"; the suspected spy, Edward Snowden, implied that the United States government may have used the Logjam vulnerability to intercept sensitive, encrypted, online transmissions. This statement about the United States using Logjam to gather intelligence was independently corroborated by the computer scientists researching the Logam vulnerability.

            The research posted at weakdh.org indicates that the number of supposedly secured web servers, VPN (Virtual Private Networks), and secured file and data transfer services using the supposedly more secure 1024-bit encryption may be more vulnerable than previously considered.  Of the "Top 1 Million Domains"  that implemented the 1024-bit encrypted HTTPS protocols had a vulnerability rate of 17.9%, or 179,000 domains were vulnerable to Logjam.  Of those websites and servers described as "Browser Trusted Sites" using the 1024-bit encryption, 6.6% were vulnerable.  The very widely used "Secure Shell Protocol", commonly referred to as "SSH", which is commonly used to transfer data and files between computers, servers, and the "cloud" had a Logjam vulnerability rate of 25.7%.  With many corporations, government agencies, military organizations, and others needing a secure "Virtual Private Network", commonly called a VPN, the Logjam vulnerability of those VPNs using the IKEv1 (IPsec VPNs) security had a Logjam vulnerability rate of a staggering 66.1%!  It is these Logjam vulnerabilities that the alleged spy, Edward Snowden, said that the U.S. has taken advantage of to gather intelligence and other data both domestically and internationally.  If the U.S. can (allegedly) be the "man in the middle" intercepting this vulnerable but encrypted data, there is absolutely no reason to believe that others, such as Russia, China, Iran, Israel, India, Pakistan, France, Germany, the U.K., and other nation-states are not doing much the same.  With the financial backing and technical capabilities of terrorist organizations, such as ISIS and Al Qaeda, it would not surprise me if they too were not involved with intercepting some encrypted internet communications.

            Check your browser at weakdh.org for the Logjam vulnerability.  An alternative website that will test your browser for the Logjam threat as well as other vulnerabilities is ssllabs.com/ssltest/viewMyClient.html .  If your browser is vulnerable, as almost all browsers are currently vulnerable to Logjam (with Internet Explorer version 11.0.19 being an exception), check for an update, as all of the major browser publishers are working on patching the vulnerability.  Simply opening the browser menu and selecting "About" will display the installed browser version, and most browsers will also indicate if the browser is up-to-date, often with a link to an updated version, if available.

            While there is no current anecdotal evidence that our common consumer financial transactions have yet been compromised by the Logjam vulnerability, the possibility of it still exists, and it is only a matter of time until cyber crooks find a way to capitalize on it.  By the time that this occurs, hopefully we all would have had an opportunity to upgrade our web browsers to a more secure version - until next time.


Submit Your article; deadline for next bulletin is Tuesday noon each week. Only what you write may be published. We cannot publish other peoples work without written permission. Simply click here EDITOR AT TECC and paste your write-up to submit it.
Share your computer experiences with other members. We need articles to publish in the TECC Bulletin.

UPDATE YOUR MEMBERSHIP INFORMATION Change your e-mail address, unsubscribe to this bulletin, etc.  Use link below.
UPDATE YOUR MEMBERSHIP