Trails End Computer Club

Bulletin for the week of DECEMBER 13, 2015

WEEKLY MEETINGS
EACH Wednesday 

Program or Lesson 9:00 - 10:00 AM
One on One Help 10:00-?
In the Library


SPECIAL INTEREST GROUPS:

If you would like to meet in a small group to discuss special computer related subjects or form a Special Interest Group lets discuss it.

Our bulletin is also available on line by visiting tecc.apcug.org and clicking on bulletin.


Our weekly program or lesson is intended
to be of interest to all computer users.
Following the program an allotment of time will
be available for one on one help to those
who want a better understanding of something done
 during the presentation.

Upcoming Events

Wednesday DECEMBER 16, 2015 Meeting
 8:45 AM Set up your computer
 9:00 AM Lesson
10:00 AM One on One help

IraHoliday Shopping Season Opens with New Malware Targeting Credit Cards, and Android Tablets factory Infected with Malware


By Ira Wilsker


WEBSITES:

http://www.isightpartners.com/2015/11/modpos/

http://bits.blogs.nytimes.com/2015/11/24/researchers-track-tricky-payment-theft-scheme/

http://finance.yahoo.com/news/sophisticated-scam-targets-retailer-payment-191352635.html

https://www.cmcm.com/blog/en/security/2015-11-09/842.html

http://www.esecurityplanet.com/mobile-security/android-tablets-sold-on-amazon-infected-with-cloudsota-trojan.html

http://www.cmcm.com/article/share/2015-11-09/840.html

http://www.cmcm.com/blog/en/security/2015-11-11/843.html


This past few weeks have been as busy for cyber security professionals as it has been for bargain shoppers. While there have been several stories in the national and local media about shopping safety and security, cyber crooks are also well aware that that the seasonal shopping frenzy creates illicit financial opportunities for those ingenious enough to create malware to again attack our "POS" (Point of Sale) payment systems, as well as to infect popular Android tablets with malware at the time of manufacture.

It was approximately two years ago that we heard about the massive credit card data breaches at Target, Home Depot, and dozens of other major retailers. Most of those well publicized data breaches occurred because a well written piece of malware was able to infect the POS devices that most of us use at checkout to steal our debit and credit card data. While there have been many subsequent data breaches and thefts of credit card data since the massive attacks two years ago, none have reached the scope and degree of damage of the combined "Black Friday" attacks of 2013. Now, at the height of the 2015 holiday shopping season, there is some evidence that a new, more sophisticated, type of malware may be spreading through the retail channels that could repeat or surpass the sheer numbers of credit and debit card numbers stolen in the previous massive attacks. On November 24, a Dallas based cyber security company iSIGHT partners disclosed this new threat in a blog post "ModPOS: Highly-Sophisticated, Stealthy Malware Targeting US POS Systems with High Likelihood of Broader Campaigns" (http://www.isightpartners.com/2015/11/modpos).

According to the iSIGHT blog posting, "The threat intelligence experts at iSIGHT Partners have analyzed the most sophisticated point-of-sale (POS) malware we have seen to date. ModPOS, which is short for modular point-of-sale (POS) system, is a comprehensive malware framework. The actors behind the ModPOS software have exhibited a very professional level of software development proficiency, creating a complex, highly functional and modular code base that places a very heavy emphasis on obfuscation and persistence. Thus, ModPOS can go undetected by numerous types of modern security defenses." Preliminary reverse engineering of the malware code has shown that the source of the malware code is probably Eastern European in origin, and is explicitly written to not just capture the magnetic stripe data that was purloined in such large numbers in 2013 and subsequent data thefts, but to also steal the data from the newer "EMV Chip and PIN" secured credit and debit cards now coming into wide use, as they were supposed to provide greatly enhanced security. These new EMV (Europay-MasterCard-Visa) Chip and Pin credit and debit cards were designed to make it very difficult for cyber thieves to profit from stolen credit card data, as they did in the massive "Black Friday" attacks of 2013, but an in store vulnerability has again made the data vulnerable to theft. This new ModPOS malware has taken advantage of a flaw in the internal in-store processing of debit and credit transactions still using magnetic stripes as well as using the new EMV Chip and Pin cards; the processing flaw, now known to the retail industry, is that the internal processing systems utilized by many major retailers does not support end-to-end encryption, and does not also properly encrypt data in memory, allowing that credit card data to still be captured and sent to distant cyber crooks. According to iSIGHT, "Criminals can then reuse card data, even from EMV cards, to make online (card-not-present) transactions."

This ModPOS malware can be easily modified to better target specific credit card transaction systems by integrating its own integral data upload and download utilities, "RAM scraping" (capturing unencrypted data in RAM), keyloggers (captures keypad entries, such as PIN numbers), and other highly specialized malware utilities. The malware code itself is encrypted, thus making it very difficult to detect using modern anti-malware detection software and hardware, thus allowing the malware code to burrow itself into the relevant legitimate and necessary computer software, where it is also difficult to detect and neutralize. The malware code was written to not just compromise the retail credit card processing system, but to also install itself in other software used by retailers, rendering it even much more difficult to eradicate. It is important to note that while initially encountered in retail store payment systems, it has now also been detected in the payment systems utilized in the hospitality industry including some major hotel chains and franchises, and restaurants. It is only a matter of time that ModPOS and similar highly sophisticated malware again appears to threaten our digital transaction systems.

Stay tuned, as we have yet to see if ModPOS and similar malware will in reality wreak havoc on our credit card infrastructure as its malware predecessors did in 2013. While it is still too early to know if, and to what degree, ModPOS and its malware brethren will cost us this season, we should be aware that it is out there, in the wild, targeting our retail and hospitality payment systems. As mentioned in my columns following the infamous massive data breaches of the 2013 holiday season, be absolutely sure to thoroughly check your debit and credit card statements for any questionable activity, and if any suspicious transactions are posted, contact your credit or debit card provider immediately at the phone number on the back of your card.

While in volume and potential financial costs, massive credit card breaches can do extensive damage, there still are some smaller threats appearing in our holiday purchases that many of us would find more irritating than disastrous. It seems that thousands of inexpensive, generic or "no name" Android tablets sold through Amazon and other reputable dealers, were manufactured with malware installed on the devices at the time and place of manufacture in China. There have even been some published reports that some models of major name brand Android tablets, possibly produced by the same makers that produced the infected generic tablets, were also factory infected with malware. According to a November 16 posting by Jeff Goldman on eSecurityPlanet (esecurityplanet.com/mobile-security/android-tablets-sold-on-amazon-infected-with-cloudsota-trojan.html), "Android Tablets Sold on Amazon Infected with Cloudsota Trojan; The tablets have been sold and delivered to over 17,000 customers in more than 150 countries." Citing a post on the Cheetah Mobile security blog which said, "Researchers at Cheetah Mobile recently found a Trojan called Cloudsota pre-installed on some Android tablets that were available for sale on Amazon.com and other online stores. The Cloudsota Trojan enables remote control of the infected devices, and it conducts malicious activities without user consent," Over 30 brands of inexpensive Android tablets sold by Amazon and other online retailers were infected with this trojan. The top selling brands, which included the vast majority of the infected tablets were "No Name" (unbranded); AllWinner; SoftWinners; Advance; Rockchip; Joinet; SW; WonderMedia; RDA; Freeman; WorryFree; MID-1013D; ELVISION; and Killer. There have also been published reports of the Cloudsota Trojan being factory installed on some inexpensive, generic branded Android powered smart phones, according to Cheetah Mobile.

The Cloudsota Trojan is a revenue generating type of malware that loads advertising and other apps to the device without the users' permission, and connects as often as every 30 minutes to a web server in China for instructions, updates, and for new apps to be transparently installed without the consent of the users. This trojan also redirects web traffic to its own browser, often blocking the browser selected by the user. Other nefarious activities of this trojan include changing the boot animation of the device to an advertisement; the uninstallation of apps installed by the user, notably antivirus and other security apps; resets the wallpaper to paid advertisements, often showing new advertising every time the "home" button is tapped; loads and runs apps on its own, even if not selected by the user; and displays popup advertisements at random times, regardless of what is being run at that time.

Reputable sellers of these 17000 infected tablets are aware of the problems, and some have offered adjustments or replacements to buyers. For owners of these trojan infected tablets, Cheetah Mobile has published "Manual removal instructions of CloudSota", available online at http://www.cmcm.com/article/share/2015-11-09/840.html. The manual removal instructions require the user to connect the tablet to a PC with a common USB cable (often the same cable used to charge most Android phones). The online instructions direct the user to download a file (free) "android-tools.zip" to the PC from Cheetah Mobile, and then follow the online instructions to permanently remove the trojan.

It is shameful that malware authors will commit criminal acts to enrich themselves by stealing our credit card data or infecting smart devices at the time of manufacture with revenue generating trojans. As stated above and in earlier columns, it is imperative that we all routinely check our credit and debit card statements for questionable transactions, and report them immediately to the card companies. While not as perilous, but extremely annoying, thousands of people receiving inexpensive Android tablets this holiday season will be in possession of devices loaded at the factory with malware. Again, contact the seller for replacement or refund, or follow the instructions above for removal of the malware, but also be aware that many of the generic manufacturers of these inexpensive tablets offer no technical support.

It is sad that what should otherwise be a happy time of year turns out to be a less than happy season, all due to the greed of unscrupulous individuals. Pity.


Password Generation Hint

By Jerry Goldstein, Member, The PC Users Group of Connecticut

http://www.tpcug-ct.org/        Adrabinowitz (at) att.net

Thanks to the lack of safety of those holding our passwords, we are often notified of user information and password theft occurring by those we provide our information to. Banks, stores, and other major corporations announce data thefts and loss regularly. As a result we need to be constantly on vigil and update our passwords regularly.

Remembering passwords is difficult enough without having to change them at least twice a year. Password manager programs are great but even they can fail and then you can lose all your passwords.

A new password theme has been worked out that helps you to remember your ever changing password scheme. The method uses a consistent password coupled with the name of the site you are at. Create a base password like: Qstn&16^, and combine it with the website you are visiting to create a unique password for that site. So if you go to the TPCUG Yahoo Forum site you would use, for example, Qstn&16^tpcg. This combines the usage of leaving out vowels in a word to remember the password better while making the password harder to break, using numbers and characters, one capital letter, and using at least an eight part letter/character basic password for better protection. You use the same basic Qstn&16^ with all your sites and just add in the website's name without vowels. You now have a single password to remember that can be used everywhere.

Since the likelihood of one of the sites you use that password is going to be hacked this year you want to take one extra step to avoid having to revise all your passwords every time a hack occurs. Value your sites according to Low, Medium, and High security needs. For low value sites, like the shoe store or grocery store you add LV to your password. That would be: Qstn&16^LV as your base password for low value sites. Medium value sites add MV and high value sites, like banks and credit cards, add HV.

For high value sites it is recommended you also use secondary authentication, such as having to answer a question after your user name and password are approved. Remember not to use your correct information on your authentication answers. Your correct information is too easily available on the internet to use as an authentication. Dates of birth, schools you attended, and family and pet first and maiden names are readily found on many people's Facebook profiles and postings. Use something different that you can easily remember instead.

Protecting yourself is never going to be as easy as locking your doors and windows any more. Banks lose your data regularly as laptops filled with information are left behind by bank employees when they stop off for their morning coffee. Thousands of hackers work feverishly to break your passwords and steal your identity. The methods offered here are just methods to help you protect yourself. Doing due diligence in the battle against identify theft is an ever ongoing battle. Stay alert and you may get lucky and not hacked, for a while.


JimBack To Basics  -  Saving a File

By Jim Cerny, 2nd Vice President, Sarasota TUG, FL      www.thestug.org      jimcerny123 (at) gmail.com

We have all saved files, or at least we have tried. There are times, however, that we can get confused or confounded by our files. Things may not always work the way we want. I hope this article will help clear things up and help you understand how to easily save files so that you can find them again.

Files are collections of data that are created by using a program on your computer. EVERY FILE HAS A NAME. For example, the Microsoft Word program creates files called documents, the Paint program creates files which are images, your digital camera creates photos or picture files, and if you are playing a game on your computer and you can save it, that game is saved as a file. So when we use a computer and want to keep anything we have done, we must save it as a FILE.

FILES ARE SAVED IN A FOLDER. A folder is a PLACE in your computer. Think of it like a manila folder in a file drawer. A folder also has a name so you can find it as well. If you can find the folder you want, then you have found the files that are in it.

Perhaps the best way to understand how to save a file is to go through an example. Let’s say you are creating a new document using the Word program. To SAVE your document go to the “file” tab or option. (On some editions of programs the “file” tab or menu does not have the word “file” on it, it could be just a blue tab in the upper left corner of the window). When you open the file menu you have two basic choices for saving your document – you can select “Save” or “Save as…”. My advice is to always use “Save as…” because you will always get the “Save as” window to help you save your file. (In Word 2013 you don’t get the “Save as” window right away, you get a list of your most recent folders. Clicking on any folder will open the “Save as” window for you).

The “Save as” window has the important options or choices you need to make every time you save a file. These three options are the Folder into which your file will be saved, the Name of the file, and the File Type. You do not have to change these if you do not want to, but at least look at them to see what you are doing.

The first option at the top of the window is a long box with the name of the FOLDER into which your new document will be saved. The folder that you see there is the “default” folder that will be used unless you change it to a different folder. On the left part of the window is a list of all your folders just like you see in Windows Explorer. Use this part of the window to find and click on the folder you want to save your document. When you select a folder you should see the folder name in the box at the top of the window (along with the “path name” of how to get to that folder). If you have a folder named “Letters to Doctor” and that folder is in your “My documents” folder, then the path name in the box will be “My documents > Letters to Doctor”. The folder name that will be used to save your document will be at the end of the path. If you do not change the folder, your file will be saved in the folder that appears in this box.

The second option to check is the NAME of the file which appears in the box to the right of “File name”. The name that is in that box will be used as the file name unless you change it to something else. Usually the name will be already highlighted for you to change – if so, you can just start typing the name you want. If it is not highlighted, click in the box to highlight it and change it. Always give your file a good name that means something to you. (When using Word, the name of the document given by default is usually the first line of text).

The third and final option is to select the file type which appears in the “Save as type:” box at the bottom of the “Save as” window. Some programs such as Word will allow you to select from several different file types. If you are the only one using the files you create you probably will not have to bother with the “file type” at all and you can leave it alone. Basically, if you create the file on your computer you will always be able to open that file because you have the program that created it. The issue with “file types” becomes important when you send one of your files to someone else or someone else sends a file to you (such as an email attachment or a file you download from the internet). The “file type” is a three or four character code that comes after the dot (period) in all file names. It identifies the file so that your computer can try to use a program to open that file. As an example, if you create a document using Microsoft Word version 2013 and send that document to someone who does NOT have Microsoft Word 2013 on their computer, they may not be able to open and read that file (document). Fortunately, Microsoft Word has the ability to save your document as a different “file type” and you can select from those options by clicking on the tiny arrow in the right end of the “file type” box. If you are eager to learn more about file types, just Google it!

Well, that’s the scoop on the “Save as…” window. If you use the “Save” option instead of “Save as…” you may not get the “Save as” window at all. If you are making changes to a file you already have, then using “Save” will REPLACE your file with your changed version – and your previous file is GONE. So “Save as” gives you the option to give your file a new name (and keep your old file) if that is what you want.

Remember to save your work often to avoid that sinking feeling you get when you realize you didn’t do a save. Some programs, like your email program, may do saves periodically while you are typing your email. If something happens look in your “Draft” email folder to see if your unfinished email is there.

Finally, after you actually do a “Save” or a “Save as…”, the computer may not tell you anything – there will not be a message such as “Your file “Club Report” has been saved to the “Club Meetings” folder”. So what do you do? – you go and LOOK for the file to confirm that it has been saved in the folder you intended. So open up the Windows Explorer program and find it. Do it right away before you forget where you saved it! If all else fails, you can always do a “search” for a file or a folder to try to find it, but that is for people who are disorganized, not you, right?


Submit Your article; deadline for next bulletin is Tuesday noon each week. Only what you write may be published. We cannot publish other peoples work without written permission. Simply click here EDITOR AT TECC and paste your write-up to submit it.
Share your computer experiences with other members. We need articles to publish in the TECC Bulletin each week.

UPDATE YOUR MEMBERSHIP INFORMATION Change your e-mail address, unsubscribe to this bulletin, etc.  Use link below.
UPDATE YOUR MEMBERSHIP