Laser Pointers Hack Siri, Alexa & Google From afar

Posted on November 6, 2019November 6, 2019Categories UncategorizedTags , , , , ,

A new paper has come out showing how a laser pointer from 800 feet away can turn on your voice activated device and do anything they want with your device. If you have a smart door lock connected to Alexa, they can unlock your door and walk right in. If you have an iPhone, then Siri is already a vulnerability allowing people to access your private information even when your phone is locked.

How is it possible to hack my devices with a laser pointer? Sparing you the mundane details, microphones are lacking or have non existent security measures to stop light being accepted as sound, which lets hackers use that to their advantage.

The best way to mitigate against this would be to disable voice activation on your iPhone and Android and move your voice activated Alexa and Google Mini away from windows.

Planet Zuda podcast 6: Some Open Source Code is like Poisoned Food & Rise Of Mac Malware

Posted on March 14, 2018March 14, 2018Categories cyber security, information security, podcast, podcasts, technologyTags , , , , , , , , , , , , ,

Some open source code is like food poisoning by getting food off the road from a random person. It will make you puke your brains out is a good analogy to explain how insecure the majority of the code written by individuals is and how you can lose everything. Other open source code from companies is more along the lines of getting food from a food truck, which is a company and the majority of companies try to deliver a safe product and not one that is the equivalent of food poisioning.

Macintosh Malware is on the rise. In 2017 Macintosh malware rose 270 percent in one year. If anyone tries to tell you Macintosh is bullet proof, they are wrong.

United Nations & Lack Of Cyber Security

Posted on March 7, 2018March 8, 2018Categories cyber security, information securityTags , , , , , ,

Today we will be covering the United Nations hacks that haven’t gotten the level of publicity that they deserve both in this article and on our podcast. In recent years we reported a compromise in the United Nations site and we can say per our experience that calling the United Nations to report their site has been hacked is no pleasant task. Per our experience their initial response was a polite way of saying you may be arrested, but once they realized we didn’t hack them, we just spotted that the site had been hacked we were transferred to the IT guy who seemed to be in a panic. Like any organization, the United Nations should implement  proper cyber security vetting for the code they use. This includes having the code that they currently have in use go through a third party audit and have the security updated. They should also have all their programmers learn secure development practices, and audit all third party code that they use on their website.

So is the United Nations using proper cyber security measures? It doesn’t seem to be the case, since the United Nations hasn’t been hacked just once this year, the most recent known United Nations hack was Feburary 4th, 2018. The United Nations was also hacked several times in January, 2018 as as shown here on January 28th, January 16th, January 15th, January 14th and six times in 2017 just on Open Bug Bounty alone.

These aren’t the only times the United Nations has been hacked and was publicly documented. Zone-h, a site for archiving defaced websites has two archived instances of the United Nations being hacked in 2008 and in 2006.

While the United Nations has been hacked more than anyone would want, it is important to take into consideration the gigantic size of the United Nations site with multiple sub domains. It certainly does not appear that there has been a review of all their code in years. The best solution would be for them to have a full security audit, get rid of old sub-domains they no longer need, and make their code easier to maintain through multiple tools that are available.

Unfortunately, our conclusion based on the public information about the United Nations site right now, is that they are not a safe website per our companies policies of what are acceptable risks. Being hacked for the last 12 years with no significant appearance that we can see of improved cyber security certainly does not seem like a safe website to us, but it is ultimately up to the user to decide the risk level they want to take when using a website.

CCleaner Hacked Up to 2 million impacted by Malicious CCleaner — Is it worse Than Equifax?

Posted on September 18, 2017Categories UncategorizedTags , , , , , , , , ,

CCleaner distribution center was hacked  and a malicious version of CCleaner was put in it’s place.  Unfortunately, up to 2 million CCleaner users downloaded a malicious version that had a RAT, also called remote access tool. This could be worse than Equifax, which some would say that is unrealistic, because Equifax affected up to 142 million people. However, it only affected the information curated by Equifax, not the entire users computer, which some of them most likely had their SSN, along with other very personal information.

What Is CCleaner and how was I affected?

CCleaner is used to clean up computers, which naturally would tick off hackers. So, in August 2017 a hacker with malicious intent broke into the CCleaner servers and replaced  the legitimate CCleaner  with one that had malware in it. Over 2 million people downloaded malware or to be more precise, a remote access tool that allowed the hacker to gain access to your computer’s name, a list of installed software and Windows updates, running processes, MAC addresses of network adapters alongside additional information.

 

While that sounds pointless, it actually isn’t. This information is sent back to a hacker who is using a U.S server. Now the hacker knows the system he has infected and how secure or insecure it is, then without pointing out how he got into the system he has an easier way of exploiting it. Or he could exploit the system after already being inside of it, but from what we’re reading it appears the remote access tool was doing recon work after infecting you to find another way into your system, so the malicious version of CCleaner wouldn’t be noticed for awhile and they suceeded. CCleaner was hacked with a RAT on August 15th and wasn’t detected until September 12th. That’s almost a full month the hackers had complete access to two million systems.

 

To conclude, it appears the hackers used the malicious version of CCleaner to do recon, or if this were a traditonal robbery the term “case the joint” would be used. They infected the computers, to see how to get into the system further without their initial point of entry, which in this case the CCleaner hack from being noticed.

Depending on what type of data was exfiltrated, this could be worse than equifax, because it affected more data. We are looking at the quality of the data stolen, not the quantity of the data stolen. Clearly the quantity of the data stolen from Equifax is far higher than CCleaner, but CCleaner may have gotten the users higher quality data they can use for ransom and other malicious uses or reselling it.

We will continue to update this, to keep you informed

Website security: Is Website security easy to hack by criminals?

Posted on April 27, 2017April 27, 2017Categories web securityTags , , , , , , , , , ,

Website security is code that tries to stop criminals from illegally hacking your website and bypassing  security measures you have in place, if you have any in place.

How secure is website security on average?

On average it takes less then a minute to bypass website security that is supposed to stop criminals and automated tools can crack simple passwords in under 30 seconds, sometimes under three seconds depending how weak your password is and what type of machine  you have.  How is this possible? Most developers aren’t familiar how code can break, they just know how to write code that works and depending on the project, that can be complicated in itself. Education on how to secure code is very important, if we want to make more secure programs in the future.

What is website security?

Website security is supposed to stop criminals from getting into your site. It simply is code that is designed to make it so criminals can’t bypass it, but they may be able to bypass another part of your code, since there are so many ways into your average system.

Website security being illegally hacked by criminals is a major problem, since all your users data could be stolen, your site could be used to deliver malware to users, gain access into areas that require admin authentication, and so much more. Protecting website security is one part of our job, making sure we provide enough plans so everyone can afford web security is another part of our job. Whether you  can only afford malware removal  or need a security audit to find vulnerabilities, we have you covered. We continue to release more  products to help people stay as safe as possible without breaking the bank.