What We Should Know About Hackers?

As security guy, I get involved with hackers (black, white and gray hats), hacking incidents, security issues and so on. One of the interesting thing is you will see a well reputable company or website get hacked, not because hacker is so smart but the company forgot one of the key security best practices. Here are some notes you should know about hackers and hacking incidents:

  • Gap Between Academic and Industry Security: There are several people doing PhD in area of security and governments spends millions of budgets for academic research and you will see their outcomes on as published paper. Unfortunately, academic research doesn’t have much impact on industry security. They end up with playing with numbers and mathematical formula and makes things complex but they failed to provide a actual solution to industry. For this reason, you will see several university professors who have been hacked by teenage hackers. It is because they have different understanding about security compare to industry about security. In Industrial research things are different. They normally won’t publish their result, because they don’t want hackers to figure out a way to bypass it. Their research will directly adapt into industry. Therefore, if you see a professor or PhD student in security, don’t leave your company to them, you will gain nothing but embarrassment when a teenager takes over your company’s network.
  • We are the smartest Guy: Most people won’t know how hacking works, they just see a guy play with black screen with a lot of codes and then get a lot of data and we will see wow they are cool. Even though, hacking required certain talent and expertise, but not all hackers all that super smart. In most cases, they just know some codes and scripts which is available publicly and they just copy and paste and modify it to get the job done. Because they have a dark screen with some code, they are not super. You should see what they are doing to see whether they are real smart hacker or just someone who is playing with some scripts.
  • I could hack into everything: We know in world of security, nothing is unbreakable. No matter how well you secure your systems, there could be a way to break into it. But it doesn’t mean every hacker could hack into everything. They required to have expertise in certain areas and they need to try and do research to figure out how to hack into your system. And they might get more failure than success or they might not be able to hack into your system at all.
  • Linux is the most secure operating system: Several people mentioning, we are migrating to Linux, which is absolutely WRONG. If you have any friend or you know any hackers, just ask them about hacking Windows or Linux. If you are hacker yourself, you will know what I am saying. Hacking Linux is a lot easier than hacking the latest version of Windows. Just have a try on it. It doesn’t mean there is no way to hack a Windows but to do that, you need to spend a lot of effort and normally, you couldn’t hide your identity after hacking. This is one of the reasons that top secrets servers and systems like NSA, US Army, NATO, CIA, FBI, Europol and so on all running on Windows.
  • No one ever knows about my hacking: Sun won’t stay under the cloud for too long. Even the best and most professional hackers have been discovered by authorities and internet is not just free place without any trace and detection. In the other hand, authorities are getting new tools to better discover cybercrimes and hacking incidents. Therefore, if you are a black hacker who hack into companies and damage them, it is better to switch to become white hackers who help companies securing themselves and be a good hacker, otherwise, you won’t have a nice future.

 

Hacking is interesting journey, if you want to be a hacker, try to be a good one. Try help companies with their security issues. If you are a black hacker, you may also switch to become good guys.

Advertisements

Better Protection with Windows Mobile

Software developers prefers to work on a platform which is very popular and for this reason, nowadays several developers prefer to develop application on Android and iOS devices. Android is very popular but is not secure. I am always recommending Android users to update their device and install Anti-Virus software. Android is not fundamentally secure and when it was being develop, security wasn’t the top priority of the project. The main agenda for the project was a light platform to run on small devices. Then when it becomes popular, security consider the key component for Android but it still failed to provide a secure platform while still malwares are able to get into Google Play and apps could be installed from third-party and install malware. There is security team in Google who are working on securing Android but still foundation of Android is not secure. Apple’s iOS provides a better security and it is secure out of the box, but still it has some security flaws and it is expensive so there are people who couldn’t afford buying it due to price. There are other platforms like Blackberry which provides a fair secure platform but there aren’t reliable development environment and are not popular among developers.

The final option would be Windows Mobile, it has secure foundation which is a lot more secure than Android and more secure than iOS. It has been engineered securely and there wasn’t any report of widespread malwares and hacking in this platform. Developers who have been working on Windows Mobile, enjoy a safe and reliable platform and they are assure that their application run on a platform which hackers couldn’t get in easily and there is a powerful engineering behind it. With recent development of Windows 10, there is concept of Universal Windows Platform (UWP) which you could develop an application and target it for Windows 10 (which there are millions of people using it) and use the same code with a bit of modification run it for Windows Mobile and other Windows Devices (if it meets hardware requirements). For these reasons, it would be wiser for developer to work on UWP app where they develop app for most popular operating system for personal computers which is Windows and have it run for Windows Mobile with few changes on code.

Using this method, they would make sure their app runs on reliable and secure platform and there is not much worry about the device get hacked and data stolen. In Android, even if you follow all best practices for security, your device still could get hacked and when operating system has been hacked, all applications are at risk. You won’t face such issue in Windows Mobile in most cases. This way, you could motivate your users to purchase devices which are more secure and this way you could protect your applications. In any case, you will need to develop app for Windows 10, why not spend a bit of time for Windows Mobile too?

This is important if your applications deal with financial and personal data. So, this is call for action for developers. We are asking developers to develop applications for Windows Mobile to protect us against modern threats and they don’t need spend a lot of time doing that, instead they could go for UWP. This way we could protect millions of users worldwide.

 

Windows Defender Exploit Guard Will Succeed Microsoft EMET

I explained about Microsoft EMET which is really cool tool against 0-days. It doesn’t completely protect you against all threats but it makes your system stronger and you have better protection against exploit. Whenever I visit any user or I want to check any system, I also add Microsoft EMET into it. Last year, we heard a news that Microsoft EMET is going to be discontinued. But I would like to announce good news that Microsoft EMET will be succeed with Windows Defender Exploit Guard. This is feature will be available in upcoming version of Windows 10 and it will be build into Windows, so you don’t need to install it and it will have more features and functionalities.

I am strongly asked you to prepare to upgrade your Windows 10 devices to the latest build and you will get better advantage against 0-days and better control over application security. So, if a developer wasn’t following best practices to secure the application, we could add some restriction that application and makes it harder for hackers and cybercriminals to gain access to our system. You may read more about this new feature on here.

 

How to Protect Your Home Wireless Network?

Hacker and Cybercriminals interested in hacking Wi-Fi network. It is much easier since they just need a Wi-Fi connector and they don’t need to connect their device to a physical cable. If they have right tools and right skills, they could use laptop, tablet or even a mobile phone to hack into wireless network. There are some tips, which we could follow as home users to protect ourselves against Wireless hacking.

Encryption Protocol and Passwords: There are protocols to encrypt connections like WEP or WPA, if you look into encryption algorithm in your modem, you could check them and see which one is supported and is more secure, normally WPA2 is more secure than WEP and WPA. The enterprise standard would use digital certificate which is more secure but for home user you might need to use simple and cheaper way of encryption which is password. You should look into your modem specification and see what standards are supported and use the most secure one. Then you also need to select strong password. It should be long and complex. Normally, I suggest to create a long and complex password and save it in notepad and put it into a flash memory and paste it in your connected devices and save password. It is good idea to change your password regularly at most every 90 days.

Number of Connected Devices: In some routers, you may set the maximum number of connected devices. In this case, you could count how many devices are being connected to router and set that as maximum number of connected devices. So let say, if you are connecting 6 devices to the Wi-Fi router at the same time, if someone else tries to connect, the connection will be rejected (unless you have fewer number of devices connected at that time e.g. 5 devices).

MAC Address Filtering: MAC address is the physical address on devices, on some routers you may set MAC filtering , where you could set MAC address of your devices which are being connected to router and set rule that only accept devices which match the same address and reject the rest.

Hide SSID: If you already used Wi-Fi, you might have seen that when you turn on Wi-Fi, you will see name of access points. This is actually their SSID, in some routers you may set to hide this name. So when you turn on Wi-Fi, you won’t see the name of your access point and you have to manually type it and then it will be asked for password.

Guest Wi-Fi: Let say someone is visiting you and you want to grand him or her access to your Wi-Fi. Some Wi-Fi routers has Guest Account and normally you should leave it disable and only enable it when guest is coming. This account would create some restriction on the guest user and protect access against your own internet access and you could set some limitation like amount of time allowed to use Wi-Fi or bandwidth limit.

Router Login Page: In order to make any changes to the router, you should login to the router page. It is recommended to change the default username and password for login. Some routers has ability which you could set to only allow access through LAN and block access from Wi-Fi, make sure you set this option. In addition, you should set to only grand access from local network and block remote access. This basically means, you could only change router setting when you physically connect through direct LAN connection.

Reduce Signal Frequency: Above methods would provide great helps to stop hackers, for example hiding SSID, would hide your router from cybercriminals, MAC filtering, block external device access to router, strong password will stop bad guys against hack your router. However, hackers always working on ways to bypass these and there is a way when no one could hack into your router unless they are close to your router. It is by set frequency of connection. When you reduce frequency of signals, you only could connect to your router when signal is within range or you are close to your router. It is recommended to place your router in location where you could get signal inside your home but you are unable to get signal outside your home. In this case, only if someone manage to get into your home, then he or she is able to connect to your Wi-Fi.

It is also recommended to enable Wi-Fi logging and check log files regularly to check for suspicious activities.

Have a safe Wi-Fi connection.

 

Update Vaccinates your PC against Ransomwares

After recent ransomware incidents, I received several messages from users who are super worry about current incidents and about futures malwares. I tell them one thing, you don’t need to be super-duper computer expert to protect yourself, the only thing you need to do is to update your PC and Anti-Malware software and nowadays, it is as easy as stay connected to internet and you will get the latest updates. For example in Windows 10, when you have default setting, you just have to connect to internet and Windows will protect you by updating Windows and Windows Defender automatically. If you have any other Anti-Malware software, normally it also get updated automatically. PC which have been infected with ransomware and are getting infected right now, are facing this problem, because they are not update. Update act like vaccinate for malwares and update could detect and remove them. If you really care about security and protecting yourself against malwares and ransomwares, they make sure update Windows, Anti-Malware software and everything.

In general, security researchers all over the world, are trying to find new threats and find ways to detect and remove them and if there are other malwares similar to the one which has been detected, they create ways to detect unknown but similar malwares. They effort on detecting and removing these malwares are being released as definition updates through update mechanism. In the other world, security engineers in Windows team also research about new and unknown threats and vulnerabilities in Windows and attempt to fix and protect these vulnerabilities and mitigate possible vulnerabilities in future and they release security fix through Windows Update.

 

What is Microsoft Security Compliance Manager ?

Managing security in a company is a complicated task. In Windows environment there is very nice feature known as Group Policy which you could take a control over managing your IT environment and you could set basic things like forcing user to change password every three months to more complicated tasks like block certain version of application from running or disabling certain settings in Windows. There is no doubt that Group Policy in Windows is very powerful, but many IT professionals are not sure how to configure it to compliance with best practices in security industry. If a company required to follow best practices in IT Security, they could achieve it with Group Policy, but they are not sure which policy should they set. In this case, they need to go through security best practices documents and figure out what each policy is all about and then open Group Policy and look for Group Policy Object and then set that specific policy there. This is time consuming and difficult process and for these reasons, many of IT professionals just setup basic security policies like the one for user account and then let it be like that. Hopefully, Microsoft released a tool which makes it a lot easier to adapt security best practices in Group Policy quickly and it called Security Compliance Manager. What it does is, it contains list of security best practices and map them to Group Policy Objects and it also has explanation like why we need each policy and why there are important. In this case, instead of look into guideline and figure out which policy must be set and where is it located in Group Policy, you will see all required policy and you will see why they needed and you could compare them with your current setting, the recommended one by Microsoft and recommended one by industry. In addition, you could simply sit with your managers and other IT Professional and discuss what changes you wanted to adapt into these policies and once you done, you could import it into your current IT environment and use it. You could also customized your own settings and share it with other branches. Security Compliance Manager is simple tool which makes great things. Make sure you use it and good news is, it is free of charge and you may download it from here.

The above link is the latest version and new version will be released regularly, make sure check out Microsoft website for the latest version.

 

Don’t Scare of WannaCrypt

Recently, a type of ransomware known as WannaCrypt which could spread over network like worm affect millions of computers worldwide. Ransomware is type of malware that encrypt files in a system and ask user to pay so they give them key to unencrypt files and making payment doesn’t necessary grand you the key to unencrypt files. Therefore, it is best not to make any payment and instead, invest more time to protect yourself. Normally, ransomwares come through a file or with a virus where user have to click on the file to or run infected program for ransomware to run and it only infect the affected PC and no other PCs in network. However, WannaCrypt is different, it infect the PC and try spread over network like worm and infect other PCs in the network. In this case, it could encrypt all PCs in a company or organization and this is why it becomes great concern. It uses vulnerability in Microsoft Server Message Block 1.0 (SMBv1) server which has been fixed on March to spread over network. To put this simple, if you already updated your Windows, it won’t be able to spread over network and in general you should install update related to Microsoft Security Bulletin MS17-010. In other world, Microsoft already protected you , before this worm infected the world, but because many users and IT professionals still won’t take Windows Update seriously, it manage to affect the world. In addition, majority of Anti-Malware vendors already released update to protect users against this ransomware and if you are using any of Microsoft Anti-Malware products such as Windows Defender, Microsoft Security Essentials, System Center Endpoint Protection, Windows Intune Endpoint Protection, Microsoft Forefront , you will be protected, if you update your Anti-Malware and in Microsoft Anti-Malware signature, it is known as Ransom:Win32/WannaCrypt .

In conclusion, to protect yourself against this WannaCrypt and other ransomwares, you need to update your Windows and update your Anti-Malware product and in general, you should connect to internet and check for update. Microsoft also released Customer Guidance for WannaCrypt attacks. If you are worried about WannaCrypt, you need to do three things: Update (Windows), Update (Anti-Malware), Update (Other Programs).