Wednesday, September 16, 2015

A true Life Saver

Hi Anything Cyber community,

With Apple's keynote last week announcing multiple new products for Apple fanboys like myself to lust, I'd like to discuss one overlooked iOS feature that many might not know about or take for granted. That feature is called Medical ID. It's found in the Health app which is the one with the heart and white background that the controlling Apple will not let you delete. The Medical ID allows the owner of an iPhone to display information such as age, medical conditions, medications, and 1 or more emergency contacts. The emergency contact option allows the first responder to call the contact directly from the iPhone. This feature has multiple use cases. For example, if you have a chronic illness which leads to fainting in a public place, a first responder can access your Medical ID on the lock screen and know exactly what might have caused you to faint and who to contact. Another use case involves those unfortunate times when you leave your iPhone behind at a meeting, bathroom, etc.

Earlier this year I presented Cyber threats and best practices in front of an audience of business executives. After the event, a left behind iPhone 6 was discovered. Since I had knowledge of Medical ID, I tried to access the feature on the lost phone so that we could contact the owner. Unfortunately, the owner had not set up their Medical ID so we had no way to know who owned the phone.

Although security concerns are valid, you can include as much or as little information to match your comfort zone. I feel the benefits outweigh the security risks especially in the case of a life or death situation.

I'm making it a mission to tell all the iPhone owners I know about the Medical ID feature. I'd put the same challenge out to you as well.

Jimmie Walker

Monday, August 31, 2015

Account for IoT

Hi Anything Cyber following,

I'd like to discuss a topic that I just can't seem to avoid, Internet of Things. Today I saw an advertisement for IoT transportation. Not only are we equipping our fridges to be Internet connected with an increased risk of being hacked, we're also hooking vehicles weighing tons to IoT devices not knowing or in many cases caring if security is maintained on an ongoing basis.

Believe me, black hat hackers out there are studying the vulnerabilities of IoT devices even if IoT manufacturers are not. Hackers will make use of found vulnerabilities to own the IoT device and in turn compromise connected devices of even more value. Before you or your company acquire that next 'got to have' IoT device, inquire about the security measures in place and whether or not the device will be maintained for the long haul. If the manufacturer doesn't maintain it, who will and at what enormous expense?


Monday, July 27, 2015

Internet of Things Security Immaturity

Hi Anything Cyber community,
It's the end of the month and things are getting hot in the South. What better time than to discuss the immaturity of Internet of Things (IoT) security and provide an example, Jeeps getting hacked. The last few months, I've briefed local companies regarding the lack of security surrounding most IoT technologies. A few reasons for the lack of security include: hard to configure security controls; use of same encryption keys for all devices produced by a given manufacturer; and lack of security updates. Although the convenience of accessing your car via the web is very cool, hackers feel it's also cool to cause havoc. Chrysler has issued a patch to correct the zero-day vulnerability allowing Jeeps to be remotely hacked and cause dangerous safety situations for drivers.

It's a good thing that the media is covering this Jeep hacking story to bring awareness to other auto manufacturers that IoT security is just as important as IoT availability and functionality.

Jimmie Walker

Sunday, June 28, 2015

Locker ransom ware author comes clean

The author of Locker expressed his sorrow for infecting computers and released the decryption keys which can be used to decrypt files on infected computers. It is good to know that ethical hackers really do exist.

Jimmie Walker

Saturday, May 30, 2015

"Locker" ransom ware on the prowl

Hi Anything Cyber community,

Another variant of ransom ware is rearing it's destructive head. A sleeper ransom ware called "Locker" is in the wild. It works similar to CryptoWall which I discussed in an earlier post. The main difference is that Locker's ransom request is only about $20-$30 versus a starting ransom of $500 for CryptoWall. A much smaller bounty might increase the odds that victims will pay to get their files unencrypted. Another twist to locker is a warning in the ransom note that the private key used to encrypt victim files will be destroyed if attempts are made to circumvent the encryption. In other words, don't even think about reverse engineering "Locker" ransom ware or you will pay severely.

While it isn't clear of the exact infection vehicle used by "Locker" to compromise victim computers, typical vectors for ransom ware include phishing emails and malvertising.

Thursday, April 30, 2015

A password doesn't cut it for corporate social media accounts

If a password is compromised for a corporate social media presence like Facebook, LinkedIn, or Twitter, a cybercrimnal can spread spam or malware to all followers. Therefore, it's imperative to enable multi factor authentication for corporate public facing accounts. A simple compromised password is practically useless with multi factor authentication enabled.
Jimmie Walker

Tuesday, March 31, 2015


Hi Anything Cyber Community,

When malware meets advertising, malvertising is the offspring. Yes folks. Black Hat hackers have learned how to push their malware using non-traditional means, advertisements on web sites. What's really scary about this attack vector is that a victim can be infected without even clicking on the link. Just by mousing over the ad can cause infection.

Ramsom ware such as CryptoWall versions 2 & 3 have adopted malvertising as an attack vector to go along with the traditional phishing email. Once CryptoWall infects a Windows-based computer, it encrypts the contents of folders such as 'My Documents' so that the computer will still function to provide the victim with a ransom note. The ransom note will describe what happen and how much the victim must pay (typically $500) to get their personal files back unencrypted.

To overcome ransom ware such as CryptoWall, it's critical to keep off-line backups of computer hard drives. Ransomware such as CryptoWall has the intelligence to detect attached external hard drives or network shared drives and encrypt those as well.

Anyone out there been hit with CryptoWall, share your experience.

Jimmie Walker