Windows AND Mac System Security News 04-12-2012

For OSX users:
Apple just released Java for OS X 2012-003, an update to the Java implementation in OS X. The update removes “the most common variants of the Flashback malware.” Check that out here. You should definitely update your Java NOW!

For Windows users.
It’s even scarier again. Trend Micro has found some scary ass Ransomware.

You can and SHOULD read the scary details here.

From TrendMicro’s blog, here is some of the details.

“We have encountered a ransomware unlike other variants that we have seen previously. A typical ransomware encrypts files or restricts user access to the infected system. However, we found that this particular variant infects the Master Boot Record (MBR), preventing the operating system from loading. Based on our analysis, this malware copies the original MBR and overwrites it with its own malicious code. Right after performing this routine, it automatically restarts the system for the infection take effect. When the system restarts, the ransomware displays the following message:

This message prompt informs affected users that the PC is now blocked and that they should pay 920 hryvnia (UAH) via QIWI to a purse number (12 digits) – 380682699268. Once paid,they will receive a code that will unlock the system. This code will supposedly resume operating system to load and remove the infection. This particular variant has the “unlock code” in its body. When the unlock code is used, the MBR routine is removed.

Bottom line PLEASE keep your security software, Operating Systems and Browsers (including and especially browser plug-ins like Java, Flash etc.) up to date and patched.

Peace.

Mac Fanboys and Girls let the terror start

UPDATE:

There is now a simple tool you can use to check to see if you are infected by this Trojan. So far they are finding more and more people with it!

The tool is called, appropriately enough, the FlashbackChecker tool. You can get that here. Download and run it and see if you are in the clear.

Note that FlashbackChecker can’t actually remove the Trojan, it can only detect it. So, if you or a family member does find it on their machine, you’ll have to go back and run those original terminal commands (from F-Secure’s site) to determine exactly what you need to remove.

—-

Mac Trojan is infecting LOADS of people!! OK now the terror starts for you fanboys (and girls). My last article told you of this Mac Trojan. Now it’s apparently infected at least 600,000 users so far (read here) and it’s terrifying everyone! It’s written in an unknown language, doesn’t even need your password to compromise you! Please read and take precautions.

It’s written in an unknown language, and doesn’t even need your password to compromise you, and.

For instructions on how to check for and how to remove it you can AND SHOULD go here. This is F-Secure’s site.

NO system that is connected to a network is EVER safe. It can only be made more secure. Don’t ever think you Operating System is your security; it’s not – YOU ARE!

Be safe out there people!

[side note: I wonder how many calls I’ll get about this and how to repair the damage? The compromised system I can fix – your emptied bank account I cannot. Just saying.]

New Flashback Trojan Infecting Macs NOW

A new Mac Trojan that can now infect your computer from little more than a visit to a website AND requires NO PASSWORD TO INSTALL is making it’s rounds and promises some scary things!

The exploit was patched in February for MS Windows systems, however Apple has yet to release one for OSX.
Read more about it here.

F-Secure has a method for checking for and removing the infection here.

So once again folks please do not be naive and think you are immune to attack simply because your Operating System is not MS Windows.

Be safe out there.

Cleanup or Refresh an iDevice and Properly Restore it.

I’ve recently had a few people who had some problems with their iPhones and asked for some help. They were all of a sudden unable to receive calls and texts reliably or at all and or were notified they were running out of space. All were instructed by Apple and/or their carrier (in all three cases it was AT&T but could easily have been others) that they needed to reset their phone to factory settings. Problem is that without properly backing up the device(s), settings, applications and files everything is wiped!

Fortunately it’s pretty easy to back up iDevices and reset them to factory settings then restore the user files and settings such as contacts, call logs and messages. However as I’ve mentioned before Media such as images/videos and other media can sometimes be wiped and lost.

iPhones also have this problem of ‘filling up’ with pictures and videos. The only way to get them off is to manually delete them individually from the phone – a real pain in the anus.

So back to my favorite iDevice backup tool – DiskAid. It has it’s own backup tool that can ‘override’ iTunes backup and works real well. I use it often but some people would rather just use DiskAid to ‘remove’ data from their phone and do their backups in iTunes. So I’ll show that here to show the steps I took.

Get DiskAid and install it on your PC or Mac. And please read my previous post in iDevice backups.

First I used DiskAid to copy all photos and data – Diskaid has the ability to actually ‘SEE’ your data and remove pictures, movies and other items taking up space on your phone.

clip_image002

clip_image004

This copied off the images and movies to the PC.

Then I deleted a whole bunch of images and movies that were still on the phone to free up loads of space.

clip_image006

clip_image008

Cleared up to

clip_image010

The ran the iTunes Backup too.

1. Connect your iOS device to a computer with the latest version of iTunes installed

2. Select your iOS device in iTunes under Devices

3. Right-click (or Control-click) the device and select Back Up

The full iTunes backup can take a while be patient!

clip_image012

Also make sure you ‘Transfer you purchased items to iTunes:

right-click (Windows or Mac) or Control-click (Mac only) your device in the iTunes Source list, then choose Transfer Purchases from the shortcut menu that appears.

clip_image014

Then right-click after that is finished and run the ‘Sync “iPhone” one last time for good measure.

Now to ‘clear and restore’ the device.

Click on the ‘Restore’ radio button and choose the last backup you just created. You will be prompted:

clip_image016

If you have completely backed up, transferred files and synced all should be OK.

clip_image018

clip_image020

clip_image022

clip_image024

clip_image026

When the restore process has completed, the device restarts and displays the Apple logo while starting up:
clip_image028

After a restore, the iOS device displays the “Connect to iTunes” screen. Keep your device connected until the “Connect to iTunes” screen goes away or you see “iPhone is activated.”
clip_image030clip_image032

Then to restore information from a backup connect your iOS device to the computer with which you normally sync then in iTunes:

Right-click (or Control-click) the device and choose Restore from Backup

Remember some of these steps can take some time – be patient!!

Your device should run much more smoothly after this.

Well hope this helps some. Peace out.

Jailbreak for iOS 5.01 now available

UPDATE #2:

Here is an easy peasy walkthough and video on the iPhone 4s/iPad 2 jailbreak.

They walk through the entire simple process.

I could not imaging owning an iDevice that wasn’t jailbroken. But that is just me. If after doing some research and reading you are fine just doing only what you are told you can do with the device YOU own(Apple’s way or no way) than please keep your device as it is. If you are also terrified of making changes to anything technical then DON”T do anything.

If on the other hand you would like to install applications not available in the iTunes App market, change your phones themes and settings to YOUR liking and have loads more functionality available to you (functioinality actually supported by the Operating System (iOS 5) and hardware). Then I’d recommend the jailbreak.

Please remember to completely back up you device prior to doing anything! Read my other post here for that.

UPDATE
Well that didn’t take long.
The Windows version of ‘Absinthe’ the iOS 5.01 Jailbreak tool from Greenpois0n is now available. The tool works on the iPhone 4S running iOS 5.0 and 5.0.1 and the iPad 2 running iOS 5.0.1. You can read a little more here, or go strait to the download(s):

The New Windows version

The OSX version

[Remember to fully back up your device before using any of these tools. It is very rare that with the great expertise of these developers that anything will go wrong, but as always better to have a backup and not need it than to need it and not have it! Backup backup backup. If you are wondering how read some of my previous posts!]

More detailed news and details from Greenpois0n here.

Looks like the Jailbreak for iOS 5.01 – the operating system on the iPhone 4S and iPad2 is Here now!! The tool is OS X only for now. But a Windows and Linux version are on their way very shortly. The tool works on the iPhone 4S running iOS 5.0 and 5.0.1 and the iPad 2 running iOS 5.0.1. But not any new Beta releases (most of you wouldn’t have that anyways!).

You can read about it here.

A better How-To is here [note the part about the VPN connection at the end!]

What exactly is jailbreaking? Jailbreaking is a hack, or exploit, that brings added functions and features that were not imagined by Apple or restricted. Under recent revisions to the Digital Millennium Copyright Act last summer, the process has been legalized in the U.S. on smartphones and tablets.

Jailbreaking allows you to install apps through Cydia (which is, cleverly, Latin for a kind of worm that eats away at apples), which automatically gets installed when you jailbreak your iPhone. Cydia app store is really where all the real action is when you jailbreak. The simplest way to describe it is to call it an app store for jailbroken devices. Like Apple’s App Store, you will find some free and some paid programs.

Some questions often asked:
Q. Does jailbreaking affect the iCloud Backup?
A. No, it’s still a legit iphone tied to a legit icloud account.

Q. What happens if I DO update from the wireless update?
A. Your jailbreak will go bye bye and you’ll have to wait for them to update absinthe to re-do it. [We’re talking about carier Over The Air updates here.]

About the ‘Bricking your device’ warnings many may read or hear: Without some very heavy-handed screwing up, you will not brick an iOS device. If something screws up along the way, chances are it will just be indefinitely detected as being “in restore mode” and you’ll be prompted to restore your phone through iTunes. The only way you could really brick one of these devices is by flashing the device to the point where iTunes won’t even recognize the device as an iOS device. You would have to try really hard to make that happen.

And if you want any more reasons than those I’ve given previously in my blog posts why you might want to Jailbreak you iPhoneiDevice you can check here.

Backups, system failures and peace of mind

Another week in the trenches. I had a primary server at our organization have a major failure. The SAS controller (which provides access to SAS type HDDs) died OR the motherboard to the server itself has an issue. Either way without another ‘like’ system that I can put the SAS card into to see if the issues is just the card or the motherboard I cannot access my drives – and they too may be very corrupted. The only machine I have capable of putting the card into is in production. And the cost of a replacement Dell Perc5i SAS card is nearly $200.00 US and could take days to get here. Plus I needed to have this system back up and running very quickly – the server in question runs all or our company financial, shipping and reporting software applications!

Since I have all my ‘data’ backed up to a server drive every night I was secure in the knowledge that we at least had the financial databases and ‘files’ available. But how to get a system back into production? Disk Imaging to the rescue!! I had a fairly recent full system image, created with my favorite backup software – Acronis, available. Yay! Just need a place to restore it to.

Since my organization now has a VMware ESXi/vSphere SAN and cluster running I was easily able to create/import a new ‘Virtual Machine’ from the Acronis disk image very quickly and then just copy over the backed up data files from the night/early morning before. WORKED LIKE A CHARM! If I’d had an available server (Hardware wise) I could also have restored that image to it too.

I’m telling this to you to remind you – I believe in Images(Clones) for my backups, alone with periodic ‘file backups’. That way I’m protected against full drive failures/loses AND stupidity – accidentally erasing or overwriting files. :)
[Imaging or cloning is the procedure by which you create a backup that is identical to a bootable system either to another internal or external drive. This is the ultimate backup! Should your drive fail you can just ‘pop in’ your cloned drive or ‘restore’ that clone to a new drive and your are up and running.]

If you are not regularly creating full image backups you WILL be sorry! I have written numerous articles about cloning and back up.

PLEASE read here if you any kind of concern for you data.

For Mac images and cloning go here.

So of course this weekend I created two new images on separate drives for my home system(s). I can’t tell you the peace of mind you will get from knowing that the worst that could happen to your system is that you might lose a couple of days or a weeks worth of information. If your drive gets corrupted or fails or you get trashed by some virus, you could be back up and running within a very short period of time! No re-installing your Operating System and programs and ‘trying’ to find you data files. Just restore the image and BAM, you up!

What prompted me to start on this rant is that Apple has finally acknowledged it is having some major issues with some of the hard drives in some of their newer systems they have been selling. Looks like some of the drives just ‘fail’. OUCH! You can read about that here.

And although you can have your drive replaced – YOU WILL LOSE YOUR DATA! The Apple folk and/or kids the the ‘Genius’ bar will NOT re-install your system software or clone your drive for you!! Unless you have an image to restore you will have to re-install you System and applications. And unless you had at least some kind of backup to another drive (Time Machine type) your data (read pictures and music!) will be gone!

So folks, backup, backup and then backup again.

The cost of a couple of extra external drives and a little program setup is minuscule to the cost of losing you ‘digital life’. Right now Acronis has a special – only $29.00 US for their home product!! With Apple’s you can even get a way with out purchasing any software!

Be safe, be secure and gain some peace of mind.

Get your Cloud Data down to your machine

Here are some ways to get your ‘cloud data’ backed up locally.

I know most people look to the ‘cloud’ for their secondary backups (if they even have a primary one) but few people ponder what will happen if their information is lost or compromised in the cloud or the terms of service of the provider that holds that information changes to your detriment.

I am going to provide some information on how to get your data out of your web email, Facebook and some other services.

One thing I see quite often is that people cannot access their online/web mail service at an important time to find information or they lose or have deleted the information they need and have no way of retrieving it.

So let’s start with web mail services. Today most people have very important information stored in their email; from plane reservations, business communications all the way to payment receipts. So in my opinion this is the first and most important place to start.

Get your mail downloaded locally.
For GMail. [My personal favorite!]:
Before you do anything, you’ll need to enable POP3 and/or IMAP in Gmail, which will let you access your accounts on the desktop. To do this, head into Gmail’s Settings and go to the Forwarding and POP/IMAP tab. Scroll down to the IMAP section and enable IMAP. Then save your changes, and open up your desktop email client of choice to set it up using the following instructions.

I use Outlook 2007/2010.

If you don’t have Outlook you can also use Thunderbird (an open source application by the Mozilla folks)

There are also a number of other mail applications you can use to get your information – Apple Mail, Thunderbird, Outlook Express, LiveMail etc..

I like using the POP3 connections over IMAP for most of my connections.
POP mail service has been available MANY times when IMAP has NOT – for my Gmail, Hotmail and Yahoo. If the ‘webmail’ is not available online because of a service interruption then IMAP will most certainly too. This is not usually the case with POP. HOWEVER there is a big caveat with POP – you must make sure in the advanced settings or your mail client that you choose "to leave a copy of the message on the server"!!

But IMAP does have its advantages too.
So pick what will provide you with the most features you feel you will need – I suspect that would be IMAP probably be best for most people.

To set up POP with Gmail look here,  and find your client and follow the steps.
For IMAP go here.  and find your client or device on the list and follow the instructions.

If you’d like to read further about the differences between IMAP and POP you can read this here.

For Yahoo mail it is a little harder if you live in the U.S..
Yahoo wants you upgrade to a "Mail Plus" paid account to get POP and IMAP access directly. But you don’t have to! The best option is to use an application called YPOPs. I’ve used it in the past to get my Yahoo mail connected to Thunderbird and Outlook with out any issues.

If you have Window Live Mail or Apple Mail the client itself downloads your Hotmail/.Live or MacMail/MobileMe data to your machine by default. BUT remember this is an IMAP connection so if you delete something from you Live Mail client on the desktop it will be deleted on the server!

One important thin that may people miss is to get their CONTACT data out/backed-up from their mail clients. Something I also feel is very important.
For virtually all web mail clients that is as simple as going to the ‘Contact’ section and finding and choosing the ‘Export’ option. Those can then be exported into a format that virtually any Email client can import.
That should get you going with your mail.

Now to Picasa.
Simplest way is to install the latest version Mac or PC and then simply go up to the menu and use File ==> Import from Picasa Web Albums ==> Select All.
And Flickr
You can use Flickr’s Flash based web app here  just click on the ‘start now’ and follow the instructions.
Or you can use the open source application Downloadr . Downloadr is a photo downloader for Microsoft Windows. It provides a simple interface to download large sized images from Flickr to your computer.

Now to Facebook.
If you have Yahoo you can easily download/copy all of your contact out. You can follow this tutorial here.  One tip is that I would suggest setting up a ‘temporary’ Yahoo alias with NO contacts in it so that you do not end up with duplicates or mismatched merges. Then export those and import them into any application you choose.

Also Facebook now allows you to actually export YOUR data to a file! Following this VERY well written walk-through right here. I’ve done it and it works great! You may have to wait a while before you receive your ‘confirmation email’ and link but you will be able to get your stuff.

Finally there is an open source application Called MyCube Vault. MyCube Vault Backs Up Your Facebook and Google Data Regularly
Once installed, the app requires you to authorize it to each of the services you want to back up. From there you can tell the service where to store your backups and how often to save your data. If you’re concerned about downtime or just wary of keeping your data in the cloud, it’s worth a look.

I checked it out and it works well.
Windows version here

Mac version here

Well that is a long winded post and I hope some people will put it to use. Like backing up your local data don’t be the person who loses precious information because you were too lazy or couldn’t be bothered to learn something new.

Peace.

Apple Security news end of June 2011

Apple has released Mac OS X v10.6.8 and Security Update 2011-004 addressing a total of 39 vulnerabilities in OS X 10.5.x and 10.6.x.

Many are critical errors which could allow an attacker to take control of the system!

Please use the System Update. You can read the notice here:

And get the direct download here:

As usual I would remind you to also make sure you also update your Web Browser(s) and plug ins – ESPECIALLY Adobe Flash and Adobe Acrobat!

Virtualization 101 – Getting started

It’s no secret I like Virtualization technologies a lot. I have written several other articles on some of my tips and tricks mostly involving creating Virtual Machines of OS X. You can read some of those here, here, here or simply just search my blog.

For those who support multiple operating systems or simply have a desire to learn about them, Virtualization is a fantastic way to just that. Virtualization, in computing, is the creation of a virtual (rather than actual) version of something, such as a hardware platform, operating system, a storage device or network resources. Here is a good description tailored to the IT professional or CEO http://youtu.be/MnNX13yBzAU but you can get a good grasp of the concepts.

At my organization I have installed and manage a VMware ESXi clustered installation on a SAN (Storage Area Network) with hardware and software that starts in the six figures. This is obviously way out of reach of the home user or enthusiast. But Virtualization can be inexpensive and or downright free for the taking. Microsoft, VMware and Virtual Box all have freeware solutions!

For this article I am going to concentrate on the hardware required and the simplest to use application for the novice or even intermediate user – VirtualBox a freeware application by Oracle. So on to the hardware:

Virtualization product or solution such as VMWare Workstation (and the ‘industrial ESXi), VirtualBox and Windows Virtual PC often require Hardware Assisted Virtualization (HAV) CPU feature in order to function properly as it allows a virtual machine hypervisor to run an unmodified operating system without incurring significant emulation performance penalties. The largest chip makers, Intel and AMD implement hardware assisted virtualization in their processors as Intel VT (VT-x) and AMD-V respectively. However, not all modern CPU has hardware-assisted virtualization capability built-in though; you will want to make sure. The VT capability in the processor on the computer is built onto the tiny piece of chip, and cannot be added or removed using any manual process. And even if the CPU features VT, it must be enabled in BIOS.

Most newer CPUs include VT operation by default. However, some older or even current processors available for purchase for DIY or operating on OEM computers may not support VT. When there is no VT support, Virtual Machine Technologies based on VT may fail to install or cannot be powered up and started.

If you are going to create or use virtual machines you should verify, check, determine or get to know whether his or her PC computer supports hardware-assisted virtualization. There are a few software utilities you can use to quickly determine whether there is hardware virtualization system on the system CPU. One is name named SecurAble which is able to display hardware virtualization support status as Yes, No, Locked On and Locked Off. The other is Microsoft’s HAV Detection tool.

SecurAble Detects CPU Processor Security Features (Bit Length, DEP and Virtualization)

Most users who buy computer are just paying notice to the speed (how fast) and size of RAM memory (how big) of the PC. In fact, most modern CPU microprocessors have great lots of features and capabilities other than constantly higher clock rate. With the evolving of software development, some of these features are now required. With SecurAble, user can easily check and determine if the system is x86 or x64 architecture, support hardware DEP and/or hardware virtualization.
SecurAble probes the system’s processor, determine the presence, absence and operational status and displays the status of the three most significant security-related processor features:

  • 64-bit instruction extensions
  • Hardware support for detecting and preventing the execution of code in program data areas
  • Hardware support for system resource “virtualization”

clip_image001

All these features are deemed to be security-important by developer of SecurAble, GRC. 64-bit capable CPUs have the ability to run the 64-bit versions of Microsoft’s substantially more secure Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7 operating systems, which has the operating system kernel locked down. Hardware-enforced DEP can stop exploitation of buffer overflow attacks, while virtualization technology (VT) can be used to create fully contained environments that can be used to insulate the real hosting operating system from any actions taken by software running within the “virtual” environment.

SecurAble is free to use, and no installation require.

I use SecurAble the most for checking for Hardware-Assisted Virtualization.

Download SecurAble.

http://www.grc.com/securable.htm

Microsoft has also released a application tool that able to detect status of Hardware-Assisted Virtualization (HAV) support on the computer system’s CPU microprocessor. Aptly named as Hardware-Assisted Virtualization Detection Tool or simply as HAV Detection Tool, the utility can detect and check if the computer meets the processor requirements to run Windows Virtual PC, i.e. hardware-assisted virtualization.

clip_image002

Download HAV Detection Tool: havdetectiontool.exe

Using HAV Detection Tool is easy, just run the executable, and the results of whether hardware virtualization support is existed on the system or not (together with ability to install Windows Virtual PC) will be displayed on result dialog. It’s standalone program, thus no installation or un-installation required

So after you’ve determined you can run virtual machines with HAV you’ll want to try some VM’s out.

As I mentioned for home use I’ve found Virtual Box to be the easiest to use and configure. You can get it here and get the ‘Extension Pack’ here. Install the application first (get the right one for you platform – Windows, Mac, Linux) Then install the Extension pack; it will install automatically IF you’ve already installed the base application first.

Once installed you are ready to start working with just about any operating system you want to within your current system!

Here is a fantastic walk through of how to simply create a VM from a downloaded Linux installation disk (ISO)

This method can be used for installing Windows VMs too! If you have a Windows installation CD/DVD and you wish to install it as a VM you can. [For OS X you will have to follow some of the very specific tutorials I have put together – Apple does not like you to install OS X on non Apple hardware]

VirtualBox.org has a very detailed description and walkthroughs too, you can find that here.

The easiest way to get started with VirtualBox is to import an already made image/appliance. Virtualbox.org has many already made Linux installations you can get them here. And with a little diligent searching you can find LOADS of them.

I hope this helps some to get started and have a better understanding of these technologies. More knowledge and experience can only be good.

Here is an image of some of the VM’s on one of my home machines in Virtual box.

clip_image004

As I noted if you are interested in OS X VMs you can go here and read the second half on using Virtual Box. Here are two walkthroughs from other tech sites worth checking out too.

http://thetechjournal.com/electronics/computer/steps-to-install-mac-os-x-snow-leopard-in-virtualbox-on-windows-7.xhtml

and here: http://www.sysprobs.com/mac-os-guest-virtualbox-326-snow-leopard-1064-windows-7-32-bit