Posts

Showing posts from 2013

CryptoLocker Malware

CryptoLocker is a ransomware malware virus that is downloaded via email phishing scams. The emails seem to be coming from phony businesses, as well as fake UPS and FedEx tracking notices. It has also been documented that some victims saw the malware appear following after a previous infection from one or several botnets frequently leveraged in the cyber-criminal underground.

The malware tagets Windows 8, Windows 7, Vista, and XP operating systems.

The malware is capable of locating share drives and other mapped network drives, which allows it to replicate across the network and infect other hosts on the network. It then proceeds to encrypt the victim's files using asymmetric encryption, and demands payment before giving the private decryption key to the victim. Some people have reported that even when they paid the ransom, they did not receive the private key from the hackers.

The easiest way to get rid of the virus is to reformat and hope that there is a back from before the mal…

TCP/IP Guide by Charles Kozierok

Image
I just bought this book the other day. It is a comprehensive reference for almost all things TCP/IP. I will probably be posting some of the things I come across in this book that I think are useful or that I think would be helpful for others to know about as well.



I will also give my final thoughts on this book after I finish reading and studying its contents. I'm sure that this book will definitely be going into my library of reference materials.

Amazon and Playstation Come Together

Image
Amazon Playstation Network Store is set to launch or PSVita, PS3, and of course the much anticipated (at least for me) Playstation 4. It is said that this new addition will give gamers a choice as to where they can download content. In the past, users were subject to downloading content from Playstation Network, which meant that the listing price for a game was what they had to pay. Although, it has not been said whether or not Amazon will have their own pricing model or simply use the same price points used by Sony, users will have an option to chose where they want to by their games from, which intern, could lower pricing in both online stores.

I feel that this will be a good addition to the Playstation user experience. It makes them feel like they have a choice even if they the prices for downloadable content are exactly the same in both marketplaces. Will this be a good thing? I guess we will just have to wait and see how the community reacts to the new addition.

Twitter: @Th3Mat…

Ps4 and Nintindo on the XBOX ONE

This seems pretty interesting. Being able to play your Playstation 4 on your Xbox One might be pretty cool. I wonder how how well this has been tested and if the other companies have been brought into this conversation. What about the games that are suppose to be perpratary to each console? I guess we will have to see how it will play out when the two consoles hit the market during the holiday season. 
Read the article here: http://www.forbes.com/sites/erikkain/2013/11/09/you-can-play-your-ps4-through-your-xbox-one/

COD Ghost Gameplay With Hutch

COD Ghost ...



Here is a piece of Call of Duty Ghost gameplay from Hutch. He goes nuts with the gunship and talks about Loki and why it really isn't worth the cod points need to unlock it.

Twitter: @Th3MattWilson

Latest Windows Zero-Day Exploit

Image
It is believed that this exploit is the handy work of an India based hacker group who were also thought to be responsible for the 'Operation Hangover' exploits earlier this year. This news was released in a security alert by Microsoft earlier this weeks. They said that the there was a vulnerability in the TIFF image-format parsing component was being exploited in attacks aimed at targets located in the Middle East and South Asia.



Emails with subject lines like "Illegal Authorization for Funds Transfer" or "Problem with Credit September 26th 2013" were the medium being used by the hackers. They attached malicious Word documents, which seemed to use multiple XML objects to "spray the heap memory," which is a old technique used more than a decade ago, used to find sections in the memory that the malicious code can use for its exploit.

Continue reading at: computerworld.com 

Twitter: @Th3MattWilson

Phishing in Brazil

Image
There is an interesting phishing scheme floating around Brazil with a theme relating to Internet banking. When the user clicks on the attachment it is opened using Microsoft Word. In the document is an image of a banking receipt along with a message asking the user to double-click on the image if they wish to see a larger version. When the user double clicks the image they are asked if they would like to open a .cpl file, which, if accepted, will download a malware that is designed to seek out the users banking credentials if they exist anywhere on the machine.



Continue reading at: http://www.scmagazine.com//sneaky-phishing-scam-in-brazil-may-hit-us-shores/article/319867/

Twitter: @Th3MattWilson

Salting Hashed Passwords to Mitigate Brute Force Attacks

Image
Password and account protection as a whole should be a must in the day-to-day actions of the top web sites today, aka LinkedIn, Facebook, Adobe, and many others.

The link at the end of this post links to an article, which touches a bit on the need for salting hashed passwords to help prevent brute force attacks and others mischief that hackers tend to get into. I also agree that it is not just up to the site administrators to protect the data that is stored about their users, but it is also up to the users to protect their own data and they should consider their data to be vulnerable at all times, which means they should take necessary action to protect their content to the best of their ability.

While of the topic of password strength and security, it is a good idea for users to change their passwords on a regular basis. A good rule of thumb is to change account passwords every six months or so. However, if the users does not want to change their passwords as often they create a mor…

NIST Under Question

It seems that NIST has been under scrutiny as of late regarding its standards on cryptography due to the fact the NSA appears to have made themselves a backdoor into NIST...

Read more at ARS Technicat: http://arstechnica.com/security/2013/11/to-restore-credibility-nist-will-audit-its-standards-development-process/

Twitter: @Th3MattWilson

Tweet Tweet!

Image
Twitter Upping Security Measures

According to SCMagazine, Twitter has plans to start encrypting its direct messaging services due to the ever increasing reach of the NSA, and, not to mention, the recent news of the NSA tapping into Google and Yahoo's data centers. I wonder if the NSA really secretly broke into their data centers, or did Google and Yahoo simple allow them to have access? Regardless, it is good to see that Twitter is make steps toward securing their services. I hope that others begin to start taking actions to up their information security measures. I'm talking to you Adobe!


Source: http://www.scmagazine.com/twitter-plans-to-encrypt-its-direct-messaging-service/article/319146/

Twitter: @Th3MattWilson

What a Sweet Monitor

ASUS PA279Q Review



Linus from LinusTechTips does another great job on this review. You can tell that he does a lot of great research on the products that he reviews, giving the viewer a really good overview of the product.

I've been searching around for a new monitor and this one may actually take the top spot. The resolution is pretty awesome 2560 x 1440, and the colors look very vibrant and beautiful. The only downside to this great monitor is the price. It comes in at around $800 bucks depending on where you buy it from.

Check out LinusTechTips YouTube channel for more great product reviews.

My Twitter: @Th3MattWilson

Pretty Sweet Gaming PC from the Guys at Tested

Image
The guys from the YouTube channel Tested build a gaming PC with a Nvidia GeForce GTX Titan graphics card, absolutely ridiculous. This GPU is amazing! Although, it will set you back around $2,500.00 bucks for the entire build, and that's not including the peripherals, such as the mouse, keyboard, monitor(s) etceteras.


I really enjoyed watching these guys talk about the build. They gave good reasons for why they chose the parts that they did, and they gave some good alternatives if you do not want to shell out the money to build the crazy rig.

If you want to see this full video for this build, follow this link: http://www.youtube.com/watch?v=6XnU8MPjp1Y

Adobe Breach Has More Victims Than Previously Thought

Initially it was thought that the Adobe breach,which was reported a few weeks ago, only affected 2.9 million users. As of yesterday, October 29th, Adobe says that the usernames and passwords of 38 million active accounts were stolen by the hackers. As you can see this is a significant increase from the previously reported amount of affected users. Adobe says that they were able to contact all people affected by the hack and have had them reset their account passwords.

The hackers were also able to get source code belonging to a few of the Adobe applications. Some of these applications include Adobe Acrobat, Reader, and ColdFusion.

This is a pretty big breach, one of the largest in resent years. Hopefully Adobe will up their security practices to better protect their user base in the future.

Read at fierceitsecurity.com: Adobe ups breach estimate from 2.9M to 38M affected users

Twitter: @Th3MattWilson

Sony's Game Sharing

Image
The rules for sharing games on the PS4 platform are sounding a bit complicated. Although, sharing the physical game is still just as simple as lending the disc to a friend. Sharing downloaded content is going to be a little more confusing at best.

Sony says that its users will be able to download content to as many consoles as they so desire, but only two instances of that game will be able to be played at the same time, one game being played on the primary console and the second copy of the game on a secondary console. One caveat to this is that the primary user must be logged into both consoles for the games to be played concurrently.

Being a person that has download a few games just to play by myself, I really do not see much issue in what Sony is proposing. I generally only download single player games, but I can see where this might come into play a bit more when multiplayer comes into play.

For more on this article, visit TheVerge.com
More on Sony's game sharing regulations:…

Free Speech in Video Game Critics Being Threatened

In this video the YouTuber TotalBiscuit discusses how some video game developers are abusing their rights to revoke video commentaries and critics of their games, even when they have been contacted through all of the right channels and have agreed to allow the YouTubers to make video commentaries on their games.

TotalBiscuit is right when he says that the right to free speech and the right to critic are being threatened. Everyone should be allowed to give their view/opinion on a product, even if the reviewer gives a bad review of a product, they should be entitled to their opinion. If you ask me, the video game companies should be glad that their games are being reviewed. They should take what is said about their game and either fix the problems or choose to ignore them, but they should not punish the YouTube channel holders.






Follow TotalBiscuit's YouTub Channel

My Twitter: @Th3MattWilson

Warface ...

The video above is a commentary form Hutch on the FPS called Warface. This First Person Shooter looks pretty sweet for a free-to-play game. I think I'm going to check it out and see what it's all about. Just from looking at some of the videos, it looks a little Call of Duty/ Battle Field esk. I will do a review and let everyone know what I think about Warface.

Play Warface Here: http://www.warface.com
Follow Hutch's YouTube Channel 

My Twitter: @Th3MattWilson

The New iPadAir and iPad mini (retina)

Image
The new iPads are getting a little bit of a face lift along wih some changes to the guts. 
The iPad Mini (retina) is getting upgraded to a retina display, as the name would suggest and it is getting the new A7 processor chip along with the M7 motion sensor chip. These upgrades are definitely a step up from the first generation mini and would be enough for me to definite make the decision to buy, even if the cost has gone up by $70 for the 16g model. 
The iPad Air has been redesigned to look like it's smaller counter part. It is also getting the new A7 and M7 chips as well. Along with being only 7.5mm thin and weighing in at 1 pound. I think this new look will be a good one for the iPad. I was really hoping that Apple would make an iPad with a smaller bezel while still keeping the same screen size. 
I think I would rather go with the iPad mini retina over the new iPad Air just because I like the smaller form factor and the fact that it will have exactly the same processors that the n…

IT Retreat - USG Rock Eagle 2013

I really enjoyed the sessions that I was able to attend at this years USG Rock Eagle!

I was able to learn a little bit more about database security from the guys at Oracle. They brought a really great concept to the table in have a firewall specifically dedicated to the database. From what I was able to gather, this firewall would be able to monitor not only who was accessing the database but also it what way they where querying the database. If someone was able to steal a database administrators credentials then start making queries, which we're taking huge amounts of data, the firewall would be able to flag that traffic then alert IT Security immediately. Pretty cool stuff!

The last session I went to was probably the one that I enjoyed the most. Christopher Workman from UGA went through the process they took to install a Security Information and Event Management System (SIEM) solution on their network and some of the things they could have done differently, as well as, what to c…

BenQ XL2420TE 144Hz Gaming LCD Unboxing & Review (+playlist)

Check out this review by LinusTechTips:

This BenQ monitor is an absolute beast for gaming because of the insane refresh rates and it actually has a pretty good color pallet...



Looks like a pretty good monitor to consider if you are in the market for a good gaming display.

Rock Eagle 2013

Hanging out at the 2013 USG Rock Eagle Information Technolgy event.

Teenage Researcher Develops First Malware for Mobile Firefox OS

A seventeen year old kid, who happens to also be an independent researcher, was able to create malware that is able to infect Mozilla's Mobile Firefox OS.

Read More: http://www.scmagazine.com/teenage-researcher-develops-first-malware-for-mobile-firefox-os/article/317129/

Sacramento State Hacking

From SC Magazine

It seems that there were some individuals up to no good, hacking into one of Sacramento State's servers. I read from SC Magazine that the hackers were able to steal social security numbers and license numbers from close to 2,000 staff members, and the only thing that the University was willing to do was to open an investigation and notify the individuals affected by the break in. Fortunately, non of the people affected have reported any identity theft.

Source: "Sacramento State Server Hack Affects Nearly  2,00 Employees." Rev. of Sacramento State Employees Just Being Notified About August Security Breach by Adam Greenberg. Web log post. The Data Breach Blog. SC Magazine, 17 Oct. 2013. Web. 22 Oct. 2013. http://www.scmagazine.com/sacramento-state-server-hack-affects-nearly-2000-employees/article/316690/

How Network Address Translation Works

I thought this video did a pretty good high-level explanation for Network Address Translation (NAT) and how it works.

Common Port Numbers

If you have ever been frustrated because you cannot remember what port TACACS(49) runs on or you are just curious about which protocols run on which ports. Then the following link is for you. The author of this pdf did a pretty good job listing out most of the common ports and the protocols that run on those ports. He even went so far as to color code specific ports to signify which ones were used for gaming, chat, encryption, malicious content and a few others.

Source: http://packetlife.net/media/library/23/common-ports.pdf

GNU Linux Bible

The GNU Linux Bible has been completely restructured with updates, complete with exercises, which allows the book to become a better learning tool for the individual just being introduced to Linux. The book also places is mainly about using command line and command line tools, and the great thing about it is that it can be used with all distributions and versions of the Linux OS. I think I'm going to enjoy using this book because I'm starting to delve into the Linux server admin realm.

If you are interested in downloading this reference the following link will take you to debianadmin.com: http://www.debianadmin.com/linux-bible-pdf-guide.html

The WAN Show: Steam Controller Showcase, GPU Wars, and GUEST Totalbiscui...

These guys are actually kind of cool and entertaining. I'm liking how they cover a wide variety of topics, and I like how they like Linux for mobile OS. What was Fox News thinking with the giant 55'' touch screens. I would have to agree that the bigger picture does not make they experience any better.



I usually don't really care to much about longer videos, but depending on the content of they video, I will tend to sit around.

Keep up the good work guys.

Malware Analysis

If you want to become more familiar with Malware analysis or you are just curious and would like to learn more, checkout this article from novainfosec.com. It contains slides explaining and showing you how to set up a Malware analysis lab yourself using VMware or virtual box. I thought it was pretty interesting myself.

Link to site: https://www.novainfosec.com/2013/10/19/malware-analysis-slides-from-bsidesdc/

iMessage Not So Secure

It appears that Apple's iMessage is not as secure as they claim it to be. The encryption key infrastructure is controlled and held by Apple, which means they have the ability to change any public key they wish, giving them the ability view messages ...

Read more: http://thehackernews.com/2013/10/unbreakable-apples-imessage-encryption.html?m=1

HTC One Max

So the HTC One Max is trying to integrate a finger print scanner, but they put it on the back of the phone just below the camera lens. I'm not so sure this was the best placement for a fingerprint scanner. Especially sense the camera lens and the scanner are said to feel almost identical, and it seems that the device would have to be turned over just to be sure that the scan was completed properly. It would have made more sense to me if HTC would have added the scanner to the front side of the phone. Some of the features are kind of cool though, such as using each one of each finger for a separate function or app launch. 

http://mashable.com/2013/10/14/htc-one-max-is-official-fingerprint-scanner-5-9-inch-screen/

One Time Pad Cipher - Khan Acadamy

(2) Perfect Secrecy Exploration | Ancient Cryptography | Khan Academy

Check out the above link. It is about the perfect cipher. I like the explanation and analogies used to describe the complexity of the "One Time Pad" cipher.

PS4 News...

I heard yesterday that the PS4 will be giving its users the option to remove the stock HDD and replace it with a bigger one or even upgrading to an SSD (Solid State Drive). It may take some work on the users part, but it can be done. This is also the case for the PS3 as well.

Head over to this link for the full details: http://www.ign.com/articles/2013/10/18/new-photos-show-how-to-replace-the-ps4-hard-drive


About Hi Tech Talks

This blog will be posting news about the tech world, including a little bit about movies from time to time. I hope you don't mind.