Network computer monitoring

Monthly archives for May, 2017

Intel chip vulnerability lets hackers easily hijack fleets of PCs

Security researchers say exploiting the vulnerability requires little technical
expertise, and can result in a hacker taking full control of an affected PC.

A vulnerability in Intel chips that went undiscovered for almost a decade allows
hackers to remotely gain full control over affected Windows PCs without needing a
password.

The “critical”-rated bug, disclosed by Intel last week, lies in a feature of Intel’s
Active Management Technology (more commonly known as just AMT), which allows IT
administrators to remotely carry out maintenance and other tasks on entire fleets of
computers as if they were there in person, like software updates and wiping hard
drives. AMT also allows the administrator to remotely control the computer’s keyboard
and mouse, even if the PC is powered off.

To make life easier, AMT was also made available through the web browser —
accessible even when the remote PC is asleep — that’s protected by a password set by
the admin.

The problem is that a hacker can enter a blank password and still get into the web
console, according to independent technical rundowns of the flaw by two security
research labs.

Embedi researchers, credited with finding the bug, explained in a whitepaper posted
Friday that a flaw in how the default “admin” account for the web interface processes
the user’s passwords effectively lets anyone log in by entering nothing at the log-on
prompt.

“No doubt it’s just a programmer’s mistake, but here it is: keep silence when
challenged and you’re in,” said the researchers.

Tenable researchers confirmed the findings in a detailed analysis of the flaw, also
posted Friday, saying it was relatively easy to remotely exploit.

Intel’s advisory said that systems — including desktops, laptops, and servers —
dating back as early as 2010 and 2011 and running firmware 6.0 and later are affected
by the flaw.

But Embedi warned that any affected internet-facing device with open ports 16992 and
16993 are at risk. “Access to ports 16992/16993 are the only requirement to perform a
successful attack,” said the Embedi researchers.

Since the disclosure, monitors have seen a spike in probing activity on the two
affected ports.

Intel so far hasn’t said how many devices are affected.

However, a search on Shodan, the search engine for open ports and databases, shows
more than 8,500 devices are vulnerable at the time of writing, with almost 3,000 in
the US alone — but there could be thousands more devices at risk on internal
networks.

In a statement, Intel said that it’s working with its hardware partners to address
the problem, and “expect[s] computer-makers to make updates available beginning the
week of May 8 and continuing thereafter.”

So far, Dell, Fujitsu, HP, and Lenovo have all issued security advisories and
guidance on when they will roll out fixes to their customers. Consumer devices aren’t
affected by the bug.

The chipmaker has also published a discovery tool to determine if machines are
affected.

From:http://www.zdnet.com/article/intel-chip-vulnerability-lets-hackers-easily-
remotely-hijack-affected-windows-pcs/

Leaked document reveals UK plans for wider internet surveillance

The UK government is soliciting feedback from a handful of internet providers, but
isn’t consulting the tech industry or the public.

The UK government is planning to push greater surveillance powers that would force
internet providers to monitor communications in near-realtime and install backdoor
equipment to break encryption, according to a leaked document.

A draft of the proposed new surveillance powers, leaked on Thursday, is part of a
“targeted consultation” into the Investigatory Powers Act, brought into law last
year, which critics called the “most extreme surveillance law ever passed in a
democracy”.

Provisions in proposals show that the government is asking for powers to compel
internet providers to turn over the realtime communications of a person “in an
intelligible form,” including encrypted content, within one working day.

To that end, internet providers will be forced to introduce a backdoor point on their
networks to allow intelligence agencies to read anyone’s communications.

This “backdoor” capability was heavily criticized last year when it was floated as
part of the draft law’s proposal. Apple chief executive Tim Cook last year warned of
“dire consequences” if the legislation required internet providers or companies to
put backdoors into their systems. The provision would effectively prohibit companies
operating in the UK from introducing end-to-end encryption, a feature now commonplace
in many messaging apps, including Facebook Messenger, WhatsApp, and Apple’s own
messaging platform iMessage.

But it’s not clear exactly how the provision would be enforced — or if it would only
affect companies operating or based in the UK.

Similar questions arose when a committee of UK lawmakers criticized the original
Investigatory Powers Act prior to it becoming law late last year.

Jim Killock, executive director of Open Rights Group, who obtained the document, said
in an email that the proposals, if passed, would “make security products much easier
to break into, and means that companies may be obliged to lie to their customers
about the privacy and security that is applied to their communications.”

The draft document also asks for the capability to realtime intercept data on one out
of 10,000 citizens at any given time, allowing the government to wiretap over 6,500
citizens at any given time.

But the lack of transparency over the proposals has already drawn ire.

“The government doesn’t think it has any legal or moral obligation to consult anyone
outside of industry partners and the security services,” said Killock.

So far, the draft document has only been circulated among the UK government’s
technical advisory board, consisting of six telecoms giants, including O2, BT, BSkyB,
and Vodafone, as well as government agencies who would use the powers, thought to
include at least MI5 and GCHQ.

But the document was not made readily available on the government’s website, or to
partners in the tech industry, who would be directly affected by the provisions if
passed into law.

The consultation is open for the next three weeks until May 19, said Killock, during
which anyone can file a response with the Home Office.

A spokesperson for the Home Office did not respond to a request for comment at the
time of writing.

From:http://www.zdnet.com/article/leaked-document-reveals-uk-plans-for-wider-
internet-surveillance/

A database of thousands of credit cards was left exposed on the open internet

The data was exposed for at least six months — likely longer.

A US online pet store has exposed the details of more than 110,400 credit cards used
to make purchases through its website, researchers have found.

In a stunning show of poor security, the Austin, Texas-based company FuturePets.com
exposed its entire customer database, including names, postal and email addresses,
phone numbers, credit card information, and plain-text passwords.

Several customers that we reached out to confirmed some of their information when it
was provided by ZDNet, but they did not want to be named.

The database was exposed because of the company’s own insecure server and use of
“rsync,” a common protocol used for synchronizing copies of files between two
different computers, which wasn’t protected with a password.

Researchers at the Kromtech Security Research Center found the database in November.
But after numerous efforts to contact the company by phone and email, the database
was only secured this week.

It’s not clear who’s to blame for the breach. The pet store is understood to have
been developed by DataWeb Inc., which has built dozens of other similar pet-related
sites and owns PegasusCart, an ecommerce platform, used on all of DataWeb’s sites.
Kromtech researcher Bob Diachenko found that the leaked data wasn’t limited to just
FuturePets.com, but also appeared to contain several folders, including one that
shows several backup files and databases of transactions within the DataWeb network.

“They have everything in there — from ad campaigns to thousands of orders details,
with full customer payment details exposed, with IP addresses tracked down for
milliseconds,” said Diachenko, who also blogged about the discovery.

However, there’s no evidence to suggest that any PegasusCart data had been exposed.

Todd Nelson, co-founder of PegasusCart, said in an email that the owners of the site
“explained that, as of a year or so ago, their data was moved to an outside cloud
based ecommerce platform.” (At the time of writing, FuturePets.com still used
PegasusCart on its website.)

“If they were breached on their web server and any data were found, it would be very
old and likely quite useless, but they jumped into action anyway,” he said.

“They have solicited a security firm to investigate the issue and plug any hole
should one exist,” he added, but he didn’t say if the company would inform its
customers of a breach.

The upside to the story is that the exposure has stopped, but it’s not clear who else
may have accessed the data — or if that data, such as credit card information, has
been used.

Gone are the days where hackers will target en masse the larger companies, rare as
those attacks are, because of the stringent security measures and systems in place.
In other words, it’s harder than ever before to target the highest echelons of big
business.

Instead, criminals out to make a few bucks are ever increasingly targeting smaller
firms, which may not be as invested or knowledgeable in security.

According to Juniper Research, smaller companies usually have “less of a network to
keep under control” than larger organizations, but “even small data breaches are
likely to take a much larger toll on businesses with a smaller turnover.”

With a data exposure live on the internet for at least six months, there’s no telling
where the data has gone. But what’s clear is that if a security researcher found it,
it’s possible that others have, too.

From:http://www.zdnet.com/article/database-of-thousands-of-credit-cards-exposed-on-
open-internet/

System Requirements

Both OsMonitor Server and Client can work on Windows 2000, Windows XP, Windows Server 2003/2008/2012, Windows Server 2012 R2, Vista,Windows 7, Windows 8/8.1, Windows 10. Include 32 bit and 64 bit.

Customer Review

We are now using your monitoring software, OsMonitor. It is a great software, we are able to block non-business website, monitor activities of our users, website visited and even snap shots. Majority of our need is provided by your software.