3 million Let’s Encrypt certificates to be cancelled

Let's Encrypt CAA flaw

Let’s Encrypt revoked certificates

Let’s Encrypt has announced that it is to revoke aroound 3 million TLS/SSL certificates because of a serious flaw found in the CAA (Certificate Authority Authorization). The certificates will be revokend on the 4th March 2020 from 00:00 UTC. Read More

WordPress Flaw found in Social Media plugin

Simple Social Buttons plugin flaw found that can take over your site.

 

URGENT – If you use the plugin ‘Simple Social Buttons’ in your WordPress installation, you should immediately update it to the latest version as there has been a serious flaw found in it that could allow an attacker to take over the site. The flaw, which was discovered last week by security researcher and developer Luka Šikić, has been discovered and a video showing how to use it to break in to WordPress websites has been released.

The flaw has been fixed by the developer and a patch released. So if you haven’t already then you should update now.

The flaw can only be leveraged in sites that allow user sign-up, which most sites have disabled due to security reasons. Never the less you should update before they figure out how to exploit the flaw without user sign-up requirements.

Any of our customers who have website maintenance contracts will have already been updated to the latest security patch. If you are not sure then you should contact your web development team and/or your host to see if they can help.

If you are really stuck then we may be able to help, please submit a support ticket with your website URL and contact information. Do NOT post your username and password in the ticket we will contact you separately for the information if needed.

If you use the Simple Social Buttons plugin for WordPress then make sure you update your site to correct the security flaw immediately.

Stay Safe

CritchCorp Computers Ltd.

 

Your email account has been hacked, emails

Many of our users have seen this type of email in their spam filters, most don’t actually get through to your account, although the odd one might. That is all the spammers, who are usually organised crime syndicates, need and rely on.

A full version of the email is at the bottom of this post.

What are these emails and why do some of them have my password in them?

These emails raise many questions and I will try to answer most of them here.

It is of course possible for what they say in the email to be true, but in most cases it is not. There have been many hacked websites over the years and there are now plenty of lists of people’s usernames and passwords, that have been compiled from these hacked websites. There are now two or three main lists that have been compiled and in turn these in to one list of over 500,000,000 usernames and passwords. Security researchers use this list to determine things like frequency of passwords, your chosen password is probably not as unique as you think it is; monkey, password, 123456, abc123 were the top password for many years and although recent research shows that they have moved about, they are still in the top 15.

The bad guys use these username and password lists to try to gain access to your accounts on other wesites and even your email account. Now some bright spark has decided to take your username and password combination where your username is your email address and send an email to you, firstly showing your password to you and secondly faking the sending address, which is trivialy to do, and then tells you that they know something about you that you don’t want revealed to others. This is a typical phishing scam in that they don’t have any access to your email (that is not say that they don’t but they tend to use other scams that are more profitable when they actually have access to your email). Read More

New Spoof RansomWare

New Malware has been found that is cross platform, so it works on Windows, Apple and Linux systems. It can also get in to web servers and deletes any MySQL, Mongo, Maria and Couch databases it can find causing websites and software to not work, then displays a ransom note asking for money to be paid. Once paid you would think they would give you back the data, but not this time. This is Spoof Ransomware and as it deleted the tables and did not encrypt them, therefore it cannot give them back to you. At the time of writing this there are 46 known cases of people who paid up an average of $125, totalling around $6000 but not one of them has received their data back, funding this probable organised crime gang (in China), with no hope of getting their data back. Furthermore, once it is on the server it can then start to infect other computers through the browser with a version that will work on your system and once in to your computer it will do a variety of things, from deleting data and asking for money, to installing a botnet (on Linux machines) and mining crypto currencies, stealing your computer resources such as CPU time, Memory and hard drive space, making your computer run as slow as possible.

Watch out for more information on this as new comes out, we only heard about this particular malware called Xbash.

How to protect yourself

To protect your computer systems and networks be sure you have your computer fully patched and running some antivirus software and firewall; on Windows PCs you should be able run the free built-in antivirus software and most PCs will have a built-in firewall which with it updated should be enough. The biggest issue is getting your firewall to not accept incoming connections for services on a server or PC that you don’t need to have. By default some servers have all ports for all services open to everyone, such as MySQL. If you don’t really need it to be open then close it and where possible if you need it to be open, then tie it down to as few connection locations as possible.

Get some antivirus software for your server and for your site. In most environments each website is in its own virtual space and so having some effective security protection for each site is important. Something like SiteLock Security, available here, is a good starting point.

All of our hosting accounts now come with a FREE copy of SiteLock Lite to help mitigates against these types of attack. If you already have a website hosted with us then you can claim you FREE copy of SiteLock Lite as well and we will even help you to install and set it up as we believe that this is critical to protecting your website, your visitors and your reputation. Please submit a support ticket if you would like some help with this.

 

Google Forces Sites to use SSL Certificates

***Notice to all Website owners***

That’s right, as of July 2018 Google Chrome will start reporting non-SSL sites (that is sites that don’t use https:// for access) as insecure. This is a major change from the current norm which is to highlight sites that use SSL certificates with a green SECURE next to the address and other browsers who use a green padlock. They will from July this year not show the green SECURE but they will show a NOT SECURE next to any site that does not have an SSL certificate. Making the norm to have an SSL certificate. That is going to be followed in the future by a warning screen that informs users that continuing to your site is not recommended. Though the warning wall is not being implemented right away it is planned for the future.

Google's July update, what it looks like

What the browser will report before and after July for sites that do not have an SSL certificate.

The new move forces website owners to have an SSL certificate and make their site secure, even if it is not required, or risk losing visitors that are scared away.

There are several different types of SSL certificate and the higher (more expensive) ones will still show the green bar in the address bar, but the norm will be to have one of the cheaper ones and if you don’t have any or it expires, the company backing the SSL cert (Cert provider not the retailer) goes out of business or has their master certificate rejected then you will be faced with a blocking screen when trying to get to your site which will prevent users from going there, with warnings that your site is insecure and should not be visited. This is obviously not good for business.

Google have also hinted that sites that use SSL certificates currently get a boost in the Google rankings over those who do not.

At CritchCorp Computers Ltd we have a quick and easy way for you to comply with this new Google rule for all our shared hosting customers you can purchase a fully managed SSL certificate from your yesDomains account or submit a support ticket here to get the ball rolling. It is quite an in-depth process but we will take care of it for you, with as little interaction as possible required by you. Please go here to get started.

The industry is working towards lowering the cost of SSL certificates to nothing and automating the install and renewal process, but that is still in development so for the time being you will need to purchase an SSL certificate in the normal way. If you want the users browser to light up in green then you need to select the Extended Validation (EV) certificate otherwise the cheaper normal one will suffice to prevent you being labelled as NOT SECURE. We have monthly or annual billing options to spread the cost but all certificates are annual commitments.

We use Comodo, DigiCert, Symantec, Thwarte, GeoTrust and Trustwave certificates  that are strong providers in this field and highly unlikely to go out of business or have their master certificates rejected. This provides you with stability and reassurance that your certificate will not become invalid before it expires as does happen from time to time with smaller SSL providers.

If you want to read the Google blog entry about this; with their advertising spin on it then click here. What this does do is add further costs to businesses. Whilst we absolutely agree that any site that accepts payments or collects user data should be secure, there are still many sites that do not and so forcing them to have this does seem unfair to us, but that is what the mighty Google has decided and so it shall unfortunately be.

There has been some discussion about the colour of the NOT SECURE. The current SECURE label is green and it is understood that the new NOT SECURE is going to be Red, although some discussions at Google say it will be more neutral, which ever it is it isn’t good for business.

Keep safe

CritchCorp Computers Ltd

Update to the new Ransomware

For the original post see: http://www.cc-computers.biz/Blog/?p=241

In the original post I talked about the new ransomware that it taking hold all over the world. It has even hit a police station in America that had to pay the “fee” to get back their data.

The latest version of this virus now takes advantage of all the help that has been available on line to “improve their product”. Now if you thought that you could get your data back through shadow copies (Also known as previous versions), think again. The virus now encrypts those too.

Here is what it does now, which is the same as before but better.

Currently the infection vector is through email as an attachment; usually a zip file or pdf that is actually an exe file but as most people have the “Hide extension of known file types” ticked on you would not normally see it. You will see filename.pdf when the actual filename is filename.pdf.exe. I expect that this will change or be improved on as well with links in email and other file types, etc.

When you open this file it infects your computer and immediately contacts a server from a list of around 1000 possible domain names generated through an algorithm. When it finds a live server it exchanges details with it and starts the encryption process. At this point it doesn’t let you know that you have been infected and is not picked up by most antivirus software. The first version would finish its work without interruption of antivirus software.

It encrypts all user content that it can find on your PC, mapped network drives and any shares that it can find on the network and file sharing programs data such as box.net and drop box. It also encrypts any shadow copies and backups that it can get to. When it has finished its work it pops up a message to tell you what it has done, it even gives you a list of the files that it has encrypted so that you can verify that they are your files. It then gives you a countdown timer starting around 72 hours. You have this amount of time to pay the fee and get your files back. Now where the old version used to just delete the key if you didn’t pay up in time the new version will give you a discount for paying within the time frame. Currently it is 1/2 bit coin (which is now about £500). If you fail to pay in time then it goes up to 10 bit coin (About £5000). This “service” is available for an extended amount of time.

In short get yourself protected and keep offline backups and redundant copies.

CritchCorp Computers Ltd.

 

New ransomware takes hold

New ransomware has been taking hold of businesses and households around the world. Be very careful with the email attachments that you open, although this is probably only the first wave; they will find other ways to get to you.

What’s new about this virus then? This virus; actually it is a malware strain named ransomware, named that for a very good reason, is an example of modern encryption done right. They have created a perfect system that can encrypt your data using public key technology that cannot be cracked!!

How does it work? Well, at the moment you get an email about something that is relevant to you (that’s how they trick you in to opening the attachment, or clicking the link). Once the software is running, it quickly establishes a connection to its command and control server, where it generates a random encryption key specifically for your system. This type of encryption is particularly cleaver as the key that encrypts it cannot be used to decrypt it without the other part that is held on the command and control server (it never gets sent to your computer, so there is no record of it for you to find). it then searches your computer and network, any backup drives you have access to, in fact, any resource that contains user created or user data and encrypts them all! Any evidence of the key locally is then destroyed and a page pops up to inform the user that they have been robbed! It can show you a list of the files you once had so that you can verify the threat is real and then gives you the ultimatum of pay $300 or 300 of your local currency or lose your data, you have 72 hours to make your mind up. After 72 hours have passed the only key that could decrypt your data, which is on the command and control server, is deleted, permanently!

If you do not have any backups of your data and you need it, then you have no choice but to pay up, and thousands of people and businesses have done so. They have also been very cleaver with the payment method as they cannot be tracked through the payment either. When law enforcement find the servers and take them offline, the only people hurt are the people who now cannot get their data back. The ad guys have their command and control servers moving around and are not needed for the payment loop; they just create and hold the keys to your data.

The other point on this is that they seems to have written the encryption part exceptionally well, not so good is the decryption side of the program with reports that not all and in some cases none of the data is returned and there is nothing you can do to get it back.

Be careful and watch this space as it will only get worse!!

A New Domain Name Scam

Domain names are big business, well if you hold a lot of them or the right ones they can be. We charge £2.99/year (plus VAT) for a co.uk domain name. I have seen people or companies that charge over £50/year for these same domain names. Unscrupulous or just business? I would say that it is just business. A company can charge what they like for a domain name, there is no real limit on it and the customer is free to choose where they purchase them from. We love domain names but we do not charge the Earth for them. People are able to choose whether or not they want to pay prices as high as that or pay our prices. I have not really looked in to many of these companies that charge a high premium beyond the information on their website and it appears to me that they do not really want more customers, they are happy with what they have and that’s that.

There of course, have been some domain name companies that try to scam people either out of their domain name or just to win the business. Whichever it is I do not agree with underhand tactics to get business. People come to us because we are honest and open and we do an excellent job, not because we conned them in to moving to us.

The one that most people have probably seen the most is a company, that I will not name but they have been conning people for years now and more recently have been trying to clean up their act to appear more professional. They send out postal letter and emails to the registrant (owner of the domain name) and in the beginning they said that if they did not pay this extortionate rate their domain name would be lost forever. Anyone dumb enough to fall for it could have fallen in to many problems, as they were effectively transferring their domain name to another company and their website, emails and everything else could easily have stopped working and been lost. On top of the fact that they have paid a lot more for the domain name renewal than was necessary.

Always know who you have registered your domain name with and check with them first before renewing anything with a third party. This particular company have been forced by trading standards, I believe, to clean up their act. They still send out ridiculous emails and letters to try to steal customers from other companies, in my opinion, by deception. Their latest one stating that if you do not take their offer of SEO and domain name then no-one will be able to find your website. I will not go in to the technically details of this but to anyone with any technical ability they know this is not true, but it must be fooling some unwitting domain name holders or they would stop.

Another long running scam is the Asia domain name company that tells you that someone is trying to register a domain name that is similar to yours and they are going to give you first refusal of the domain name. A scam as well that has forced thousands of people to buy domain names that they do not need or want.

The latest email to go to domain name owners is one that is intended to scare you though showing you a whole lot of technical information about your domain name. All of it is probably true but means nothing in the context. From what I can see their whole point of sending you a large font email telling you that your whois information has been updated (which is a lie) is to get you to purchase other domains from them. I have not been any further and I have only just seen this one going round so I am sure that we will see what devastation it causes in the coming weeks and months.

If you own a domain name make sure you know the basic information of who it is registered with and when it is due for renewal. Even if you have technical people to look after things like that for you, make sure you have basic information (read: http://www.cc-computers.biz/Blog/?p=228 to make sure you don’t lose your domain name)

Be vigilant with emails and letters that come in the post telling you that you need to do something, check with the right people first.

Support Team

CritchCorp Computers Ltd.

Prices correct at date of publish.