The FBI's Latest Warning on Connected Routers

The FBI announced on May 25th that a new, dangerous threat to cyber security could be residing on thousands of home an business based wireless routers.

"Foreign cyber actors have compromised hundreds of thousands of home and office routers and other networked devices worldwide," the FBI said in a warning released on Friday. The malware, called 'VPNFilter' can do things like scoop up users' personal data and cripple website service.

Western security authorities are warning that Russian hackers may have infected routers in an attempt to gain unauthorized access to personal and corporate information, and that consumer need to be proactive in their efforts to protect themselves. Specifically, the FBI wants all owners of routers to reboot them, which will disrupt the malware's ability to  communicate with other machines under its control. Details on how to properly reboot your router can be found here.

Research released last week from Talos Security Group, a CISCO company, suggests that potentially 500,000 routes may be infected. Cisco Talos listed the definitively affected routers as the Linksys E1200, E2500 and WRVS4400N; the Netgear DGN2200, R6400, R7000, R8000, WNR1000 and WNR2000; and the TP-Link TL-R600VPN SafeStream VPN router. MicroTik Cloud Core routers, mainly used by enterprises, may be affected if they run versions 1016, 1036 or 1072 of the MicroTik RouterOS. The research firm also found that two QNAP networked-attached-storage (NAS) drives, the TS-251 and TS-439 Pro, were also affected by VPNFilter.

The FBI wants everyone with a small business or home office (SOHO) router to reboot so they can track the communications. By seizing control of the domain the mothership, the FBI says it can track the different layers of the malware. But the folks from Talos are warning that is could just be the beginning, and even if you don't see your router make and model on their list, you should reboot anyway. "Given our observations with this threat, we assess with high confidence that this list is incomplete and other devices could be affected," Cisco Talos researchers wrote in a blog posting.

Due to the severity of the event, Talo decided to publish its finding early, even thought their research and investigation is ongoing. "Publishing early means that we don't yet have all the answers - we may not even have all the questions. We will update our findings as we continue our investigation" the blog goes on to say.

 

 

 

Is Free Public Wi-Fi Safe?

If you work remotely or travel a lot for your job, you probably take advantage of free public Wi-Fi often. Unfortunately, that probably means you’re regularly opening up your devices and your data to serious security threats. And if you’re a heavy user of cloud services, which often store your data on a remote server rather than your computer, Wi-Fi security is even more crucial.

Most people these days have password-protected networks at home, so it’s unlikely that anybody is able to snoop on your data as it passes between your device and your router. But when you’re surfing the Web via a free public Wi-Fi at a cafe, library or airport, you should be suspicious of everyone, says technology consultant Leo Notenboom of Ask-Leo.com. “It’s trivially easy for any of them to be watching your unencrypted information flying by.”

Here’s what you need to know to stay safe next time you’re surfing on a free public Wi-Fi connection.

Free Public Wi-Fi Tip No. 1: Turn on your firewall.
The cafe might use firewall software to protect your computer from outside attacks, but that doesn’t protect you from other people surfing around the same Wi-Fi network inside the cafe. Be sure your computer’s firewall is turned on.

Free Public Wi-Fi Tip No. 2: Protect your smartphone or tablet.
If your smartphone or tablet connects to Wi-Fi networks, require it to ask your permission before joining any network. A lot of people never change the default network name, so if you logged on to your friend’s “linksys” network, your device will remember that and could automatically join any network of the same name in the future -- unless you tell it to ask your permission first.

Free Public Wi-Fi Tip No. 3: Use strong encryption.

Encryption works by disguising data that your computer wirelessly sends to a router. Without it, that person sitting near you at the cafe could use special software to intercept and see all the data that travels back and forth between your device and the router. And that means everything: emails, passwords and things you search for. That’s why it’s imperative, says Notenboom, to use encrypted sites when possible.

How do you know when a site offers encryption? Instead of “http” at the beginning of the address, you’ll see “https.” You’ll also see a little padlock icon in your browser window, usually on the bottom right.

What else should you consider encrypting?

  • Your email. If you use a locally installed email program such as Outlook or Entourage, you can protect your mail and passwords by using something called SSL (secure sockets layer) on each of your accounts. This encrypts all your data when you send and receive email. Not all email providers allow the use of SSL, though, so check your provider’s help page.
  • Your Facebook and Twitter pages. Facebook and Twitter recently began offering encrypted sessions; just go into your account settings and find the option that says “Always use https.”
  • Your Google search. If you think the keywords you’re searching could be embarrassing or you prefer to keep your privacy, try the secure version of Google search. Instead of going to Google.com, do all of your searching at Encrypted.Google.com.
  • Everything. Consider a VPN service. VPN stands for virtual private network and encrypts everything you send and receive. You can download free mobile VPN software from such a site as Hotspot Shield and everything -- instant messages, passwords, emails and websites -- will be virtually impenetrable to prying eyes whenever you’re using a free public Wi-Fi connection. Or if your employer offers its own VPN, always connect to it through your computer or mobile device.

“That guy in the corner of Starbucks with his laptop -- do you trust him with your private data?” asks Notenboom. Follow these Wi-Fi safety tips, and you won’t ever have to ever wonder.

Keep Your Data Safe When Telecommuting

Thanks to the Web, more and more people are working remotely -- from home or anywhere. But not commuting anymore doesn't mean you don't have the same security issues that your corporate-office counterparts do. Here's how to protect your data, devices and computer without an IT department:

1. Back up your data in the cloud.
It’s easy to lose all your work: One computer virus or hard-disk-drive meltdown, and your important files may vanish forever. That’s why, when working from home, backup is crucial. Instead of depending on bulky hardware, try the many cloud services on the Web. They back up new content every night while you sleep, keeping your files safe and allowing you access from any computer at any time.

"Backup used to be cost-prohibitive," says Phil Montero, founder and CEO of an online resource called You Can Work From Anywhere. But these days, many online services charge as little as $50 per year, depending on your needs. Mozy even offers certain amounts of backup for free. If you’re only backing up documents, Google Docs is another good bet.

2. Protect your computer and critical files.
If your employer issues you a PC or laptop to use at home, they'll often install security software or a Web-based security service to block viruses or bar hackers. But if you are self-employed, the burden of protecting your computer and data from the increasing array of online security threats falls squarely on your shoulders.

When choosing a cloud-based security service, be sure it protects your computer with antivirus, spyware and firewall programs. It should also constantly updates to protect you against evolving threats.

You should also limit your family members’ access to your work computer. "You have to be sure that the really critical stuff isn't made accessible to someone who shouldn't have access to it," says Jack M. Nilles, founder of JALA International, a global telecommuting consulting company. "That includes the kids getting on your computer and downloading something [harmful]."

Finally, keep passwords and ID numbers private so they don’t fall into the wrong hands.

3. Seamlessly collaborate with others.
Whether you work on your home computer once a week or full time, if you need to share files with colleagues, synchronization tools can help ensure you (or your team) are working on the correct or latest version of a document. The “old” way to do this was to copy the files from your home computer onto an external hard drive, CD or thumb drive and install them on your work computer. But this process sets you up for accidentally writing over the most recent files -- and what if this external backup device you were depending on is destroyed or lost?

Cloud services enable you to sync automatically to ensure speedy backups. Or try Microsoft’s FolderShare, which allows you to synchronize files with colleagues over the Web.

There's no doubt to the benefits of Web to the home office worker. That said, you want to be smart about security issues. To really cover your bases, in addition to backing up and securing your data, Niles also says it's important to get a clear protocol from your company or clients: "We recommend that telecommuters working for a company have a formal agreement specifically stating who is responsible for what." This way, you can always fall back on the agreed-upon security plan for your best-quality work away from your IT department.