Tag: Means | Page 3

The Death of “Please Enable Macros” and What it Means

February 14, 2022/in Computer Security

February 14, 2022

On the 7th of February, Microsoft announced an impending change to its ubiquitous suite of Office apps. In Microsoft’s own words: “VBA macros obtained from the internet will now be blocked by default”. The change is expected to begin rolling out in early April.

Technically speaking, VBA macros were already “blocked by default” before. Upon opening a document containing such a macro, the user would be greeted with the following prompt:

And upon clicking this single button, Macros would be enabled. Following this change, for files that originated in the internet, the user would instead see this prompt:

The “learn more” button leads to a short article where Microsoft explains to the end user that macros “are often used by people with bad intentions to distribute malware to unsuspecting victims” and “aren’t required for everyday use like reading or editing a document in Word or using Excel workbooks”. Most importantly, the article stresses, “no legitimate company will make you open an Excel file to cancel an order and you don’t need macros just to read a document in Word”.

After all these admonitions, if the user is still interested in running the offending document macros, Microsoft provides a 4-step process under a collapsible. The process involves manually saving the file to the hard drive, then digging inside the file properties and explicitly clicking a checkmark box titled “unblock”.

This decision did not come about in a vacuum. Starting in the early 2010s, macros in MS-Word documents slowly gained ground and eventually became the most popular vector of infection for the average cybercriminal peddling commodity malware. This rise in popularity was preceded by a long and unusual history: in fact, like the cure for scurvy, VBA malware had to be discovered twice – having been forgotten and become lost to history after the first time.

The first load-bearing document was a proof-of-concept created all the way back in 1994, during the stone age of POGs, Power Rangers, the Clinton Administration and dial-up internet. Up until then, it was…

Source…

What it means for your iPhone if Apple permits sideloading

February 5, 2022/in Mobile Security

On Thursday, the Senate Judiciary Committee held a session to amend and then vote on the Open App Markets Act, a bipartisan bill designed to rein in the monopoly power of smartphone app stores—mainly those run by Apple and Google. Notably, the bill would require those companies to allow users of Android and iOS devices to download apps from places other than the Google Play store and Apple App Store, a practice called sideloading.

As you might imagine, Apple and Google and the lobby groups that represent them are trying hard (and spending big) to derail the antitrust bill. The bill may be particularly galling to Apple, which likes to keep tight control of the software on its devices, citing concerns over app security and user privacy. Google, by contrast, already allows users to install apps outside of its Play store.

The Judiciary Committee voted to send the bill on to the full Senate, where leadership will now decide whether to initiate debate. The bill has solid bipartisan support and has a real chance of passage. So it’s worth asking what Apple would do if it were required to allow apps on the iPhone from other app stores or marketplaces. What new security features could Apple introduce in iOS to prevent malicious apps from making it onto iPhones?

I asked some Apple pundits and security experts after the hearing Thursday.

Apple could—and should—bring their MacOS Gatekeeper security layer to iOS.”

AltStore developer Riley Testut

“I guess they’d rely on sandboxing to isolate [malicious] apps,” says Charlie Miller, a veteran mobile security engineer who currently works for the autonomous car company Cruise. Sandboxing is a way of isolating a piece of software to prevent it from interacting with other apps or interfering with the operating system—a technique that can minimize the chances of an app doing intentional or unintentional harm.

But sandboxing is possible only after an app is already on the device. “You can install what you want, but iOS can ‘try to’ limit what it can do, i.e., it can’t read your Netflix password,” Miller said in a message. (Miller is coauthor with Dino Dai Zovi of The Mac Hacker’s Handbook.)

If the law passes, the experience of…

Source…

Cyber Security Means Not Clicking On That Link

October 5, 2021/in Internet Security

COVID changed the way we used the internet. Whether for streaming TV, buying groceries, or video-calling, many people created new online digital accounts during the pandemic. As we spend more of our lives online, it’s increasingly important to keep information safe online.

October is Cybersecurity Awareness Month, and experts are urging consumers to protect their accounts. That includes being mindful at work where ransomware attacks on companies often happen when an employee clicks on a link that they shouldn’t have.

To find out what we all need to know, Eric Douglas spoke with Bill Gardner, a white-hat hacker and a cybersecurity professor at Marshall University. He says there is a tremendous demand for people trained in the field.

Douglas: October is Cyber Security month. Where did that come from?

Cybersecurity professor and white-hat hacker, Bill Gardner.

Gardner: That was originally floated by the federal government because we need to do better with cybersecurity. Every breach we have is the worst one in history. Right? There’s things users can do to protect themselves, and that’s the whole thrust behind it.

Douglas: Let’s talk about the ever-escalating breaches for a minute. What’s going on for the average Joe? What should I know about my personal cybersecurity?

Gardner: From the top-down approach, agencies who work on this problem need to share data. And they’re not always doing it. We need to keep an eye on threat intelligence, who the bad actors are, so we can do a better job defending against them. As a person, it’s the same old adage. It really hasn’t changed a lot. Be suspicious of email when you don’t know where it’s coming from. If it sounds too good to be true, it probably is. If you get a text message from AT&T, go to the AT&T website or through the AT&T app to see if it’s legitimate or not.

If you’re expecting a package from Amazon, or through FedEx, don’t just click on links that are sent to you saying it’s been delayed. All those things are the things that hook you. We call it phishing. It hooks you into clicking on an attachment or going to a web page that’s compromised. If you look at breaches, probably 97…

Source…

What China’s Communist Party Centenary Means for India

June 30, 2021/in Internet Security

In a marked moment of political triumph for communism, the Chinese Communist Party (CCP) is on the verge of celebrating one hundred years of formation in July 2021. Founded by a handful of revolutionaries in 1921, the CCP’s long journey has been subject to critical and intense political debate, chaos, and authoritarian trajectory aimed at taking China ahead. The contemporary nationalistic fervor attached to the forthcoming celebration arrives when the geopolitical climate is exceedingly tense and not favoring China.

According to Chinese President Xi Jinping’s Boao Forum speech, the CCP’s centennial anniversary is a commemoration of how the Party “has striven forward against all odds in a relentless pursuit of happiness for the Chinese people, rejuvenation of the Chinese nation, and the common good for the world.” It signifies the year when the Party achieves its goal of a “moderately prosperous society” in a new era of Chinese domestic and foreign policy, as it begins to work towards its second goal of becoming a “great modern socialist country” in 2049. This has major implications for leading democracies across the world, and especially for China’s Asian rival power, India. What does the CCP’s one-hundredth anniversary, and the changes in Beijing’s international outlook post the centennial, mean for New Delhi?

Beijing’s highly controversial political arrests under the new Hong Kong National Security Law, its doubling down on repressive Xinjiang policies, its explicit threats to Taiwan, maritime adventurism in the South and East China Seas, wolf warrior diplomacy vis-à-vis Australia, and territorial expansionist tendencies with India have become hallmarks of the CCP’s nationalist global posturing. For too long, Western and non-Chinese analysts were convinced that China’s rise would be accompanied by political transparency and deeper integration with the global system leading to a move away from its unilateral revisionist tendencies. However, under Xi Jinping, now effectively president for life, the CCP has promoted an overtly aggressive and unambiguously expansionist approach. Under Xi, China has employed its economic might via the Belt and Road…

Source…

Tag Archive for: Means