IoT’s, I don’t have any IoT’s do I?

IoT devices

IoT devices, do I have any?

Here is a newish term that has been getting brandished around the Internet for some time now. At first as a techie I may think, Institute of Technology devices, Oh, I don’t have any of these. However, I would be so wrong. So what are they and what does it stand for?

IoT’s or Internet of things devices are now all around us whether we like it or not. They are devices that require an IP address to access the network or Internet. I like to think of them as Internet on Technology.

Your mobiles and any tech wear that you have, card reader machines, cash points, smart TV’s Tablet computers and any smart home devices that you may own. Your car, security cameras, home thermostats, amoung other things, even ticket machines and some vending machines.

What does it mean?

It means that things have progressed along a road that had been predicted, but the faster broadband speeds and methods of connectivity have meant it is now a reality.

Let’s rewind a little, A few years ago we have a desktop PC and then maybe a laptop and at first they did not connect to the Internet at all. We then got dial up Internet and we all tentatively put our toes in the water that was the Internet. Well, from there speeds just got faster and faster and Mobile phones came along, then they became smart. This meant connecting to the Internet and using it as a resource to feed you constant information. This meant improving phone signal strength and so we got up to 4G with 5G on its way.

Other devices then came along and allowed us to stream content around our houses and cars, how great was all this connectivity. Well, it is amazing how far we have come in such a short time.

So what’s all the fuss about, surely this is great news?

The reason that these devices are in the news a lot today is that there are now hundreds of thousands of them, being made by well-known companies and also so not so well known but less expensive alternatives and they all connect to the Internet. Now, securing our stand alone network that had no Internet connection was easy, what you put into it was the only danger. Now that these devices are on the Internet all the time they are able to pull all sorts of data into your device and if it is connected to your network, then onto your network as well.

You would think that this was matter of the device being smart and you being able to configure all the settings and hence protecting all that is does. However, loopholes in the software on these devices, not them all, but some are causing the security world a massive headache and some of the attacks to systems that you have read about recently have been because the software on these devices is not well written and is very insecure. Hackers are catching onto the fact that the world has a massive amount of these types of devices and there are more switched on each day and they are targeting their weaknesses.

So really the question is, “When is a smart device not so smart?” when it runs badly written software that has security holes that you can drive a programming bus through.

Here are a few articles to give you some more information: –

http://www.csoonline.com/article/3119765/security/hackers-found-47-new-vulnerabilities-in-23-iot-devices-at-def-con.html

http://www.darkreading.com/vulnerabilities—threats/internet-of-things-contains-average-of-25-vulnerabilities-per-device/d/d-id/1297623

What are your thoughts about this and have you bought into any of these devices and are you using them. I have to admit I have some.

So much to report on, where to start……….?

technology report

So much to report!

Hi guys, I have so much to report on that I am writing this all inclusive blog post.

So, what are the main headlines then? Well, I have had so much that here are the areas I will touch on in this blog post.

  • Nexus 5X usage and how that is going
  • Nexus 9 revival and discovery
  • Android Beta Testing Nougat 7 and the final version, on the Nexus 9
  • Update on Android Wear from last year, how is that going then?

My everyday life

I am really letting you into my everyday life, my devices that sustain and support me as I go about my daily tasks from business to personal. How I interact with them and how they perform and allow me to do what I need to do or not as the case may be…

So where to start? Well, let’s start with my mobile phone, as we all have one and it ends up being our mainstay most of the time.

LG Nexus 5X

So, to recap I have been using the Nexus 5X for the last month or so and it was to replace my older Nexus 5 that was a tremendous phone and caused me little to no problems. The main thing about the Nexus 5X is the slimmer shape and the more up to date hardware and the fact that it today as I finish this article has updated to Android N (Version 7, Nougat). It has fingerprint launching and better camera etc.

So how has that been going?

A quick update is that the battery still drains very fast and when taking photos and running Bluetooth all the time it seems to drain even faster. I am hoping this will be much improved now I have updated to Android N. Which has better battery saving than ever before. It does have the USB C connection and fast charging so as long as you can access that or a power pack that I carry a lot, then it can be back up and running quite quickly. The camera on the rear is excellent and creates great photo shots. The only problem I have had with this so far was that after about a week of having the phone, the camera refused to focus on anything and made a clicking noise when trying to focus. A tad scary as I hadn’t dropped or miss-used it. I Googled it to see if anyone else had experienced this and found that many had. A simple restart cures it. So restarted and it corrected itself and it hasn’t raised its head again since.

Strange one that. I have put a slim Spigen case on my Nexus 5X and this has great grip and acts as a bumper to protect in case of a drop or bump. But all in all loving the phone and no issues other than the camera weirdness to report.

Nexus 9 Revival and Recovery

Yes, yes, yes. I know the Nexus 9 don’t go there device and all the bad reports I had posted. Well if you remember the last report I stated that I had stuck the Beta testing of Android 7 (Nougat) on it. Well, it seemed worse and everything was just confirming my fears that this device had missed the plot a lot and really needed to be avoided. I kept running it, however, as I am persistent if nothing else, I noted that the battery was running out very fast and I constantly had to recharge it and that the processor was running hot. This intrigued me and I installed a few apps to see what the processor was doing and why it was hot etc. I found it was running at 89% to 94% most of the time. Further checking revealed that the Facebook Messenger App was responsible for my battery dying and probably the processor usage. I uninstalled it and guess what happened? Go on have guess?

The processor went to normal and was hardly running and the battery lasts up to two days unless heavy use. Thanks a lot there Facebook. That won’t be going back on anytime soon. It is important to note there that this App runs on my mobile phone and has none of the above aspects there. So I can only assume that Facebook hasn’t optimised it for Android 7 yet. Which will now be interesting as my phone has just updated?

So, the tablet was behaving a lot better, still slightly unstable with some things, but remember that I was running a Beta version of Android 7. The good news is because I was enrolled on the Beta programme I have now been fully upgraded to the finished version of Android 7. The tablet has improved again with the apps being much more stable and the tablet being more responsive. Some Android 7 features won’t work with some Apps but that is the Apps suppliers needing to get their apps updated. This will come. So I am slightly more positive and happier with my N9 than I have been for a while. Time will tell, though.

Android wear

Well, only a short update here. I am still wearing my LG G Watch that I got last year and have only needed to replace the strap as the original failed on me. Easily done though and it is performing well apart from the following: –

  • Charging when it sits on the docking station. Sometimes does not charge overnight and I find it has not been pushed in fully or has just not done it?
  • I have replaced the charging cable and repositioned the charging base to try and help and I still get the fear that it won’t charge overnight.

Other than this it is a great piece of kit and I missed it when I had no strap until my new one arrived and was fitted. It is so convenient for all sorts of apps that allow walking info and all messages coming in to be quickly reviewed. The phone can be muted from the watch and this saves taking it out my pocket in my jacket. Talking and sending a text quickly from the watch is another great feature. No, it is well worth a look and I think I will be looking at the next generation of these devices to see what they are building into them as it can only improve and get better.

Desktop PC

Thought I would just pop this in at the bottom, I still haven’t gone up to Windows 10 as there still seem to be some major issues floating around with it.

I hope that gives you a flavour of my devices and how they are developing and improving with updates and patches etc.

What are you using and how do you use them? For business, pleasure or both?

Up the Alphabet we go.

N9 review photoI thought I had finished with my last post about the Nexus 9, but I decided to sign up for the Google Beta testing of the new Android N on the N9.

So, I duly signed up and downloaded the update, with the occasional warning about it being unstable and not a finished product. Hey, I felt the N9 was running so poorly anyway that it couldn’t get any worse.

I was wrong!

I was very wrong and it can and has gotten worse. N downloaded and installed an optimised. All the standard stuff we have now become familiar with when upgrading or installing Android.

I read all the extras that were available via N and thought they would be good to try out. However my N9, (Thanks HTC for getting it so wrong with this product), had its own ideas in mind.

I had previously mentioned the various problems I was having with the N9 in my previous reviews and had suggested you give it a wide berth. My opinion is still the same.

So what has got worse?

Well, where do I start? Seriously, all looked well and the minor changes to layout were there and all seemed Ok.

Now, after using it for a few slow, very slow weeks, some apps are unstable and not happy at all and crash with an on-screen message asking if I want to close or wait.

The screen changes orientation at will and then logs out of the desktop and you have to log in again. This is so annoying when you are not even touching it and watching a video and when you log in again it has closed it down.

Battery life seems to be very poor and remember it was not good before this improvement.

I am a fan

You wouldn’t think I was a fan of Nexus devices with these posts, but I am and would have a nexus device tomorrow again. Not a N9 however and am looking at a Pixel C.

I think Google could do so much better here and have lost the plot on the N9 and the Pixel C is too heavily priced at present taking away from the ethos that was there when I bought my N7 way back. Low price and highest spec on the market. Come on Google get the focus back to the users and the loyal fan base and get Nexus range back on track and support the people who are supporting you.

So, as far as going up the alphabet, I am sure that Android N will be great when launched and I am only experiencing the bugs that will be ironed out before it does. I do operate very mobile in my business and private usage just now and feel slightly out on a limb on which device to purchase next. One that has raw Android and is cost effective.

Final Nexus 9 Post………..do not pass here!

N9 No entryI thought it was time I updated you guys on the use of my Nexus 9.

I am all for Google and their Nexus range of products, my Nexus 5 is one, if not the best phone I have used. The Nexus 7 2013 version tablet I had was excellent with superb battery life and did everything and more than I needed it to do.

However, as previously mentioned, I purchased the Nexus 9 and gave you some tasters in my previous two posts.

I have now been using it for an extended period and here is my last summary for you to look over.

Pros

Larger screen
Faster processing
Easier to type and handle and view information

Cons

Battery life is just not good, less than a few hours of constant usage and it is down by 40 percent or less. The main culprit it tells me is the screen. I have it set to automatic brightness and the slider at about a third. Not good, as my Nexus 7 lasted for two days, yes you read that correctly two days.

The Nexus 9 seems to load slowly and then the screen periodically freezes and seems to be performing some task in the background as all the hardware then freezes. Power button won’t even switch it off unless you hold it in for a prolonged period.

To summarise it, I would not recommend purchasing the Nexus 9 as it just does to live up to what it claims and as a business owner that uses it constantly for communication and work, it is just not doing what I would like in a manner that makes it a piece of hardware I can recommend…..

Google, if you are reading this you need to sharpen your game here and get a tablet out there that people will be happier with and that can take off with business users as well as the general public. A sad day for my Google and Android revolution……………

What are your thoughts?

Hands on with the Nexus 9 Tablet

N9 review photo

Nexus 9 Review

Have now been using the Nexus 9 for a few weeks now and it was to replace my Nexus 7 2013 model.
First impressions is that it is obviously larger with the 8.9 inch screen. I got the 16 GB model the same Storage I used in the Nexus 7. No issues there. Speed seems OK and it upgraded itself within a day of getting it to Marshmallow the latest version of Android.

Here are the specs for the Nexus 9

Display                                 8.9inch screen

Resolution                           2048 X 1536 pixels, 288 pixels per inch (PPI)

Storage                                16GB

Processor                            2.3 GHz

Ram                                     2 GB

Rear camera                        8-megapixel, flash – yes

Front Camera                      1.6 – megapixel

OS                                        Marshmallow

Battery Capacity                  6700mAh

Wi-Fi                                     802.11 a/b/g/n/ac

Weight                                  425g

So how does it compare with all my daily work tasks?

I use my Nexus every day for work tasks and handle all my social media feeds and emails. As well as typing up documents and accessing the cloud and Internet. I mean I REALLY use it from morning until night it is at my side and always on hand for all the various activities that I do throughout my working and leisure day.

The Nexus 7 handled all this and I never had an issue with performance and battery life. I do run a good number of apps and have multiple desktops. Which is why I find using a tablet computer so useful.
The Nexus 9 has handled all the work loading, but the main things that are different are: –

  • Battery life is less than good. It lasts less than a day, where my Nexus 7 lasted up to two days. The screen being larger seems to burn all the battery power. I have drained it down and recharged it to try and recondition the battery. It hasn’t helped. I find myself charging it during the day and every night. This is not so good and some online trawling of the net suggests that others are finding a similar thing. The upgrade to Marshmallow was supposed to help this but in fact I have noticed no improvement.
  • The screen sometimes also is sluggish and doesn’t respond. Not sure what is causing this.
    It is larger to carry but the pay-out is the better display and larger screen to display data and show clients what I want them to see.
  • It also has no QI charging, which I got into with my Nexus 7. Place it on a pad and off it goes and charges up, no fiddling with connectors anymore. Then they drop it. No fast charge either. Which I did not have with my Nexus 7 but hoped it might be a standard for Nexus devices. But seemingly not with HTC as they produced the Nexus 9 and my Nexus 7 was ASUS. Come on Google get it together.

I am going to continue using it and see how things go. If a cure or fix comes out for the battery life this would be great. So Google if you are reading this what you are up to and what can be done? Get in contact.

What about you guys?

How do you go mobile as they say and is the move to Phablet phones taking away the market for tablet computers? The sales statistics suggest that the sales of tablets has dropped due to phones becoming larger and I have met a few associates who have gotten rid of their tablet computers as their phones are large enough for them to do all they want to do.

What do you use and how is it performing?

Comment below and let us know.

The operating system with no faults can throw the first stone.

operating systemsIt has come to my attention over a longish period now, as I get fed feeds from Hacker awareness sites and technology sites about weaknesses in Operating Systems and the fact they are being attacked by hackers and general no-gooders. The sites also feed me with, If only statements. If only the Operating system did this better and If only they didn’t do this.

Can perfection be achieved?

I think the problem is Operating systems by their very nature are developing all the time and when a corporation says we are launching our new version of an Operating System what they are not telling you is that they are already developing the next one in the background as the one they are about to launch is out of date. That’s because technology and we way we use it is changing so fast even they can’t keep up. Not only that we have greater expectations of what we want it to do and each rival vendor is trying to outdo the next one without infringing copyright laws. And there the problem arises as the developments are all copyrighted and each company is suing another company for infringement and also working with them at the same time to develop where they go from here.

Chaos you may think and I think you would be right.

So perfection is very subjective, as perfection to one person is so much different for another person and because the operating systems are always emerging and developing they will never ever tick all the boxes. This used to be the case with hardware and I would tell people, when you buy a computer it will be out of date before it is out the box. This is still the case most of the time. But Operating systems are now the drivers for what we want and how we want to use technology.

Operating Systems have the upper hand

Operating systems now have the upper hand, especially in mobile, with maybe Apple still holding its loyal users to their hardware and OS. Everyone else wants a nice user experience and not a flaky one that causes them to waste time and effort performing a simple task. So Android and Apple OS have taken the market, with Windows Phones really trying last ditch efforts to catch a percentage.

Apple’s software keeps evolving and people are constantly upgrading their devices with various levels of success and Android is much the same with the phone hardware vendor playing more of a part as they are allowed to add functionality to the Android system to give you special features if you buy their phones or tablets. This is called skinning and it varies. Sometimes not much is added and everything works well, and at other times, the Android system has changed so much the phone runs slower and looks different from other Android Devices. You may hear this referred to as bloatware.

Google are still commissioning manufacturers to make a range of what are known as Nexus devices that have hardware but can only have the raw Android install with no additional skinning or tampering with. These at present are my favourite, but have unrealistically gone up in price over their last few incarnations, so we will see.

So moan if you like

So basically we like to moan and make a fuss about this not happening and for goodness sake why can’t this be better. Just remember that the operating systems we use today are so much advanced than we used to use and they are in a constant state of flux all the time. They are never stable and are out of date almost before they are launched. They will get even better, smarter and then we will complain that it is boring and it does it all for us.

Go on shout at an operating system today, you know you want to….

Big Brother is watching you and has been for a while

data capture nline

Big Brother is watching you

“‘Who controls the past’, ran the Party slogan, ‘controls the future: who controls the present controls the past.'” Part 1, Chapter 3, pg. 37

The above is all inspired by someone the other day putting up a quote about the fact they had read 1984 and couldn’t believe how bad things were back then. Which made me laugh.

George Orwell’s 1984 was a book I read at high school for my higher in English prep. I was into science fiction and that genre and this sort off ticked some of those boxes. Obviously, it was about the state watching everything that the populate did and the perceived freedom people had was really not freedom at all. Orwell based it on the communist state in 1948 and his publisher’s enforced that he change the title to 1984 to make it more sellable and not offend the communist state of Russia.

History lesson over now, I came across a comic photo of Cortana, Microsoft’s office help in Windows 10, based on their game character from their Halo franchise. She will listen to you and answer questions to help. Similar to the OK Google in Android Google NOW.

But what are these helps really doing?

In the comic photo I saw that someone was happy that Cortana was there and they could chat, until eventually they had to switch Cortana off as she was so intrusive the person’s privacy ceased to exist.

My title is that Big Brother, the state in Orwell’s book that spied on everyone, has been watching us for a long time is in fact very true. Since the Internet has been around we have been spied on and catalogued in our preferences and histories and then email allowed us to be spied on. Particularly when it went online and became web based. Our shopping habits are spied on by supermarkets and stores, again with loyalty cards, as we scan, they record. We get vouchers emailed and sent through the post that give us money of the things we buy each week and use. Isn’t it amazing how do they know?

Should we be worried and concerned?

I meet a lot of different people in my IT travels from training to techie talks with geeks like myself. They range from the extremists who are so paranoid that they don’t use a lot of the available tech and systems that are around just now, to the laid back who use everything and deal with the aftermath.

I must admit to being nearer the second type of person with some criteria on what I would and would not do. I do love the latest tech and am slightly addicted to where it is taking us.

I would suggest to you that you are kept on record on the World Wide Web at a host of locations from government bodies who use your ID and unique NI number to shops and web page stored info. (Cookies and their friends). So worrying would be a fruitless activity and probably not get you any real benefit. Paranoia is the other extreme I find and people go to amazing lengths to avoid their real data and identity getting out there. It will get out there and to be honest it already is out there, is the amazing and correct answer to that.

Precautions

Of course I am not saying forget everything and lay abandon to any security and common sense, now that would be absurd, and I do meet that category of person as well.

We really need to use the latter, common sense and be aware of what we are doing.

  • Not clicking on everything that pops up.
  • Not filling in every form of filed that is asked of us by companies.
  • Unticking boxes that want to store our info and sent us data all the time.
  • Have all updates on and installed.
  • Make sure we have the latest and up to date Anti-Virus and spyware/Malware kit on our machines.
  • AND above all use common sense.

What are your thoughts on this and what do you do? Are you paranoid or very open?

Great to hear your comments.

What do you use to browse the shops?

browser usageImagine the internet as a large series of shop windows from all over the globe. We all need a method of browsing through them, and finding and buying information or physical goods. So, what do you use as your internet browser?

For a long time, Microsoft had the market sewn up – as it built its browser, Internet Explorer, into the Windows OS – and so everyone used it without giving it much thought. If it works, then why change? Well, people did change – and they did it because they felt that IE wasn’t doing a good enough job of displaying the web to you, the customer, in an accurate and intuitive way. So various other browsers have been developed, and the majority run quite happily on the Windows platform.

I have tried various browsers over the years, mainly on my Windows based machines – and now more recently on my Android based devices – and find each browser to have its own set of positives and negatives. The picture above shows a rough breakdown of internet browsers in use at the moment, mainly for desktop machines running Windows.

So what do we look for?

So what do we look for in an Internet Browser? Are they all the same? Should we be bothered?

It is a personal decision, and you should use which ever one you feel most comfortable with, but be aware of the following areas: –

  • Rendering of web content. Some browsers display web content much faster than others, and for you the end user that saves time and frustration waiting for web pages to load.
  • Security features. Each browser claims a set of security features that allow for secure connections and more secure shopping etc. Check them out and make sure you are happy with what they are offering and how they are handling it.
  • Cookie handling. Browsers each handle cookies, which are small text based files that store some details of your path through the Internet. Most cookies are time saving and harmless, but some are Malware – and can cause popup windows etc. Check what settings each browser allows you to change to get the level of security that suit you and your business.
  • Some browsers allow you to save a list of your open tabs and create a snapshot of where you have been – this is then available when you leave your desktop machine and go mobile. Chrome for example lets me see the tabs I was looking at when I was seated at my desk – and this all leads to an easier work environment.
  • The look and feel. Again, this is a personal choice, some of it is down to the look and feel of the browser. You may find some are easier than others to use and navigate around. They all constantly update themselves, and so just as you think you have sussed the settings and where to find stuff they can change it all. But, hey, that’s computers and applications for you.

Why not let us know what browser you use, and why you use that one. Give us your experiences of browsers you have tried and why you moved on to others.

We look forward to reading your posts.

Hack in the box!

security laptopOn average 30,000 websites are hacked every day*, 200,000 new malicious programs/viruses are detected every day**.  Google recently reported that they detect 9,500 websites/day infected with malware used for drive-by download attacks, where the victim only has to browse the site to become infected, and 4,000 of these sites are legitimate company websites. Small business have been a target for cyber criminals for a few years now, because they are an easier target due to their lack of budget and expertise. Is your network as secure as it can be from hackers? Are you sure? Or are you helping cyber criminals distribute malicious programs to your customers, friends and family, even if you’re computers are just acting as a base of operations for attacking and infecting others.

* Sophos Labs Report ** Kaspersky Labs Report

It is estimated that cybercrime costs the world’s economy between $1 – 3 trillion per year.

Many businesses around the world have been struggling financially for a number of years, but sadly the underground hacking economy seems to be alive and well. In July of 2013, the FBI charged two Russians for hacking into US Financial Institutions that resulted in the theft of millions of dollars from more than 800,000 victim bank accounts. One of the hackers and several other undiscovered criminals, were also charged with the stealing and selling of at least 160 million credit and debit card numbers, resulting in losses of hundreds of millions of dollars. According to the indictment, these losses included $300 million in losses for just three of the corporate victims not to mention the immeasurable losses to the identity theft victims, due to the costs associated with stolen identities and fraudulent charges.

Underground Prices for Stolen Credentials and Hacker Services

Hacker Credentials and Services Details Price
*Visa and Master Card (US)   $4
American Express (US)   $7
Discover Card with (US)   $8
Visa and Master Card (UK, Aus & Can)   $7 -$8
American Express (UK, Aus & Can)   $12- $13
Discover Card (Aus & Can)   $12
Visa and Master Card (EU and Asia)   $15
Discover and American Express Card (EU and Asia)   $18
Credit Card with Track 1 and 2 Data (US) Track 1 and 2 Data is information which is contained in digital format on the magnetic stripe embedded in the backside of the credit card. Some payment cards store data in chips embedded on the front side. The magnetic stripe or chip holds information such as the Primary Account Number, Expiration Date, Card holder name, plus other sensitive data for authentication and authorization. $12
Credit Card with Track 1 and 2 Data (UK, Aus & Can)   $19-$20
Credit Card with Track 1 and 2 Data (EU, Asia)   $28
US Fullz Fullz is a dossier of credentials for an individual, which also include Personal Identifiable Information (PII), which can be used to commit identity theft and fraud. Fullz usually include: Full name, address, phone numbers, email addresses (with passwords), date of birth, SSN or Employee ID Number (EIN), one or more of: bank account information (account & routing numbers, account type), online banking credentials (varying degrees of completeness), or credit card information (including full track2 data and any associated PINs). $25
Fullz (UK, Australia, Canada, EU, Asia)   $30-$40
VBV(US) Verified by Visa works to confirm an online shopper’s identity in real time by requiring an additional password or other data to help ensure that no one but the cardholder can use their Visa card online. $10
VBV (UK, Aus, Can, EU, Asia)   $17-$25
DOB (US) Date of Birth $11
DOB(UK, Aus, Can, EU, Asia)   $15-$25
Bank Acct. with $70,000-$150,000 Bank account number and online credentials (username/password). Price depends on banking institution. $300 and less
Infected Computers 1,000 $20
Infected Computers 5,000 $90
Infected Computers 10,000 $160
Infected Computers 15,000 $250
Remote Access Trojan(RAT)   $50-$250
Add-On Services to RATs Includes set up of C2 Server, adding FUD to RAT, infecting victim $20-$50
Sweet Orange Exploit Kit Leasing Fees   $450 a week/$1800 a month
Hacking Website; stealing data Price depends on reputation of hacker $100-$300
DDoS Attacks Distributed Denial of Service (DDoS) Attacks– throwing so much traffic at a website, it takes it offline Per hour-$3-$5
Per Day-$90-$100
Per Week-$400-$600
Doxing When a hacker is hired to get all the information they can about a target victim, via social engineering and/or infecting them with an information-stealing trojan. $25-$100

*Note: All Credit Cards sold with CVV Codes

As always, there is no shortage of stolen credit cards, personal identities, known as Fullz, for sale. However, the hackers have come to realize that merely having a credit card number and corresponding CVV code is not always enough to meet the security protocols of some retailers. Hackers are also selling cardholders’ Date of Birth and other personal information. Having this additional information would allow a hacker to answer additional security questions or produce a fake identification, to go along with a duplicate credit card. VBV (Verified by Visa) data is also being sold.

It has been found that credit cards and personal identities for non-US residents continue to sell for more money than the credit cards and identities for US residents. An example of the pricing discovered for stolen credit cards, Track 1 and 2 Data of Credit Cards, Fullz, Date of Birth and VBVs for cardholders is listed in the table above.

Online Bank Accounts for Sale: Name Your Bank and Country Preference

Just as with stolen credit cards, there are hundreds of online banking credentials for sale. It has found that one can purchase the username and password for an online bank account with a balance between $70,000 and $150,000 for $300 and less, depending on which banking institution the account is located. Also one can specify the login information for an account within a specific bank and country.

Malware Infected Computers for Sale

There are thousands of compromised computers (bots) for sale by bot salesmen. The price per computer typically decreases when they are bought in bulk. The costs for infected computers (bots):

  • 1,000 bots = $20
  • 5,000 bots= $90
  • 10,000 bots = $160
  • 15,000 bots = $250

Infected computers in Asia tend to sell for less. It is thought that infected computers in Europe & U.S. are more valuable than those in Asia, because they have a faster and more reliable Internet connection.

Once scammers buy the malware-infected computers, they can do anything they want with the machines. They can harvest them for financial credentials, infect them with ransomware so as to extort money from their owners, or use them to form a spam botnet to send out malicious spam on behalf of other scammers. If you don’t think there is much money in the spam business think again. Research into one of the largest spam botnets, Cutwail, it is estimated that the Cutwail gang’s profit for providing spam services was approximately $1.7 million to $4.2 million over two years.

Malware and Exploit Kits for Sale

A variety of Remote Access Trojans (RATs) are for sale ranging from $50 to $250. Most of the RATs are sold with a program to make it Fully Undetectable (FUD) to anti-virus and anti-malware. However, there were some hackers who sold the FUD component for an additional $20. For those RAT buyers who want the seller to do all the work for them, eg: setting up the RAT’s Command and Control Server, configure the malware to be FUD and possibly infect the target, they could pay an additional $20 to $50.

Exploit Kits – One of the offerings the Sweet Orange Exploit Kit for lease charged between $450/week and $1800/month. Sweet Orange is certainly more expensive to lease than the once popular BlackHole Exploit kit. Before BlackHole’s supposed creator was arrested, the leasing rates for BlackHole were:

  • 3 months—$700
  • 6 months–$1,000
  • One year–$1,500

Hacker Services for Hire: DDoS Attacks, Hacking of Websites, Doxing

Hacking into a Website

The cost to hire a hacker to break into an organization’s website runs between $100 – $300. Generally the higher the fee, the more reputable the hacker. What is worth noting is that most hackers for hire will not hack into a government or military website.

Distributed Denial of Service (DDoS) Attacks

A DDoS is where 1000’s of computers, controlled by a RAT, are used to attack a website and bring it to a halt through sheer volume of traffic. Those customers wanting to purchase DDoS Attack Services could pay by the hour, day or week. Most hackers who provide the DDOS attacks guaranteed that the target website would be knocked offline.

The rates were as follows:

  • DDoS Attacks Per hour = $3-$5
  • DDoS Attacks Per Day = $90-$100
  • DDoS Attacks per Week = $400-600

Doxing

Doxing is when a hacker is hired to get all the information they can about a target victim. Their methods include searching public information sites, social media sites, as well as manipulating the victim via social engineering and infecting them with an information-stealing Trojan. There are a lot of Doxing services for sale on the hacker underground, A “Vouch” from customers is used to verify that the hacker providing the Doxing service is legitimate. Doxing services range from $25 to $100.

Name Brand Products, Get Them For Cheap

Another service being sold on the hacker underground is where hackers will sell popular products, below the retail price. The hackers will obtain a specified product for a buyer either by using a stolen credit card or by working a scam, where they contact the retailer’s customer service representative and pretend to have purchased the item from the vendor, and it was damaged. The customer service representative is convinced that the complaint is legitimate, and they send out a replacement to the scammer, who in turn sells the product below the retail price.

Summary

For the most part, it does not appear that the types of hacker services and stolen data for sell on the hacker underground have changed dramatically in the past several years. The only noticeable difference is the drop in price for online bank account credentials and the drop in price for Fullz or Personal Credentials. In 2011, hackers were selling US bank account credentials with balances of $7,000 for $300. Now, accounts with balances ranging from $70,000 to $150,000 go for $300 and less, depending on the banking institution where the account is located. In 2011, hackers were selling Fullz for anywhere from $40 to $60, depending on the victim’s country of residence. Fullz are now selling between $25 and only go up to $40, depending on the victim’s location. It is believed that the drop in prices further substantiates that there is an abundance of stolen bank account credentials and personal identities for sale. There is also no shortage of hackers willing to do just about anything, computer related, for money, and they are continually finding ways to monetize personal and business data.

Key Protective Security Steps

Companies should adopt a layered approach to security and consider implementing the following:

  • Firewalls around your network and Web applications
  • Intrusion Prevention Systems or Intrusion Detection Systems (IPS/IDS). These inspect inbound and outbound traffic for cyber threats and detect and/or block those threats
  • Host Intrusion Prevention Systems (IPS)
  • Advanced Malware Protection Solution
  • Vulnerability scanning
  • 24 hours a day x7 days a week x365 days a year log monitoring, and Web application and network scanning
  • Security Intelligence around the latest threats (people working on the latest threats in real-time, human intelligence)
  • Encrypted email
  • Educating your Employees on Computer Security. A key protective measure is to educate your employees to never click on links or attachments in emails, even if they know the sender. Employees should check with the sender prior to clicking on the email links or attachments. Client side attacks using email attachments and hyperlinks to malicious code on the web are the two major infection vectors.

The good news for SME’s is that there are some products out there that are open source and free that can cover a lot of the above. Configured correctly will help to protect the network from malicious hackers, at least make them want to bypass you and attack an easier target.

Individuals Should Implement the Following Security Steps

  • Computer users should use a computer dedicated only to doing their online banking and bill pay. That computer or virtualized desktop should not be used to send and receive emails or surf the web, since Web exploits and malicious email are two of the key malware infection vectors.
  • Avoid clicking on links or attachments within emails from untrusted sources. Even if you recognize the sender, you should confirm that the sender has sent the specific email to them before clicking on any links or attachments.
  • Reconcile your banking statements on a regular basis with online banking and/or credit card activity to identify potential anomalous transactions that may indicate account takeover.
  • Make sure your anti-virus is current and can protect against the latest exploits. Also, make sure that your anti-virus vendor has signatures for detecting the latest Trojans and that you have the most up- to-date anti-virus protections installed.
  • Do not use “trial versions” of anti-virus products as your source of protection. Trial versions of anti-virus products are good for testing products, but do not continue to use the trial version as your protection for your home or work PC. The danger is that the trial version does not receive any updates, so any new Trojan or virus that is introduced after the trial version was released will have total access to your PC.
  • Make sure you have your security protections in place. Patch management is key. It is critical that as soon as they become available you install updates for your applications and for your computer’s operating system.
  • Be cautious about installing software (especially software that is too good to be true – e.g., download accelerators, spyware removal tools), and be conscience about pop-ups from websites asking users to download/execute/or run otherwise privileged operations. Often this free software and these pop-ups have malware embedded.

Make sure your company is not an easy target for the cyber criminals by having a penetration test by a trained and experienced Certified Ethical Hacker.

Penetration testing is the process of evaluating both your physical and digital security systems and finding all areas that are insecure and that need attention. The main goal of penetration testing is not only to find security vulnerabilities, but to attempt to exploit them as well, which can decrease the chances of data loss or allowing unauthorised persons access to secured data. Common problems discovered by penetration testing include software bugs, design flaws and configuration errors. Once these have been identified, they need to be quickly repaired in order to ensure that safety isn’t compromised for longer than necessary. Testing is vital for any business, no matter how large or small, as data has become the most important currency available to organisations and hackers.

Penetration testing should be performed by an experienced tester from outside the organisation or the service provider whom has configured the solution, website, network, etc. It is all too easy to ignore or turn a blind eye to a known issue, or to have the attitude of ‘Nobody could possibly find that flaw!’ or ‘Who would want to hack us? We’re not interesting enough!’ As this involves the security of the business, no half-measures can be taken. Security breaches happen every minute of every day, and unless you have a dedicated team for penetration testing, it may be wise to consider outsourcing the procedure. Having an in-house team is ideal, but there are many businesses that find good reasons to outsource the testing and security of their information systems.

Thanks to our Guest blogger this month
Wynn Jones ECSA/LPT CEH CHFI CVE CCA MCSE
http://www.praetoriansecurity.co.uk

 

Is Virus Protection enough anymore?

virus protectionI thought I would burp a little about the recent news broadcasts detailing the attacks that have happened, as well as the ones that are about to hit in around two weeks’ time.

Let’s start with the one that already happened, the Heart bleed exploit. This affected web servers and took advantage of a flaw in a commonly used library to gather random chunks of working memory. Unfortunately these random chunks often contained people’s login details or other personal information. And so we all had to go and change our passwords for many of the web services we use, Google, Facebook, and Yahoo and so on. Wait, you haven’t done that yet? Well you better get in about it today and make it so!

The attack due in a few weeks’ time was announced on the news feeds last week, and you need to make sure that all your computers are up to date and virus protected within the next two weeks. You have been warned!

So what’s new?

Well, in actuality, nothing is new. We have been plagued with hackers, attacks, and viruses for as long as I have been in IT.  And there is even a possibly they were around before then, I am not as old as you think you know! We have long been advised to keep our computers up to date, to install virus checking software and ensure we have the latest virus definitions. Yet we still succumb to the viruses as they hit the web. Is it because we just get lazy and don’t maintain our computers? Has the computer age made us feel that the software should maintain itself? Why do we have to do anything manually?

I have repaired machines in the past, and have asked the user if they had anti-virus software. The answer was often yes, as it came with the computer. Brilliant I said have you updated it recently … a long pause … no, was the reply, doesn’t it do that itself? I then checked the machine to find that the software was on it when bought, but had never been launched and never registered. In fact, it had simply been taking up some hard drive space and doing not a lot else! Given this was roughly three or four years after purchase, I will not tell you the number of infections I found on that machine.

Which hat are they wearing?

These days you can attend college or university and do an Ethical Hacking course, and come out with a matching qualification. Now if you use this the right way (known as white hat hacking) you will become an asset to any company wanting to protect their systems. Of course, used the wrong way (black hat hacking), you can cause mayhem and leave damage in your wake.

Help me Ian; what do I need to do?

Put simply, you need to do what you have been told to do for as long as I can remember. That is: keep your computer up to date, and keep anti-virus software on it and up to date. If you are on a network, then make sure your firewalls and other barriers are up and running. Oh, and just to let you know, it could all be changing again as the mobile usage increases and the cloud becomes our storage … watch this space, but be protected.

Further info on some of this can be gained by reading our previous blog on Windows XP cover, and on Passwords security.

Take care and be safe…

Let us know your thoughts on this issue and how you are coping in the battle for safe working.