Despite the alarming subject, Facebook’s website was not hacked (to our knowledge), just a few employees. Nonetheless, this is a perfect example of how an Advanced Persistent Threat could gain access to even one of the largest websites on the planet.

Recently, several of Facebook’s engineers had been hacked using a zero-day Java attack that installed a collection of previously unseen malware. Even their antivirus software was unable to catch the attack. “It was novel” said Facebook’ Chief Security Officer, Joe Sullivan. “The fact that the machines were patched didn’t slow down the attackers.”

Facebook understands that they are under the constant threat of attackers looking to expose the personal data of their 1 billion active users. They even undergo routine drills to help prevent and mitigate any issue that might attack them.

Most home users do not have a Chief Security Officer, or a dedicated team devoted to securing our PCs. If it could happen to Facebook, it could happen to you. Please be sure to use your XVU Drive whenever you access secure content such as online banking, social media, etc.

Surf Safe!

Spanish authorities shut down a crime ring this week that used “Ransomware” to collect over $1.3 million dollars from users around the globe. “Ransomware” is a technique that uses viruses to infect your PC, and then hold your computer hostage until you pay the attacker to (hopefully) allow you access back to your files. If you don’t pay the fee, you lose access to family photos, important documents, anything you have on your computer.

Although only 3 percent of the infected users fell for the scam, the scammers netted over $1.3 million dollars last year. With this kind of payoff, you can see why scammers continue to perpetrate these attacks year after year.

Protect yourself from these attacks by diligently using your XVUDrive if you access potentially threatening sites. If you do end up getting one of these viruses, even though you still will not be able to access your old files, you will be able to use your XVUDrive to continue to connect to eh internet in order to get help from technicians.

Surf Safe everybody.

ARSTechnica recently discussed the various types of malware. The article is well done, and a great basic primer on the various types of infections that can occur, but made me think of all the ways the XVUDrive can protect you from these threats, including ways to facilitate even stronger security in coming releases.

Here’s the rundown of how the XVUDrive will protect you against these threats:

Backdoors:

“As an example, a backdoor was used to hack into RSA’s systems in 2011. This was a targeted attack… sending innocent-looking phishing e-mails to workers… (that) contained an Excel file with an embedded Adobe Flash file that installed the backdoor”

First, the use of a separate OS from your day-to-day PC’s OS prevents attacks similar to this from occurring. The attack would likely have been against the primary OS, and the XVUDrive would have remained untouched.

In the event the email was launched against the XVUDrive, and the user loaded the application two things would occur. 1. The attack would likely not have included a payload that would be effective against the XVUDrive’s hardened Linux OS. While Windows OSes have tens of thousands of viruses written for them, the number of threats for even the most insecure Linux OS is in the dozens. 2. Even if the user clicked the link, and was infected by a payload, the XVUDrive’s hardened OS would eliminate the threat immediately upon rebooting the device. Threats cannot survive reboots unless the payload is re-run on each boot.

Remote Access Trojans

“The main difference between a RAT and a traditional backdoor is that… the attacker can… issue commands to… the compromised machine.”

This is another vital piece in a hacker’s arsenal. By being able to remotely run ANY piece of software, install ANY additional virus, and fully control the user’s PC, a RAT allows for a single infection to turn into a cat-and-mouse game of the attacker installing a virus, the user cleaning the virus, then the attacker installing another virus. This can go on for months or years until the attacker’s servers are shut down or they move on to another target.

The XVUDrive is not immune to RATs, but has a built in firewall to help prevent unauthorized access, and again, very few RATs exist on any form of Linux. Also, upon reboot, any RATs would be eliminated, limiting the far reaching scope of most RATs to a single session.

Information stealers

…”keyloggers, desktop recorders, and memory scrapers, which can steal passwords, financial credentials, proprietary data, ‘or anything that the attackers can use to their advantage or monetize.’

These are the main focus of the XVUDrive. We’ve previously posted about Red October, an information stealing virus that existed on the computers of some of the world’s most secure networks for five years without detection. The XVUDrive directly prevents data theft by booting into a completely separate environment than the infected OS and it’s operations are completely inaccessible by any virus on the primary OS. By using your XVUDrive diligently, you massively restrict access to your private information.

Ransomware

“This type of malicious program essentially holds a computer hostage unless the user pays a ransom. To have access restored, the user needs to pay a ransom …or the criminal can just take the money and not bother anymore”

While the XVUDrive cannot protect your primary OS from this type of infection, which is the focus of the attack, you can use the XVUDrive to continue to use your computer even when infected by ransomware. Also, if you’re browsing sites that are commonly considered “High risk” like small blogs or even pornographic material, use your XVUDrive and keep your Primary OS safe from losing all of your family photos, documents, and applications.

In summary, your XVUDrive can help keep you safe from most of the common infections. While nothing is 100% secure, using your XVUDrive both for highly secure websites and for “high risk” websites can help prevent infection by these four most common threats.

Surf Safe!

Wow, just, wow. As we previously opined, Java has indeed already been exploited again a mere 1 day after releasing a patch to fix the last 0-day threat.

This threat can be purchased for a mere $5,000 on the internet, a paltry sum considering the amount of money people make on botnets, spamming, extortion, and the rest of the nefarious practices this security flaw could result in.

Trend Micro, a well known anti-virus vendor commented today on the flawed patch, and referenced their previous post “How to Use Java – If You Must” on safe ways to use Java when required, but not all the time.

For the vast majority of users, disabling Java would have minimal impact. For the rest of the users, we agree with Trend’s suggestions:

For users who cannot avoid using Java, there are other ways to mitigate its risks:

1. If you have Java installed because an application needs it, opt to disable Java in your browser(s)
2. Disable Java on a per-browser basis. Pick a “secondary” browser to use for sites that use Java and disable it in your preferred browser

This seems like good advise, however there is a third option. Use an XVU Drive when accessing secure sites and prevent any infection at all from affecting your browsing.

According to LifeHacker, a single command can display every file you’ve ever downloaded on your Mac (through Safari, but still…). This command even includes files you’ve long since deleted.

Unfortunately, this is not the first time Apple has had a super-secret way of seeing what sites you’ve browsed, and other private information.

While I’m sure this will be met with “who cares, I have nothing to hide!” that’s not the point. When a user clicks “Clear hostory” in their browser it should do just that. To have an alternate, hidden, location that secretly tracks you is a violation of our privacy.

Of course, our security minded (read “paranoid”) staff bandied about ways that this could be misused by an attacker and came up with plenty of good ones including that someone with remote access to find this list, and place another file in the same location as a file you downloaded, and then you might run it, thereby further infecting yourself. This is all theoretical of course, but it is a fact that the existence of personally identifiable data you’re not aware of, and cannot remove without a super secret code is a huge data mine for would-be attackers.

The XVU Drive never tracks you. In fact, in versions without persistence it couldn’t track you if it wanted to as all changes are deleted upon reboot.

Microsoft released a patch today rated “Critical” for users of IE 6,7, and 8. This is a follow up to the IE bug reported a few days ago, that has been in circulation for months, and (hopefully) finally closed today.

Microsoft’s security bulletin lists the affected software and reasons behind the patch, and below the post includes links to dozens of patches (per OS, version of IE, etc.).

Be sure you’re installing the correct version for your version of IE and your OS. The easiest way to do this is to use Windows’ Automatic update service, but if you need to you can also check them manually.

To see the version of Windows you’re running, you can follow the advise of Dave Taylor here.
To see the version of IE you’re running, follow the quick steps in this MSDN blog post.

IE has always been one of the browsers with the most security flaws in it. Try Firefox or Chrome (although neither are 100% secure), and be sure to always practice Safe Surfing with your XVU Drive.

In a moment that takes me back to superhero “crossover” comics when I was a kid, it looks like Red October, the five year long hack that’s infected government computers in the US, most of the EU countries, Russia, India, and dozens more, relied on a little program called Java to gain access to all these agencies.

This is a good example of why we recommend disabling Java until you absolutely need it, and then disabling it again once you’re finished with it. The recent Java remote execution exploit is not the first, nor is it likely to be the last, and until there is a dramatic overhaul of the service it should always be considered dangerous.

Although we believe Java to be secure for now, diligence is always required. These exploits often surface after they have already used for weeks, months, and in this case 5 years. This highlights the need to practice Safe Surfing every day with your XVU Drive so that you’re not another victim.

According to DefenseCode they are able to remotely attain root access (read FULL access) to Cisco Linksys WRT54GL routers, and possibly any Linksys router running 4.30.14 or below.

With over 70 million Linksys routers out there, and due to the extreme hazards of this exploit, we feel it’s important to let you know about it, even though very little can be done until Cisco issues a patch.

In the meantime, if you run a stock Linksys router, do not enter any sensitive communications unless you’re on an HTTPS site. This means FTP if you’re a web admin, or accessing blogs, and other sites you may have to sign in on that are not https secured.

Unfortunately, the XVU Drive will do nothing to aid in your security against this hack. We’re simply informing our customers so they’re aware and can install a patch as soon as it’s available.

Stay safe.

Although this is not a particular threat to the consumer market, ARSTechnica discusses an infection that has infected dozens of federal governments, and worse, has had infections installed for over five years.

This highlights the overall insecurity of the PC market, and why we feel so strongly about what we do here at XVU. If the national governments – with all of their highly trained IT staff and security protocols – of countries like the U.S., Russia, India, and the majority of Europe, can all not only be infected, but also have the infection undetected for over half a decade, what chance do you, I, or any average computer user stand against these “best of the best” hackers?

This is why we firmly believe in our product. Although you should have AV on your computer, it’s not enough. You should have a firewall at least on your computer, but that’s not enough. The best way to ensure that you’re not infected and transmitting your bank account information, credit card information, or sensitive information in general is to boot a completely separate operating system that has virtually no chance of infection.

We’re constantly working on new technology that will make security easier, faster, and more widely accepted. Feel free to contact us if you have any ideas on ways we can improve our product or your experience. Also, don’t forget to like our Facebook page and tell your friends so they can get protected as well. Keeping the internet safe is up to all of us.

Just as quickly as it started, Oracle has released a patch to fix the security hole that has been running rampant. You can install it from the link above or from within your Java control panel.

Just because this path has been released does not mean that Java is “safe” though. As Krebsonsecurity mentions, this is only one of a bevvy of attacks Java has been under, and not likely to be the last. Unless you *need* java for some reason (remote desktop sharing, etc.) it is recommended that you leave it disabled as we discussed in the initial post.

Although this patch prevents future infections using this particular attack, it by no means fixes any previous infections. Be sure to run your AV scanner ASAP if you haven’t already, and as always, keep yourself safe by using your XVU Drive for secure online transmissions.