Microsoft to Withhold Updates from Incompatible Antivirus, WPA3 Announced, Uber's Program to Log Out Employees during Raids, and more!
Infosec News
INFORMATION SECURITY NEWS
For The Week of 1/16-1/23 2017
The Information Security News Service is a project of LARS (Laboratory for Advanced Research in Systems) in the CS Department at the University of Minnesota Duluth. We send out top stories in information security every Tuesday (except during some academic breaks). If you have stories you’d like to see featured, please email them to infosec...@d.umn.edu.
CURRENT NEWS
No Security Updates if Antivirus Programs Aren’t Compatible, Says Microsoft
Microsoft has announced that it won’t provide security updates to computers running antivirus software that isn’t compatible with their Meltdown and Spectre patches. Antivirus software has to be updated, then set a registry key indicating compatibility. Computers running incompatible antivirus will not get any future security updates, including the Meltdown and Spectre patches.
Here is a list of common antivirus programs and their status, if you want to check yours:
WPA3 Announced, Will Replace WPA2 in 2018
WPA2’s successor, WPA3, has been announced by the Wi-Fi Alliance. The alliance is a group of companies that includes Apple, Microsoft, and Qualcomm. WPA3 offers four main improvements over WPA2. First, WPA3 promises to “deliver robust protections even when users choose passwords that fall short of typical complexity recommendations”. It seems like this will come in the form of preventing dictionary/brute force attacks. It also will improve the process of connecting a device with limited or no display interface to the network (it’s unclear how this will actually work, though). Third, it will use individualized data encryption to improve security in open networks. And finally, it will add 192-bit security to satisfy certain government agencies which require a higher level of security. WPA3 should start getting rolled out in new devices in 2018.
https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-security-enhancements
https://www.guidingtech.com/wpa3-vs-wpa2/
Uber’s “Ripley” Program Would Log Out Employees During Police Raids
To prevent police from gathering evidence, Uber has remotely logged employees out of their computers during more than 20 police raids all over the world. On-site managers page a specific number, which alerts employees in the company’s headquarters. Everything at that office is then remotely logged off. Uber claims the system is used “to protect corporate and consumer data”, and that they “cooperate with all valid searches and requests for data”. However, they are walking a fine line between data protection and obstruction of justice.
https://9to5mac.com/2018/01/11/uber-ripley-police-raids/
A Python-based Monero Mining Botnet
A python-based botnet that mines Monero has made over $60,000 so far. Stopping the botnet poses some interesting challenges. Most notably, it doesn’t actually download any executables. Instead, it downloads python code, which is then executed by trusted system binaries (the built-in python interpreter). Also, it uses pastebin for command and control. This is a tactic to make it harder to blacklist their cnc server, because pastebin isn’t something that can just be blacklisted.