Tag: Security

Posted on

Synology Vulnerability and Ransomware

In the early Sunday morning of August 3, 2014, a tweet by Mike Evangelist was linked on Hacker News.

Lovely. My @Synology NAS has been hacked by ransomware calling itself Synolocker. Not what I wanted to do today. pic.twitter.com/YJ1VLeKqfY

Mike Evangelist Tweet Synology Synolocker

I was somewhat scared by this news as some users at Synology forums reported that they were also victims of  SynoLocker which is a CryptoLocker malware which specifically targets Synology NAS. I am managing numbers of Synology NAS for a few small offices and homes. Granted that none of them are directly connected to the Internet, but I have to make sure none of them would be hacked and crypto-locked.

Make sure your Synology NAS is running the latest DSM Operating System.

Synology Software Update

For now, disable the QuickConnect service.

Synology Disable QuickConnect

Disable all port-forwarding if your Synology DiskStation is behind a NAT Firewall. This is a definite inconvenience; better to be safe than sorry.

More importantly, back-up the content of your Synology NAS. Should anything happen, you still have your data. My colleague has a great advice on backing up:

As always, if you have data on your Synology that you consider irreplaceable, make sure that you have it backed up to. I’d recommend using the built in Amazon S3 client. It’s cheap and fairly easy to set up, and should help you in case of a disaster.

I personally also run a backup to another hard drive locally for rapid recovery.

Posted on

Apple Software Update Server Certificate Expired

UPDATE:
Apple updated the SSL Certificate for swscan.apple.com on early Sunday, May 25, 2014.

swscan.apple.com new certificate 20140525

——-

Late Saturday afternoon, a colleague told me that he was having issues getting software updates through the Mac App Store.

An error has occurred

The certificate for this server is invalid. You might be connecting to a server that is pretending to be “swscan.apple.com” which could put your confidential information at risk.

Apple-Software-Update-SSL-Error

Upon further investigation, apparently someone at Apple forgot to install new SSL Certificate for swscan.apple.com.

swscan.apple.com certificate expired

Is it possible that a small company like Apple could not afford at least one person to make sure all their security certificate up to date?

Mr Tim Cook, I am available to do the one job. How about $200,000 a year sound?

 

Posted on

eBay Asks Users to Change Passwords due to Security Breach

From eBay:

Earlier today eBay Inc. announced it is aware of unauthorized access to eBay systems that may have exposed some customer information. There is no evidence that financial data was compromised and there is no evidence that PayPal or our customers have been affected by the unauthorized access to eBay systems. We are working with law enforcement and leading security experts to aggressively investigate the matter.

As a precaution, we will be asking all eBay users (both buyers and sellers) to change their passwords later today. As a global marketplace, nothing is more important to eBay than the security and trust of our customers. We regret any inconvenience or concern that this situation may cause you.  We know our customers and partners have high expectations of us, and we are committed to ensuring a safe and secure online experience for you on any connected device.

Click here for updates and additional information.

 Also:

 

Ebay is asking its users to reset their passwords due to the unauthorized access to our corporate information network. This may result in a delay of service due to the high traffic volume. We ask for your patience and that you return to eBay soon. In the meantime, please be assured that no activity can occur on your account until your password is reset.

You may also visit Customer Service

eBay Hacked

I really think that we have become desensitized by this kind of security breach. Nevertheless, I have changed my eBay password. As a matter of fact I did not even remember what my password was; I had to request a password reset. The last time I bought anything from eBay was about 9 years ago; and it was from a verified and known seller.

Posted on

Apple Releases Security Update 2014-002 for OS X Lion, Mountain Lion and Mavericks

Apple Mac OS X Security Update 2014-002

Apple Releases Security Update 2014-002.

Security Update 2014-002 is recommended for all users and improves the security of OS X

Security Update 2014-002 also includes Safari 7.0.3.

Security Update 2014-002 Mavericks

Security Update 2014-002 is recommended for all users and improves the security of OS X. This update also includes Safari 7.0.3.

For detailed information about the security content of this update, please visit: http://support.apple.com/kb/HT1222

For information on the content of Safari 7.0.3, please visit this website:http://support.apple.com/kb/HT6195

For some reasons, Apple website is using Lion image for OS X Mavericks Security Update 2014-002. Someone is not paying attention to the detail.

 

Posted on

Windows 8.1 Update

The naming system is a bit strange, if you think about it.

Windows 8.1 Update is now available.

Windows 8.1 Update

I have just updated two computers running Windows 8.1 and I have not had the chance to see the important changes on this Update.