How safe is hotel WiFi?

ublic WiFi isn't safe and, without the right protection, your personal information could become public. Unfortunately, hotel WiFi networks are no safer than other public WiFi and should be treated with the same caution. More alarmingly, recent reports have revealed that hotel WiFi networks are being targeted because of the high-value information accessible on the laptops of people travelling for work.

What is alarming about last week's massive hack of the Marriott International hotel group was that investigators suspect multiple hacking groups may have been inside Marriott's computer networks since 2014 (Reuters quoted one of the sources as saying)! This follows a recent report explaining that communal WiFi used by hotel chains is particularly vulnerable to hackers.

Public WiFi is unsecured; this means data you transmit or receive is unprotected. Anybody on the same network could spy on your information if they have the know-how.

If you do decide to use public WiFi, be careful about the types of sites you visit.

It's safest not to log in to any sites that require a password, because hackers could be using software kits to capture yours. Avoid any websites that hold any of your sensitive information, like banking sites or transactional sites on which you store credit card information.

If you must use the WiFi at your hotel, you can protect yourself by using virtual private network (VPN) software. Even if the network you're connecting to has been compromised by malware, sniffers, or some other tactic, if you use a VPN, all the attackers can see is encoded and encrypted versions of what you're doing. They can't intercept it, can't read it, and can't capture the private information you transmit.

As an alternative, when you need to bank, buy or browse securely, rather use a cellular connection. Using a local or travel SIM in your phone (as a hotspot), or a separate mobile WiFi router is much more secure. It also provides mobility, allowing you to connect on the go for essential travel services such as Google Maps, Uber, etc.

Sunscreen, caution and maybe a travel SIM or PocketWiFi = happy holidays


Satan Ransomware Variant Exploits 10 Server-Side Flaws

Windows, Linux systems vulnerable to self-propagating 'Lucky' malware, security researchers say.

A new version of ransomware that first surfaced about two years ago is garnering attention for its ability to spread via as many as ten different vulnerabilities in Windows and Linux server platforms.

"Lucky," as the new malware is called, is a variant of Satan, a data encryption tool that first became available via a ransomware-as-a-service offering in January 2017. Like Satan, Lucky also is worm-like in behavior and capable of spreading on its own with no human interaction at all.

Security vendor NSFocus spotted the variant on systems belonging to some of its financial services customers in late November, and described it as likely to cause extensive infections worldwide. The malware is capable of exploiting previously known vulnerabilities in Windows SMB, JBoss, WebLogic, Tomcat, Apache Struts 2, and Spring Data Commons.

Sangfor Tech, another security vendor, also heard from a customer in the financial sector about Lucky infecting some of their Linux production servers. In a blog post, Sangfor said its researchers found the ransomware to encrypt files and append the name '.lucky' to the encrypted files.

NSFocus identified the ten vulnerabilities that Lucky uses to propagate itself: JBoss default configuration vulnerability (CVE-2010-0738); Tomcat arbitrary file upload vulnerability (CVE-2017-12615); WebLogic arbitrary file upload vulnerability (CVE-2018-2894); WebLogic WLS component vulnerability (CVE-2017-10271); Windows SMB remote code execution vulnerability (MS17-010); Spring Data Commons remote code execution vulnerability (CVE-2018-1273); Apache Struts 2 remote code execution vulnerability (S2-045); Apache Struts 2 remote code execution vulnerability (S2-057); and Tomcat Web admin console backstage weak password brute-force flaw.

"There is a risk of extensive infections because [of the] big arsenal of vulnerabilities that [the malware] attempts to exploit," says Apostolos Giannakidis, security architect at Waratek, which also posted a blog on the threat.

All of the vulnerabilities are easy to exploit, and actual exploits are publicly available for many of them that allow attackers to compromise vulnerable systems with little to no customization required, he says. Several of the vulnerabilities used by Lucky were disclosed just a few months ago, which means that the risk of infection is big for organizations that have not yet patched their systems, Giannakidis says.

All but one of the server-side vulnerabilities that Lucky uses affect Java server apps. "The vulnerabilities that affect JBoss, Tomcat, WebLogic, Apache Struts 2, and Spring Data Commons are all remote code execution vulnerabilities that allow attackers to easily execute OS commands on any platform," he notes.

Ransomware attacks have not been quite as high-profile this year as they were in 2017, with the WannaCry and NetPetya outbreaks. But as the new Lucky variant shows, ransomware still remains a popular tool in the attacker's arsenal.

SecureWorks recently analyzed threat data from over 4,000 companies and found that low and mid-level criminals especially are maintaining a steady level of malicious activity against enterprises using ransomware and cryptomining tools. The firm found no discernable difference in ransomware activity between this year and 2017.

Ransomware Pivots to Servers

Like other self-propagating malware, Lucky attempts to spread right after it completes encrypting files on the victim system. The malware scans for specific IPs and ports on the local network and then sends its malicious payload to any systems that are discovered to be vulnerable.

Lucky is an example of how attackers have evolved ransomware tools over the past two- to three years. Instead of targeting OS vulnerabilities—such as Windows SMB protocol—on desktop and other end-user systems, attackers have pivoted to attacking servers instead, Giannakidis notes.

"Instead of targeting OS vulnerabilities their focus is now applications and services on servers," Giannakidis says. "This is also evident by the fact that the ransomware targets Linux systems, which are primarily used for servers."

One reason for the shift in attacks could be that patching server-side applications is a considerably more difficult task than patching desktops. Servers with vulnerabilities in them are likely to remain unpatched—and therefore exposed to attack—for longer periods than vulnerable end-user systems, Giannakidis notes. "According to recent studies, organizations need on average at least three to four months to patch known vulnerabilities with windows of exposure of more than one year to be very common in the enterprise world."

What to Do

NSFocus recommends using an egress firewall or similar functionality to check for suspicious port scanning activity as well as for vulnerabilities getting exploited. Security admins also should check for requests to access to a list of four specific IP addresses and domains and provided steps that organizations can follow to remove the virus from infected systems.

And upgrade to the latest versions of affected software, NSFocus says, and install patches where available.


PayPal App For Google Beaten By Bitcoin

Cash App is a mobile payment service which was developed by Square Inc. In the app, you can transfer money to others and as of February this year, the app was seeing 7 million active users using the payment method. Now, Cash App has reached an important milestone and is one step closer to Bitcoin adoption after it has become the most popular in the finance category on the United States Google Play Store, officially ahead of PayPal. Over the course of his year, the app has been making a lot of noise within the millennial market space which is now the most downloaded finance app on Google Play in the US.

A few months ago, news came out that Cash App overtook Venmo to go into the second place on the ranking behind PayPal. The growth rate is quite significant with over a 150 percent increase. In August, the firm revealed that it would be enabling a Bitcoin buying and selling service for users in all 50 American States.

Throughout this year, there have been some significant growth in profits and revenue for Square which has been mostly down the growing popularity of Bitcoin usage with the users of Cash App. the CEO of Square, Sarah Friar commented on the company back in August saying that the firm is seeing some real growth because of the positive performance of Cash App ever since the company enabled Bitcoin trading services. Friar has also announced that Cash App was at 15th place and rising in the overall top ranking on the Apple App store.

In the same month, the firm announced that it has seen a 100 percent increase in the profits of digital currencies despite the ongoing bear market cryptos are experiencing.

Friar and the co-founder of Twitter, Jack Dorsey has previously stated that he predicts a future where Bitcoin is adopted as the currency that people will use on the internet. According to him, the strategy for Square’s growth enables people to perform transactions with each other in a smooth fashion by plugging inefficiencies in existing payment frameworks. There have been rumours for a while now that Square will be bringing in more Bitcoin-related functionality such as Bitcoin payment processing or even a cryptocurrency exchange.


Google+ to Shut Down Early After New API Flaw Hits 52.5 Million Users

Google today revealed that Google+ has suffered another massive data breach, forcing the tech giant to shut down its struggling social network four months earlier than its actual scheduled date, i.e., in April 2019 instead of August 2019.

Google said it discovered another critical security vulnerability in one of Google+'s People APIs that could have allowed developers to steal private information on 52.5 million users, including their name, email address, occupation, and age.

The vulnerable API in question is called "People: get" that has been designed to let developers request basic information associated with a user profile.

However, software update in November introduced the bug in the Google+ People API that allowed apps to view users' information even if a user profile was set to not-public.

Google engineers discovered the security issue during standard testing procedures and addressed it within a week of the issue being introduced.

The company said it found no evidence that the vulnerability was exploited or its users' data was misused by any third-party app developers.

"No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way," Google said.

Google also assured its users that no passwords, financial data, national identification numbers or any other sensitive data were left exposed by this API bug.

Almost two months ago, Google disclosed a massive data breach that exposed private data of more than 500,000 Google+ users to third-party developers, and also announced to shut down Google+ for consumers by the end of August 2019 due to its failure in gaining broad adoption or significant traction with its consumers.

"Our review showed that Google+ is better suited as an enterprise product where co-workers can engage in internal discussions on a secure corporate social network," Google said in October.

However, following yet another security incident, Google said the company is going to shut down its social media network in April 2019 instead of August.


Law Matters: Is SA side-stepping the uprising of Cryptocurrencies?

JOHANNESBURG -  Are Treasury and the Reserve Bank side-stepping the uprising of Cryptocurrencies?

Cryptocurrency has gained significant traction in the past few years and has become a risky, but potentially lucrative, investment or trading option. South Africa has been a bit slow on the uptake in regulating the use of cryptocurrencies and, for the most part, their use been unregulated. 

The SA Reserve Bank issued a statement on 6 April 2018 that Cryptocurrency is not considered to be “legal tender”, i.e. real currency, in South Africa. South African taxpayers are merely required to declare their gains and losses with respect to their transactions involving cryptocurrency as part of their income. SA Revenue Service will look at the intention of the taxpayer when determining whether the income is capital or revenue in nature.

The National Treasury published the draft Taxation Laws Amendment Bill (the Bill) for public comment on 16 July 2018. The Bill is Treasury’s first attempt to regulate the use of cryptocurrency in South Africa and proposes changes to both the Income Tax Act and the VAT Act. The amendments, if promulgated in their current form, will significantly deter the use of cryptocurrency in South Africa for both trading and investment purposes.

One of the proposed changes is the inclusion of cryptocurrency in the definition of “financial instrument” in the Income Tax Act. 

Other financial instruments include loans, debts and shares. A simple change to the definition of financial instruments has a ripple effect throughout the Income Tax Act. Section 22 provides for the determination of the value of undisposed trading stock to be included in taxable income. Financial instruments are specifically excluded by section 22(1)(a) of the Income Tax Act which means that those who trade in cryptocurrency may not benefit from valuing their undisposed cryptocurrency using the valuation method contemplated in section 22.  

The above amendment may also stifle investment in fintech companies in South Africa as section 11D of the Income Tax Act, which provides an allowance for companies that invest in research and development in South Africa, specifically excludes the creation or development of financial instruments. This would include companies who mine or develop cryptocurrencies. 

A further proposal is the addition of “the acquisition or disposal of any cryptocurrency” to section 20A of the Income Tax Act, which deals with the ring-fencing of assessed losses of certain trades. Although taxpayers who trade in cryptocurrency may set-off their assessed losses from income derived from that trade, they may not set-off their assessed losses against income derived from other trades. 

Treasury has also suggested that the “issue, acquisition, collection, buying or selling or transfer of ownership of any cryptocurrency” be added to definition of “financial services” in section 2 of the VAT Act. 

As Cryptocurrency is not considered legal tender, VAT vendors providing wholly tax-deductible supplies who accept cryptocurrency as a form of payment will not be able to on-sell the cryptocurrency and claim the full input VAT as their business will be considered as one which supplies mixed supplies. Accordingly, only a portion of the input VAT will be deductible.  

South Africa has great potential as an emerging market to attract investments in the fintech sector. Cryptocurrencies form an integral part of that market and Treasury’s proposed changes, without further amendment and clarification, appear to curtail investment as opposed to encouraging it. The use of cryptocurrencies is on the rise and it may be that  Treasury, and the Reserve Bank, are forced to address the insurgence sooner than expected. 

Apple Repairs and Service
Member of the Internet Defense League

BitcoinCash Accepted