Bob's Tech Talk - Bobs Tech Talk News and Reviews

Wednesday, July 29, 2015 at 6:28AM

I was looking for a simple wireless headset replacement for the headset I used on my home system. I thought would be nice to be able to work on projects while still being able to move around my office hands-free. My first test for sound quality was to get connected using Skype. I called home to my wife she reported to me that the sound quality was excellent and she didn't hear any background noise as well. This was very important because I use Skype quite often to call out when I am at home. Skype has great integration with our client management system and this makes it very easy for me to reach out and touch someone.

This is a Bluetooth headphone set so it can be paired not only with the tiny Bluetooth nano receiver that you plug into a USB port, but may also be connected to a smart phone or tablet by pairing it to those devices. I should be able to move up to 40 feet from the Bluetooth connection which is what I am testing right now. It appears that I don't have to have line of sight, but going through several sets of walls does attenuate enough to stop the connection.

There is a button on the side of the headset that allows you to switch between the Bluetooth circuit and the nano receiver so you can switch between devices using that type of function. By holding in the plus key on the right ear piece you begin the pairing process with any Bluetooth device. I paired it with my Microsoft Surface inside of two minutes. It was a very simple process.

The battery is rated to last six hours so there is plenty of talk and listening time between charges. If you are running low just plug the headset into a USB port and they recharge will begin and you can continue using the headset at the same time. The only issue that I'm going to have over time is that all batteries have a limited number of times that you can charge them and eventually I will have to dispose of the headset when it no longer can hold a charge. If you need replacement ear pads or a replacement battery you can get them on the Logitech website. Your pads and the battery are both five dollars apiece. If you loose your nano receiver you can get another one for $15.

It does have a noise canceling microphone so it should work fairly well even in a noisy environment. It only took me seconds to get connected to my Dragon NaturallySpeaking software and I didn't have to train it at all begin dictating to it accurately.

The nano receiver is a 2.4 GHz wireless connection and allows you to move up to 40 feet away from your PC without losing the connection.

The documentation states that it has a fold it go design but even though it does get smaller because of its heavy construction it does not fold as tight as my Plantronics unit did. But it does get a little bit smaller so it will fit into a backpack without a problem. The left ear piece opens up for access to the battery and also doubles as a storage compartment for the nano receiver so is available on your travels.

This unit retails for about $100. The warranty for the unit is two years. Sure to go to the Logitech website to register your unit after you have purchased it.

Wednesday, July 15, 2015 at 12:31PM

by John Zorabedian on June 25, 2015

ransomware-note-1200 Malware that encrypts all of a victim's files and holds them for ransom - what's commonly called crypto-ransomware or cryptoware - continues to be hugely successful in making money for the criminal gangs who perpetuate it.

According to a public service announcement from the FBI's Internet Crime Complaint Center (IC3), the CryptoWall variant of crypto-ransomware cost US businesses and consumers at least $18 million between April 2014 and June 2015.

That figure is based on complaints from 992 CryptoWall victims, and includes related damages such as the cost of network mitigation, loss of productivity, legal fees, IT services and credit monitoring services.

It's not clear how much of the $18 million was paid out in ransom fees to the CryptoWall criminals, but the FBI said that the ransom demanded typically ranged from $200 to $10,000.

The FBI called CryptoWall the "most current and significant ransomware threat" in the US.

Although the FBI's report of financial damages caused by CryptoWall is significant, it's likely those figures represent only a tiny minority of the cost to victims worldwide.

It's difficult to determine the exact number of crypto-ransomware victims, in part because many businesses caught in the ransomware trap don't want to come out and say so (public sector organizations like police departmentshaven't had the same luxury).

Equally hard is figuring out how much money the crooks have hauled in from their ransomware enterprises.

What we do know is that crypto-ransomware is highly effective, and lucrative enough for criminals to keep coming up with new forms of it - one survey found that 3% of UK citizens had been victims, and 40% of those had paid the ransom.

CryptoWall's predecessor, CryptoLocker, was extremely successful - the crew behind CryptoLocker raked in an estimated $27 million in the first two months after it was unleashed in September 2013.

Although CryptoLocker was fatally damaged by a law enforcement take-down of its server infrastructure in May 2014, cybercriminals soon began spreading other dangerous forms of ransomware based on CryptoLocker's successful model.

We began seeing CryptoWall in April 2014, along with another similar variant called CryptoDefense.

Since then, other copycats have emerged that have proved to be just as dangerous, some even borrowing the CryptoLocker name.

Recently we even saw crypto-ransomware that borrowed themes and imagery from the popular television series "Breaking Bad."

The crooks have figured out some fiendish ways to get people to pay up: by making their illicit software "consumer-friendly" with easy-to-follow instructions on how to pay with bitcoins or other forms of untraceable e-payment, and offering "user support."

Crypto-ransomware crooks have also figured out that they can earn their victim's trust (more or less) by offering to decrypt one file for "free" - so you'll know the crooks will follow through on their promise to decrypt the rest of your files once you pay them.

If the crooks have implemented the encryption process properly - and they often have - you're left with a choice of losing your files, or paying for a copy of the decryption key.

It presents an ethical dilemma - one which Sophos security expert and fellow Naked Security writer Paul Ducklin captured well in his excellent post "Ransomware - should you pay?"

His spot-on and simple advice is summed up here:

Don't pay if you can possibly avoid it, even if it means some personal hassle.
Take precautions today (e.g., backups, proactive anti-virus, web and email filtering) so that you avoid getting into a position where you ever need to pay.

Friday, July 3, 2015 at 12:29PM

by Mark Stockley on July 1, 2015 | 14 Comments

Traps The founder of one of the Dark Web's fledgling search engines is warning Tor users about the presence of hundreds of fake and booby trapped .onion websites.

Sites with addresses that end in .onion are anonymous, Dark Web websites (properly called hidden services) that can only be accessed using the Tor browser.

The fake sites were discovered by Juha Nurmi, a founding member of the ahmia.fi project, an open source search engine that aims to search, index and catalogue all the content present on the Tor network.

Nurmi first noticed a fake of his own site before discovering that there are multiple clones of hundreds of other Dark Web sites, including a fake of the .onion version of the popular DuckDuckGo search engine.

Nurmi raised his concerns on Monday, on the Tor-Talk mailing list and published a full list of fake or booby trapped sites to Pastebin.

I noticed a while ago that there is a clone onion site for Ahmia. Now I realized that someone is actually generated similar onion domains to all popular onion sites and is re-writing some of the content.

In his post to the mailing list he claims that there are multiple copies of each target site with similar-looking addresses.

Tor sites are often found through directories rather than search engines and they have addresses that are quite difficult to read, which probably makes it easier to plant fakes than on the regular World Wide Web.

For example, the real and fake addresses for DuckDuckGo are the equally immemorable:

http://3g2upl4pq6kufc4m.onion/ (real)
http://3g2up5afx6n5miu4.onion/ (fake)

Nurmi also claims that the fake sites aren't just duplicates of the real sites but proxies for them (he could presumably verify this for his own site but he doesn't state how or if he tested it for the others).

If he's correct then the proxies would allow the attacker to launch so-called Man-in-the-Middle attacks, stealing or modifying data as it passes through the fake site.

These sites are actually working as a transparent proxy to real sites. However, the attacker works as MITM [Man-in-the-Middle] and rewrites some content. It is possible that the attacker is gathering information, including user names and passwords.

In another sinister twist user 'garpamp', who claims that such activity has been "going on for years", states that he's seen pages that list .onion addresses being modified by malicious Tor exit nodes.

This is a completely different attack from the one identified by Nurmi and it occurs on the regular web, not the Dark Web, but it's aimed at achieving the same thing - getting you to visit a fake Dark Web service instead of a real one.

It works like this:

The Tor browser can be used to browse hidden services on the so-called Dark Web, where both the browser and the site are completely anonymous, or the regular World Wide Web, where only the user with a Tor browser is anonymous.

When it's used on the regular web, Tor encrypts your traffic and sends it on an eccentric journey between a number of Tor nodes before it's decrypted again before making the final hop to its destination like any other internet traffic.

This decryption (and the encryption of responses) is performed by a special Tor node called an exit node. Anyone can set up an exit node and because they deal with unencrypted information they are an excellent place to spy on traffic, or even to modify it on-the-wire (you can read more about exit nodes in my recent article Can you trust Tor's exit nodes?).

What garpamp claims to have seen is malicious exit nodes being used to rewrite regular web pages.

In other words, if you looked at this page through Tor and you happened to get a malicious exit node in your circuit you might not see the legitimate DuckDuckGo address at the top of this page, you might see two fake ones instead.

During the course of the discussion, garpamp noticed that a bad exit node was actually rewriting the addresses on the pastebin page posted by Nurmi!

...I've also seen exits [1] rewriting onion addresses found on clearnet.

[1] Like the ****** behind this piece of **** is doing to that pastebin url... Arag0n 185.77.129.189 dc914d754b27e1a0f196330bec599bc9d640f30c

The thread closed with Roger Dingledine, one of the original Tor developers, reporting that the bad exit node discovered by garpamp has now been given the BadExit flag which should prevent it from acting as an exit node.

The battle to shut down bad exit nodes is ongoing.

We don't know who is behind the fake sites, who is behind the exit nodes rewriting real addresses for fake ones or why they're doing it, but there are no shortage of suspects.

The Dark Web is an online safe haven for dissidents, journalists and champions of free speech but it is also a small and highly concentrated den of the very worst criminality.

So, not only is there is an abundance of thieves on the Dark Web, and no honour amongst them, there is no shortage of government hackers or undercover agents either.

Entries from July 1, 2015 - July 31, 2015

Logitech H800 Wireless Headset

CryptoWall ransomware cost US victims at least $18 million, FBI says

Hundreds of Dark Web sites cloned and "booby trapped"