The Scam that Never Dies

You receive an e-mail from someone claiming to be a lawyer in Nigeria. This lawyer (or sometimes its a bank clerk) wants you to help them get several million dollars out of the country. They'll give you 30% of it just for helping. This scam has been around since before the Internet. E-mail is only the latest iteration of frauds that once came by mail or fax.

Most people of average intelligence know that it's a scam and throw the messages away, but now the scammers seem to be trying something new. The basis of the ploy is the same: The fraudsters have no intention of giving you any money, but they would like you to transfer some of your money to their accounts.

Usually it starts with an e-mail that contain what appears to be a benign link, but it's not. In other cases, virus-laden attachments are distributed via e-mail. When processed with DataScrambler software, the malware can fly under your antivirus application's radar.

For the last three months, security researchers at Palo Alto Networks, a security firm, have been tracking a series of cyber attacks affecting clients based in Taiwan and South Korea. The attacks, Palo Alto Networks said in a report this week, originate in Nigeria and are being orchestrated by some of the same people behind the Nigerian 419 swindle, in which fraud artists try to trick foreign victims into transferring money to their bank accounts.

The latest attacks, researchers say, are an example of how even unsophisticated actors can buy off-the-shelf hacking tools that allows them to spy on, and eventually steal from, victims without being detected by traditional antivirus products.

Scammers have been getting smarter, but the gang running this scam clearly proved that you don't need to have too much on the ball to launch a scam. The fraudsters leave tracks back to themselves (in many cases, the track leads to Nigeria) and one fool even posted questions about how the malware works on his Facebook and Twitter accounts. Those accounts no longer exist.

If a link is included in the message, clicking it will download and install malware. An example of the malware involved is called NetWire; it can allow a remote user to administer the machine. And not just Windows. For those who feel that Apple's OSX or Linux are free from threats, please note that NetWire is cross-platform malware.

Although the Nigerian scams have typically targeted individuals, the fraudsters now seem to be going after businesses. Once you have remote control software installed and you're able to record a user's keystrokes, there no end to the valuable information you can extract from a business computer.

Tenacity Pays Off with Tech Support

A NetGear router that I purchased several months ago offers 2 USB ports that can be used for network attached storage (NAS). I had been using it for only a few weeks when the old 300GB hard drive I had plugged in failed. I could replace the drive with a 1TB drive for $70 or a 2TB drive for $80, so I selected the larger drive. And thereby, as an author from another age might have said, hangs a tale.

Seagate isn't well represented here, either. While I was working with NetGear support, I opened a case with Seagate and asked if they were aware of any reason why one of their drives wouldn't be recognized by a router that's intended to be used with external USB drives.

The response utterly floored me.

Thank you for contacting Seagate Support.

I understand you are having an issue with your external drive not working on your router.

Unfortunately, the external drives are meant to be used with a computer and we do not support the external drives being used on a router.

I would recommend checking with the manufacturer of the external drive [I'm sure that he meant to write "the manufacturer of the router"] and see what formats the router recognizes. The external drive is in a 4K sector size formatted in NTFS. [The drive was formatted as NTFS and that's what the router expected.]

Since the drive does show up on a computer and works, the issue is with the formatting on the external drive. [Actually, that is a completely unsupportable assumption.]

Again, I do apologize for the issue you are having.

So I concluded that Seagate support is apparently staffed by people who probably believe that a hard drive is what happens on I5 between Los Angeles and San Diego. Because the response was so idiotic and the problem was clearly with the router, I didn't bother to contact Seagate again.

The new Seagate 2TB drive arrived and I plugged it in to the USB3 port. The router didn't see it. When I tried the USB2 port, it wasn't recognized there, either.

On June 10, I opened a ticket with NetGear: "I have a Nighhawk R7000, updated to the latest firmware version (V1.0.3.60_1.1.27). The USB drive that I was using for network attached storage died and I have replaced it. When I plugged the USB drive in to the router, it was not recognized. The drive is formatted and is recognized by any PC I connect it to. I have tried connecting it to the USB port on the back (I believe 2.0) as well as to the USB 3.0 port on the front of the router. The Seagate 2TB drive (STB2000100) has an external power supply and it is connected. The power light is on. No drivers are required. Pressing Refresh does nothing. Pressing Edit or Create Network folder returns “No Disk”. I have rebooted the router and the computer and am now out of ideas."

A day later, I tried several other drives that I had on hand and what I found is that the router would recognize any drive 1TB or smaller, but could not see anything larger. The NetGear technician insisted that the router does support 2TB and 3TB drives.

Over the next several weeks (yes, WEEKS!) we went through the usual litany of lower-level tech support questions and answers, including many that I had already answered in my initial post.

I was asked to install an older version of the router firmware. That, of course, did not help. Eventually the case made its way to tier-3 support and finally to engineering. Engineering created a special firmware edition that included a debug operation. I installed that and the technician I was working with ran it and collected information that could be used to mitigate the problem.

NetGear wanted to replace the router and, because I couldn't be without a router for a week or more, I paid the $20 required to have a replacement shipped before the "defective" router was returned. It was no surprise to me that the replacement had exactly the same performance as the original.

At that point, the case was escalated to tier-3 support and by July 2 it had been further escalated to Engineering.

On July 15, a NetGear technician wrote "We have been given a copy of a beta driver by our Engineering Department that might possibly fix the issue that you are experiencing."

As of July 17, the external USB drive was working as long as I connected it to the slower USB2 port, but still not recognized on the USB3 port. Speed is not essential for this drive, so (after more than 40 days) I consider this case "resolved". (As of the end of the week, NetGear was asking me for the model number of the 3TB drive. It is a 2TB drive and its exactly the same drive that I gave them the model number for on 10 June.)

The point here is not "Oh, poor me! Look at what I have had to deal with!" Not even close and I have to give NetGear credit for doing the right thing, but only when I pushed and pushed and pushed. If you have an electronic device and it's not working, don't give up! That's the point.

Read the full ticket summary (lightly edited) here.

As American as Apple Spy

Many people believe (somewhat inaccurately) that Apple devices are immune to hackers and malware. That's wrong, but it's worse than that. It seems that Apple may have built in back doors to their various operating systems that gives them access to your data.

Jonathan Zdziarski is a forensic scientist. He's also an author. And he's known as the hacker "NerveGas" among Iphone developers. Among the books he's written is "Hacking and Securing IOS Applications" for O’Reilly books.

What he has to say about IOS devices is interesting and worrying. He has demonstrated "undocumented high-value forensic services running on every IOS device". And he says that Apple's phones make information available that "should never come off the device" without user consent.

Zdziarski summarizes the IOS4 security model ...

... and notes that very little has changed in version 7. Simply screen-locking an Iphone doesn't encrypt the data, he says. In fact, the only true way to truly encrypt data involves turning the phone off. This means that your phone is almost always "at risk of spilling all data, since it’s almost always authenticated, even while locked."

So Apple can collect data without your consent and, as requested, provide it to any government agency.

Kinda gives you warm and fuzzy feelings about Apple, does it not?

Source: https://pentest.com/ios_backdoors_attack_points_surveillance_mechanisms.pdf

Chromebooks Begin to Replace Ipads in Schools

In the early days, Google's Chromebooks couldn't get any respect. That has changed as the operating system has matured and cloud-based storage has gone mainstream. Now it seems that the little computers are poised to make a dent in Apple's Ipad penetration in schools. This could have long-term implications for both Apple and Microsoft.

Back in the days of the Apple II, the machines were heavily discounted for schools and an entire generation grew up with those devices. Schools still rely heavily on Apple for in-school computing devices. Many districts provide Ipads for all students.

Ipads, though, are considerably more expensive than Chromebooks and they're harder to manage. Google's machines come with applications that allow school districts to manage the machines that are in students' hands and Chromebooks have keyboard, which I would argue make them more usable.

Google says that it's expanding its Play for Education app and e-book store from Android tablets to Chromebooks and this will make the little machines even more attractive to school systems.

Microsoft has largely been locked out of the education market, but has recently begun trying to push inexpensive low-end laptops into the market. What has to be worrisome for both Microsoft and Apple is the fact that students who are are raised on Chromebooks will be likely to continue using the devices when they head for college and later move into the workforce.

Chromebooks, of course, don't run Microsoft or Apple software. No Itunes. No Office Suite. Likewise, no Adobe Creative Cloud applications. But most of the functions that a large number of people use computers for are well served by apps, some of which are installed on the Chromebook and some of which exist in the cloud.

Now You Can Rent that E-Book You Want to Read

Think of it as Netflix for books. Amazon is starting a new $10-per-month program that will provide access to thousands of e-books and audio books. Called Kindle Unlimited, it will offer subscribers access to 600 thousand books and about 2000 titles from Audible.

New subscribers to Kindle Unlimited will also receive a 3-month paid subscription to Audible's full service, which as 150 thousand titles.

Amazon, not known for stupid marketing practices is offering a 30-day free trial of Kindle Unlimited in the belief that this will immediately boost membership. Amazon Prime already allows members to borrow some books, but only if they have a Kindle device. The new service applies both to Kindle readers and other devices with the Kindle app.

Despite being told that we live in a post-literate age, libraries seem busy. This year nearly 80 million people will use readers of some sort to consume books and that's nearing double-digit percentage growth from the year before.

You won't find books from Hachette, HarperCollins, or Simon and Schuster on the list.

This is probably bad news for Scribd and Oyster, both of which offer similar services -- Scribd for $9 per month and Oyster for $10 per month. Both offer hundreds of thousands of titles, including those from publishers that refuse to work with Amazon.

If you read no more than one book per month, the services don't make sense for you, but voracious readers may find that one of these plans is quite a bargain.

Netflix Roars Forward

At the Netflix of Netflix, profits and revenues are up dramatically. So is the number of subscribers -- finally topping 50 million.

Second-quarter earnings were $71 million on sales of $1.34 billion. When I said that profits and revenues were up, here's what I meant: Both are more than double what they were a year ago.

There were concerns that the World Cup would pull viewers away from the streaming service, but that didn't seem to be the case. In a conference call this week, CEO Reed Hastings says that everyone was surprised by the continued increase in subscribers even during the games.

Increasingly, Netflix is providing its own original programming and that programming has resulted in many Emmy nominations (31 for Netflix programming overall and 12 for one program alone, "Orange is the New Black"). This may say more about the state of American network television programming than it says about Netflix.

The company made it official that it will launch streaming services in Austria, Belgium, France, Germany, Luxembourg, and Switzerland during September. Those countries have more than 60 million households with high-speed Internet access and "high speed" really is an accurate term in much of Europe.