Russians Hack Chicago!

Leonid250.jpg

Leonid and Friends

How a group of Russian musicians show their love for a classic-rock staple from the 70’s.

Its time for a little fun. If you are older, you remember an epic band called Chicago. They gained a reputation for being a soft-rock staple of the early seventies. Kind of a bland horn-band to back up Peter Cetera, one of their pop-star front men. This is the most unkind description that I can think of, and not my opinion at all.

Chicago, for a time, owned the American top 40 pop charts, and the original band members created original music that has been folded into the fabric of our culture. They had, and still have millions of fans, who love their music more than ever.

Over time, the general population of music lovers tired of Chicago. There was a serious case of heavy rotation radio overplay during their heyday, and in those days, AM car radios and cheap boom-boxes really couldn’t do justice to the complexity and subtlety of the arrangements that they created, not to mention the absolute virtuosity of their players. It was all a pleasant “wall of sound” creation that served as background to all of our lives in the malaise-ridden, drug-addled 70’s.

I have rediscovered the music of Chicago through a tribute band from an unlikely place: Moscow, Russia. Yes, Leonid and Friends is a band formed by bassist and audio engineer and producer Leonid Vorobyev, and you can find much of their musical product on YouTube here: https://www.youtube.com/channel/UCD5ZsXiIFlrWrbOCM6rEDKQ.

The tech angle, (and make no mistake, I am just indulging myself here with a bit of fun about something that has captured my fancy), is that they have followed the example of Pomplamoose in publishing “video songs”, which show all of the parts being played on the instruments used in real-time. Kind of a “look-ma-no-hands” mode of musical presentation which is original to YouTube and online video. These days, much of the music that I enjoy, I “watch” on YouTube, partly because it is available there for free, and partly because there is this added benefit of an edited, visible performance. On-demand music videos that aren’t stupid movie shorts for tweens.

So how do they do? I regard their performances as very much comparable to the original Chicago recordings, and make no mistake, Chicago was an awesome band. The horn section was a match for the best of James Brown or Tower of Power, and the arrangements were deft and intricate. Having been a wind player, I watch the horn section that Leonid has assembled with amazement. The trumpet player, Andrey Zyl, looks like his neck is going to explode, but they are as tight and smooth as the original band was, if not more so.

The beauty of the “video song” mode of performance is that it shows all the parts being played when featured. Technically, Pomplamoose’s mode of presentation was very different from Leonid and Friends, using overlaid video montages and background clips that portrayed design and assembly of their many synthesizers and synthesized instruments. Leonid and Friends do straight-up studio recordings with head-phones and sound-damping barriers between the different sections of the ensemble. There are enough cameras that everyone gets a turn on-screen during their featured moments. This detailed video capture and editing serves to show you just how many parts are being played, and how well they are playing together. Really, the vocal performances alone are worth the watch, with a special shout out to Vasilii Akimov, who absolutely shreds “I’m a man”; Sergey Kashirin, who plays lead guitar like he was born with the instrument in his hand, and takes lead vocal on several songs; the Ukrainian Serge Tiagniryadno, who covers Cetera’s counter-tenor on songs like “If You Leave Me Now”, and “25 or 6 to 4”; and the stunning Ksenia Buzina who floats her soprano above it all when the ensemble sings.

But, perhaps the best part of all in watching Leonid and Friends play these beloved chestnuts is the look on their faces as they accomplish their work. Every one of them is a picture of joy almost the entire way through each song, and when they finish, well they look like they could all use a cigarette. It is so much fun to watch such great musicians re-create a work that none of them was ever able to see performed by the original Chicago, and Leonid has created all of the arrangements by ear from listening to his record collection. This is truly miraculous, and a reason to hope for friendship between peoples. No doubt, an American band and their music is beloved wholeheartedly by this group of Russians (and a Ukrainian). Of that there can be no doubt.

Open Letter to Steve Gibson regarding Chrome version 69

This is an open letter to Steve Gibson of grc.com, author of many books and articles, and co-host with Leo LaPorte of “Security Now”, a TWIT network podcast on computer and Internet security.

I am posting this to provide a relevant, real-world case regarding a topic in episode 692 of “Security Now”, “SNI Encryption” https://twit.tv/shows/security-now/episodes/682?autostart=false.

I operate a small, two man IT support and Managed Service Provider business in central New Hampshire. This post is in the blog section of my website. You will see that my website is on Squarespace, and this is primarily a personal, consultative business for small business owners.

Yesterday, I took a support call from a long-standing medical client who was having trouble using a cash management system in conjunction with their company financial software package. It turned out that the problem was not something that I could help them with, but rather a matter for their accountant or service provider.

While I was working with the clinic manager in a remote assistance session, viewing and operating her computer desktop remotely, I noticed that she was using Google Chrome, and that there was an unusual icon in the upper right-hand corner of her browser window. I checked, and the icon was the image upload for a Google account ID that Chrome was logged into. I clicked on the icon, and the identity that came up was the business name of a competing medical clinic. I asked the clinic manager how the ID came to be there, and she replied in very anxious tones that she had no idea. She is not technical at all, but rather a very responsible administrator who can follow clearly documented procedures to the letter, but does not have much depth of perspective on most computer and Internet technology. She did not know what a Google account was, nor did she know that Chrome could be associated with a Google account and logged into.

As you can imagine, I became alarmed at this discovery, because if there had been some deliberate corporate espionage done against this person’s computer, this manager’s Chrome settings could easily be exfiltrated to another device logged in under the same account. Fortunately, the user was very clear that she never allows Chrome to retain user accounts and passwords to autofill login forms. She always responds “never” when prompted to save a password for a website, so I think that in this case, she is in the clear.

So, you can imagine my surprise when I caught up with my Security Now podcasts today, and you were discussing Matthew Green’s post about Chrome version 69, and Google’s decision to automatically log users into Chrome after logging into any Google service (https://blog.cryptographyengineering.com/2018/09/23/why-im-leaving-chrome/). However it came to be that my client became logged into a competing clinic’s Google account, and there are plausible explanations that do not involve corporate espionage, a few things are clear:

  1. My client had no understanding of what was going on.

  2. Exfiltration of credentials could have persisted for an indefinite period of time.

  3. Had an attacker wanted to exploit the access to the financial and medical web accounts that this manager was using, an amazing amount of damage could have been done to the business. It could truly have been an existential threat.

  4. Since the user had not stored any passwords in their Chrome browser, I preemptively logged the browser out of the account, and I am taking measures to ensure that other Chrome users in the business will be prevented from using personal Google accounts on their work computers. If we had chosen to do forensics and investigation, the cost of that process could have mounted up fairly quickly.

Thanks again for your great and tireless work keeping the public informed on this complex and tricky subject area. I love the show, and I am a loyal SpinRite user for many years.

Nate Abbott, Abbott Business Networks, LLC

How to Respond to Facebook: Hollow Out Your Account.

For the purposes of this article, I am naming Facebook, but I include any social media outlet that you feel has wronged you, whose practices you can no longer abide, whose reputation now affects your own. 

My feeling is that Facebook has abused our trust.  They promoted the idea that sharing more improved our experience and our lives.  All the time they were luring us into their plan to monetize our activity, fattening us like piglets for the slaughter.  It should come as no surprise that this resulted in disaster.  An American election with an asterisk; billions lost in market capitalization; no accountability for the information they publish. 

Friends and relatives have just shut it down.  They have downloaded their information and deleted their account.  We know that many are doing this.  Good for you, friends, you are the smart ones.  Me, I am an IT guy.  I tell people how to get the most out of their technology, whatever it is.  I am the Bodhisattva, delaying nirvana to lead others out of their darkness.  I thought that the right thing for me to do was run down the road to see where it led.  Then I could come back and tell everyone.  What I can tell you now is that this road has no end. It is a treadmill.

I started invested my data in Facebook many years ago.  I posted photos and videos, played the games where I answered all the questions about books and movies and hobbies and all of my likes and dislikes.  Family reunions, new babies, puppies, kittens, prom dates, marriages: all documented with easy and wonderful photos and videos from our ever-improving smartphones.  When the Facebook IPO happened, everyone questioned whether Facebook could monetize mobile.  Mobile was like gasoline on the Facebook flame. Facebook toyed with the idea of creating their own mobile phone.  They never needed to.  The iPhone and every Android phone became Facebook phones once the app was installed.  Go ahead and see how different your phone becomes after you remove the Facebook app.

Every step of the way, Facebook lulled us into a false sense of confidence in them.  When they made an overt anti-privacy move, they rolled it back if the up-roar was too great in the user community.  They weathered wave after wave of these scandals starting with early amendments to their terms of service, to their unduly invasive “Beacon” service, to ever more subtle and inscrutable betrayals.  First it was just your data, then it was your friends of friends’ data, and so on.  Opting out was possible, but the un-private default settings roped in millions as the capture of new, uninitiated users accelerated.  Facebook could not have played their cards more perfectly to maximize their own rights with respect to your information and minimize their own obligation.  Unless you are savvy and diligent, the drift in your Facebook experience shared ever more of your information.   So, ask yourself, how many of your friends are both savvy AND diligent?

Because I feel that I have been presented with incontrovertible evidence that Facebook is essentially not a benign influence in our society, I am moderating my account.  Because I communicate with so many of you, I do not want to punish our relationship by withdrawing from a medium that you may like, and not forgoing everything I have written here, I still value Facebook.  I will be posting less, and my interests in Facebook will be more commercial and less personal.  I have deleted the Facebook app from my smartphone.  I encourage you at a minimum to do the same.  My participation in Facebook will now be a dissident one. 

It is apparent that the culture within Facebook is arrogant, insular, and elite.  I have spoken with a former employee with a position of some importance in Facebook Human Resources, and this person told me that they were frustrated when they recruited a brilliant candidate, and the Facebook managers would ask why the candidate had not attended Harvard or Stanford.  It is apparent that the Facebook organization is an Ivy League club, with all of the myopia and dysfunctional discrimination that implies.

Today, there are millions of businesses that operate almost entirely within the confines of the pages of Facebook.  Products and services are offered, specials advertised, messages exchanged, appointments made, and payments arranged.  There are millions of people around the world who find Facebook to be so convenient that they never look anywhere else for news or other information.   There was an online property that was in that position many years ago when the Internet was young.  It became one of the most powerful companies on Wall Street before it was merged with one of the biggest media companies of the day.  With any luck, we may be looking at a repeat of that story. What was the property?  It still exists.  It is called “AOL”.

WPA2 KRACK Wifi vulnerability

Some of you may have heard about a newly discovered Wifi vulnerability called “KRACK”, which stands for “Key Reinsertion attACK”.  This vulnerability exposes a flaw in the WPA2 security protocol that virtually all Wifi networks use to keep them secure and prevent unauthorized access to a password protected Wifi network.  Most of you are affected by this vulnerability.

Here are the bullet points on this issue:

  • Protocol flaw affecting all devices secured by WPA2.
  • Newly disclosed, no known exploits in the wild.  (not super dangerous at this time)
  • Two classes of remedy: “Client”, and “Router/AP”
  • ABN Contract clients will receive remediation as it becomes available under contract terms automatically.
  • Clients without ongoing monthly support contract with ABN must contact ABN for service to remedy this issue.
  • Microsoft has already released a fix for Windows computers through Windows Update.
  • Other manufacturers and software publishers have not yet published all required fixes at this time. 

Fortunately, the threat level of this vulnerability is not high, partly because it was caught before any exploits have come to light, which means that it was a secret to bad guys and good guys alike.

Now that it is known, vendors are working hard to close the hole in the WPA2 protocol implementation.  There are two general classes of fixes coming to us for this vulnerability.  The first is a class of “client” updates, which affect anything that connects to a wireless network.  This includes Wireless enabled PC’s, laptops, smartphones, tablets, printers, and other wireless devices such as security cameras, baby monitors, and the like.  The second class of fixes are for the Wireless Access Points and routers to which the clients connect.

The most critical class of updates is the clients class, and there is good news here.  Microsoft has already released a fix to their Wireless client software, and anyone remaining current on Microsoft updates through the Windows Update process will receive, or may have already received their update.  Apple is beta testing updates for iOS and MacOS, as is Google and the various smartphone manufacturers for Android.  So, anyone following the ABN standard procedure to maintain all device updates as current as possible will be well served to keep it up and make sure that everything you’ve got is up to date.  ABN performs this service for contract customers, so those of you in that position need not worry, and watch for us checking up on this issue as we go forward.

The less critical but equally important class of updates is for the Wireless Access Points and Routers.  To correct the protocol flaw on these devices, a device “firmware” update will be required, and we are receiving communication from our major vendors indicating that they are developing and testing firmware updates for their devices.  Again, as a matter of course, ABN updates device firmware on wireless access points and routers for our contract customers as part of the contract support entitlement.  As firmware updates become available for each of your various access points and routers, we will be contacting our contract customers to schedule a maintenance window to perform the firmware updates.

Those of you who are not contract customers of ABN, you will need to contact us and request a review of devices for remediation.  Please call our main support number to get this service scheduled.  At this time we can check Windows updates only.  As time goes on and more of our vendors have issued fixes for their devices, we will have more that we can do for you.

As a side note, we have received independent confirmation that companies served by managed service providers like ABN were almost unscathed by the WannaCry and Petya ransomware attacks.  This is partly because those attacks relied on out of-date-software on networked PC’s which had gone months and even years without regular updates.  We make sure that doesn’t happen.

DRAM and SSD Shortage

One of our primary vendors just sent us this message:  

"We wanted to alert you to an industry-wide Dynamic Random Access Memory (DRAM) and Solid State Drive (SSD) supply shortage that’s impacting pricing across all vendors. The shortage has caused a 50–105% pricing increase and is expected to continue through the first half of 2017.

"The shortage is related to the high demand of NAND flash in the PC, smartphone and tablet markets, which has caused a decrease in availability of SSD and DRAM products."

We wanted to make clients, partners, and others aware of this news because a surprising amount of our business in the last year has been upgrading systems by installing additional RAM memory and replacing spinning hard drives with SSD Drives.  It has made many computers that were manufactured since the release of Windows 7 fully adaptable to Windows 10 and newer applications that require more memory and demand faster disk storage access.  

If you have not upgraded to Windows 10, it may still be useful to look at DRAM and SSD upgrades as a way to avoid a premature computer purchase, even with the higher prices for these items.  Use our feedback page if you want more information or you operate a New Hampshire business that may benefit from these upgrades.

2016, the year of the Ransonmware exploit

On October 23, 2013, Steve Gibson reported on his weekly security podcast "Security Now" on the twit.tv podcast network, that about three weeks prior a new exploit called "Cryptolocker" had been discovered infecting computers at an alarming rate. 

In that podcast, Steve quoted another journalist, saying: "Dan Goodin at Ars Technica wrote said: 'You're infected. If you want to see your data again, pay us $300 in Bitcoins.' And the subhead was: 'Ransomware comes of age with unbreakable crypto and anonymous payments.' So, and if you want to [...] just put "CryptoLocker" into Google, and you will see, I mean, it is bad."

Three years later, what Steve and other security experts predicted about CryptoLocker and ransomware in general has come true.  It is the main malware threat concern of all Information Technology security personnel around the globe: how do I prevent my users from getting infected with ransomware, and how do I respond to it if they do?

We at ABN have prepared a 30 minute presentation to help IT managers and personnel at any company or organization become aware of ransomware, and to become better equipped to avoid the exploits of Internet ransomware threats.  This is available to our monthly contract customers for free with their support agreements, and for a small fee for anyone else. 
 

The Unbelievable Awesomeness of JunkEmailFilter.com

I have to take a moment to call out a really extraordinary service that I have done business with for several years.  The name of the business is "JunkEmailFilter.com", and it is run by one of the unknown soldiers for Internet integrity, Marc Perkel.

I became aware of this service because of the curmudgeonly rantings of John C. Dvorak, one of the most respected and longest running tech journalists still living.  He famously ranted "I GET NO SPAM" several years ago on my favorite tech podcast, TWIT (go to twit.tv for more on that), and I never quite forgot it.

As a result, when I was a bit frustrated with my efforts to control spam for clients who were using their own hosted email, mostly set up by me on Microsoft Exchange, I tracked Marc down and found that I was dealing with him personally in setting up service, and that he responded with lightning speed and perfect accuracy in setting up filtering service for my accounts.  The price for this service is amazingly low, and he can scale to whatever you need to support.

Furthermore, he is dedicated to our freedom and privacy on the Internet.  If you are not hosting your own email, but you want a completely secure and uncompromising email hosting service for yourself or your small business, then Marc is your man.  He provides that service also at similarly reasonable rates.

If you are still hosting email using Small Business Server or something similar like MDaemon, and you or your client cannot or will not migrate to a cloud service like Office 365 or Google Apps for Business, then you would be well served to put Marc's service in front of your own.  His is an extremely effective filter, and as I mentioned above, he works very hard to deliver service and support immediately via email.  It is very convenient to work with him.

Thanks to Marc for his help today, and lets hope that more like him step forward to eliminate spam and all of the nefarious cruft that crosses the Internet every day.