Watch out for this sneaky Gmail attack

Wordfence have highlighted a particularly sneaky Gmail phishing attack. Here’s what to look out for …

You receive an email – possibly from a friend or a legitimate contact – with an attachment, like this:

Although it looks genuine, it’s NOT a real attachment. It’s actually an embedded image crafted to look like a PDF, and when you click it, the embedded link in the image takes you to a fake Google login page …

… that also looks like the real thing. The only clue is in the browser’s address bar:

But that looks genuine too, doesn’t it? It says https://accounts.google.com, etc. The only oddity is that  data:text/html preface. And that’s the gotcha. It’s actually what’s known as a ‘data URI’ and what it’s telling the browser is that what follows isn’t a web address but a string of text, in this case a particularly long one. After a lot of whitespace to push what follows off the screen, you’ll find this …

… the start of a script that opens in a new tab and creates a functional but fake Gmail login page. A page that sends your user name and password to the attacker.

According to a comment on Hacker News,

“The attackers log in to your account immediately once they get the credentials, and they use one of your actual attachments, along with one of your actual subject lines, and send it to people in your contact list.”

Microsoft and Privacy

hal9000_win10Satya Nadella, Microsoft’s CEO, says he cares about your privacy. He wants to make sure “you get meaningful choices about how and why data is collected and used”. Except those “meaningful choices” don’t really include the “how” because where data collection is concerned, you really have no choice.

Further on he says, “We will put you in control of your privacy with easy-to-use tools and clear choices”, but there aren’t any choices — at least about the basic information Microsoft collect.

Their Privacy Statement spells it out, but the details are carefully hidden away. Take the first item, Personal Data We Collect, for example. You’ll find an anodyne, 95-word description followed by the next heading, How We Use Personal Data, but only by clicking the Learn More link do you find the full 800-word horror.

win10_privacy

Here’s a summary of what they collect:

Personal data

  • first and last name
  • email address
  • postal address
  • phone number

“and other similar contact data“

Credentials

  • passwords
  • password hints
  • security information used for authentication and account access.

Demographic data

  • your age
  • gender
  • country
  • preferred language

Interests and favourites

Your interests and favourites, (sports teams, the stocks you follow, favourite cities, cars, etc.)

“In addition to those you explicitly provide, your interests and favorites may also be inferred or derived from other data we collect.”

(My italics)

Just think about that for a moment. It’s a biggie.  They’ll infer, with some degree of accuracy, your income, political sympathies, occupation, socio-economic standing, health status and health concerns, marital status, sexual preferences, personal problems, family life, number of offspring, their ages … the list goes on and on …

Payment data

  • credit card numbers and the security codes associated with them

So much for that CCV code on the back of your card!

Program usage data

  • the features you use
  • the items you purchase
  • the web pages you visit
  • the search terms you enter

This also includes data about your device, the network you use, IP address, device identifiers (such as the unique IMEI number in phones), regional and language settings, information about the operating systems and other software installed on your device (including product keys).

Contacts and relationships

  • Data about your contacts and relationships, with other people and organizations.

Location data

Your location, either precisely via GPS or Wi-Fi hotspots, or imprecisely via your IP address “or data that indicates where you are located … such as at a city or postal code level.”

Content

“We collect content of your files and communications when necessary to provide you with the services you use … Examples of this data include: the content of your documents, photos, music or video you upload to a Microsoft service such as OneDrive, as well as the content of your communications sent or received using Microsoft services such Outlook.com or Skype, including the:

  • subject line and body of an email,
  • text or other content of an instant message,
  • audio and video recording of a video message, and
  • audio recording and transcript of a voice message you receive or a text message you dictate. “

 

But sometimes all that’s just not enough:

“… we supplement the data we collect by purchasing demographic data from other companies.”

And, no doubt, they sell it too.

 

Of course, Microsoft aren’t alone in capturing vast swathes of personal data about us. Google and Facebook are a couple of standout examples. But Microsoft – with its unique position as the world’s Number One operating system supplier – is perfectly placed to be become the first integrated 24/7 global surveillance system, whether it’s via your daily interactions with Windows 10, Office and Outlook.com, via your gaming activities on Xbox, your searches on Bing, the files you store on OneDrive, your personal chats on Skype, or your work history and CV on LinkedIn.

Windows 10 is a nice operating system, no question, but it’s horribly compromised. So much so that it blurs the line between operating systems, keyloggers and spyware.

If Satya Nadella really wanted to provide us with a choice about who’s looking over our shoulders, Microsoft would produce a neutral, open source operating system from which users could make their own informed choices.

Actually, there’s no need. We already have one. It’s call Linux.

 

Ever wondered what an ATM skimmer looks like?

ATM skimmers are designed to look like the slot you slip your card in. They clip on the front of the machine and read the data on your card’s magnetic stripe as it passes by.

On holiday in Vienna

You’ll find some close-ups of the skimmer’s electronics on Tedseco’s blog.

 

SMARTen up!

How do you know if your hard disk is about to die?

A couple of months ago, a writer friend called me about a problem with her computer. The sort of problem that drives you nuts; an intermittent one.

Sometimes the machine would be slow to boot. V-e-r-y slow. Sometimes it would freeze while she was working, then resume. Other times it would behave perfectly normally. But the bad times were getting more frequent and she’d reached the stage where she no longer trusted the machine.

What was it? What could she do?

She’d called in a geek – the wheeled variety (Kiwis will know who I mean) – who performed some tests, did some checks, presented a bill and declared the machine was fine. Only it wasn’t.

Someone recommended “their guy” who charged in, did some stuff, uttered some techno-babble and charged out again. (As well as charging, in the other sense.)

He went away, but the problems didn’t.

So she called me.

Oh great. Two “experts” had failed. What chance did I have?

But in talking to her and her husband about the problems – something neither of my precedessors had done – I began to see a pattern in the randomness, booted the machine, hit F2, and within two minutes had the solution.

The machine was an HP. Like many “brand” computers, HPs contain a set of hardware diagnostic tools available from the boot menu. All I did was kick them off.

A typical short hard drive check takes around two minutes. And, as I’d guessed, two minutes later the diagnositcs reported the hard drive was failing.

HPfail

The machine was a little over a year old, still under warranty, and the faulty drive was replaced within a week.

 

Behind the scenes

Hard drives die in one of two ways. Around 40% go suddenly and without warning. The remainder suffer lingering deaths from mechanical wear and drive surface degradation, sometimes giving out warnings – like my friend’s – in the form of sluggish response and erratic performance. And, if you know where to look, you can see and even log their decline.

Behind the scenes, that HP diagnostics program ran a SMART analysis of the hard disk. SMART stands for Self-Monitoring, Analysis, and Reporting Technology, and is built in to all hard disk and solid-state drives. It tries to aniticpate failure by running a series of electrical and mechanical tests and recording the results. Some tests are more useful than others, but by looking at past failures and their frequency, it can provide you with a vital clue that a drive’s on its way out.

Some motherboards display a SMART drive status when they boot. Some don’t. Plus, there are many different types of drive and types of connection – USB, Firewire, ATA, SATA, SCSI, SSA, RAID, etc. That “low-levelness” is something operating systems like Windows struggle with. What’s more, SMART is only a “sort of” standard. Most drive manufacturers follow the basic implementation, but only some aspects are cross-compatible.

 

Linux SMARTs

As usual, Linux users have the edge here. Installing SMART is simply a matter of installing Smartmontools:

sudo apt-get install smartmontools

This provides two utilities — smartctl and smartd – a monitoring and control program and a disk monitoring daemon.

 

To get information about the disk and see whether it supports SMART:

sudo smartctl -i /dev/sda

where sda is the drive concerned. (Use lsblk to see what drives are attached to the machine.)

This will give you a summary of your drive. Look for the lines:

SMART support is: Available - device has SMART capability.
SMART support is: Enabled

 

If SMART’s not enabled, enable it with:

sudo smartctl -s on /dev/sda

 

To get a quick health status report:

sudo smartctl -H /dev/sda

which should show something like this:

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

If this shows FAILING, back up the data immediately!

 

To get a full drive report:

sudo smartctl -a /dev/sda

There are two options for testing a drive – short and longt. A short test typically takes around two minutes. Long tests take considerably longer – two to six hours is not uncommon – but both tests will tick away in the background and still allow you to use your machine.

 

To see roughly how long each test will take, run the full report

sudo smartctl -a /dev/sda

and scroll down to a section under the line

=== START OF READ SMART DATA SECTION ===
 where you'll find something like this:Short self-test routine
 Short self-test routine
 recommended polling time: ( 1) minutes.
 Extended self-test routine
 recommended polling time: ( 333) minutes.

 

To run either test, use the -t option:

sudo smartctl -t short /dev/sda
sudo smartctl -t long /dev/sda

Running a test will give you a completion time:

=== START OF OFFLINE IMMEDIATE AND SELF-TEST SECTION ===
...
Testing has begun.
Please wait 2 minutes for test to complete.
Test will complete after Tue Jun 21 21:33:38 2016

 

To abort the test use:

sudo smartctl -X

You can see how the time is going with the date command:

 

To see the results of the test:

sudo smartctl -l selftest /dev/sda

or run the full report again.

 

If you prefer a GUI front end for SMART, install GsmartControl:

sudo apt-get install gsmartcontrol

 

Next time, I’ll show you how to automate drive testing using smartd.