Oh no! Have I been hacked?

A SPAM campaign is underway that immediately grabs your attention by letting you know a hacker has your password. The email goes on to reveal supposed details of your browsing habits as well as captured images of you via webcam. The hacker seeks a few thousand dollars as a “privacy fee”.

So how did they get your password? Simple! Poor security on any number of sites you visit. The LinkedIn Data Breach is an example where millions of account credentials were stolen. These usernames and passwords are available to be bought and sold on the dark web. It is likely that a malicious individual obtained a database of compromised accounts, crafted a nefarious message and used a mail merge to send out the emails in bulk.

What should you do? Don’t panic! This is nothing more than a clever SPAM campaign designed to scare you into paying a con artist. You have not been hacked, you don’t have a key logger installed and the hacker isn’t tracking to see if you read the email.

Next, protect yourself and your accounts. Visit https://haveibeenpwned.com to see if your email address and any online accounts were exposed in a data breach. Note that some breaches are part of a “combo list” that do not provide the originating source of stolen information. Change your password on any of the identified sites. Additionally, google your email address and scan the search results for any sites where you may have used the same password.

Moving forward, consider using a password manager and utilize two factor authentication for any site where available.

macOS High Sierra Security Bug

A serious security vulnerability was discovered with macOS High Sierra that can potentially allow anybody full administrative access without a password. Anyone running macOS High Sierra 10.13, 10.13.1, or 10.13.2 who has not previously enabled the root account or changed a root user account password on his or her Mac before may be affected.

To determine which version of macOS you are using, choose ‘About This Mac’ from the Apple Menu and click on the Overview tab.

It is vital that Mac users take immediate steps to secure their systems and prevent unauthorized access.

Apple has released Security Update 2017-001 to address the issue.  The update should be available through the Updates tab in the Mac App Store.

For detailed installation instructions, visit: https://support.apple.com/en-us/HT201541

How to Prevent Root Login Without a Password in macOS High Sierra

If you cannot immediatly patch your system, there are two other methods available to lock down the Root account. One option is to use the Directory Utility and the other is performed on the command line. Choose whichever you feel more comfortable doing, they both accomplish the same task.

Please contact the IT Service Desk at 978 934 4357 should you need assistance with this.

Using Directory Utility to Lock Down Root:
1. Open Spotlight on the Mac by hitting Command+Spacebar (or clicking the Spotlight icon in the upper right corner of the menubar) and type in “Directory Utility” and hit return to launch the appprevent root password less login bug

2. Click the little lock icon in the corner and authenticate with an admin account login (in most cases this is the same account you log into your mac with).

prevent root password less login bug

3. Now pull down the “Edit” menu and choose “Change Root Password…” (see note under step #5 if you don’t see ‘Change Root Password… in the menu’) ***

prevent root password less login bug

4. Enter a password for the root user account and confirm, then click “OK”

prevent root password less login bug

5. Close out of Directory Utility

*** If the root user account is not yet enabled, choose “Enable Root User” and then set a password instead.

Essentially all you are doing is assigning a password to the root account, meaning that logging in with root will then require a password as it should. Also, if the root account is disabled, it doesn’t mean it is secure. The root account must be enabled and have a set password.

Using the Command Line to Assign a Root Password:
Users who would prefer to use the command line in macOS can also set or assign a root password with sudo and the regular old passwd command.
1. Open the Terminal application, found in /Applications/Utilities/
2. Type the following syntax exactly into the terminal, then hit the return key:
sudo passwd root
3. Enter your admin password to authenticate and hit return
4. At “New password”, enter a password you won’t forget, hit return, and confirm it

Stop no password root login but in macOS High Sierra from command line

Be sure to set the root password to something you will remember, or perhaps even matching your admin password. UMass Lowell Information Security recommends a 16 character password for optimal security.

Source: http://osxdaily.com/2017/11/28/macos-high-sierra-root-login-without-password-bug/

Take 5 minutes to secure your account and ensure your privacy with Google.

Google has a set of online tools available for quickly checking and modifying your account settings.

Start by going to myaccount.google.com where you can manage “Sign-in & security”, “Personal info & privacy” and ‘Account Preferences”. Towards the bottom of the page, you can “Get Started” with a  “Security Checkup” which will walk you through setting recovery options, checking connected devices and account permissions. The “Privacy Checkup” tool will show you what you have shared using your Google+ profile and the types of information collected to personalize your Google experience. Settings include allowing people to search for your name, number and other information, photo settings including geographic locations and managing web & app activity.

Be sure to take some time to review what Google collects and what you want made available for people to see. You might be surprised what you find as your existing settings!

I have a firewall – am I good?

Firewalls are one of the many components defending our networks and computers from unwanted connections. But how do they help keep us secure? Imagine a firewall as a building with many doors. Each door controls access to a particular service on your computer.  For example, hosting a web page or running a database on your computer would be a legitimate service.  If you would like people outside the building to view your web page, you would need to open the door controlling access to that particular service.  Conversely, preventing unwanted outside connections to your database means you need to shut the door controlling access to that service. This type of control prevents people from just wandering in and connecting to any open service on your computer.  Keep in mind that people inside the building can come and go as they please.

So how do the bad guys manage to get in if the doors are closed?

  • Laptops or other portable devices coming into the house may carry infections that can open a door from the inside
  • Unauthorized Wi-Fi access points can open a backdoor into the house
  • Malicious code in a smartphone app can be hidden in legitimate services that can execute when brought back inside the house
  • Unpatched services that have an open door can be exploited to allow additional levels of access
  • People opening their email inside the house can release a virus infecting them or the rest of the building

To make it more difficult for hackers from gaining access, additional defense mechanisms such as anti-virus, anti-spam, and patching your computers are used in conjunction with the firewalls.  Employing various technologies such as these is known as Defense in Depth, and it helps to head off the intruders whenever they manage to find an opening.

So while firewalls may be considered our first line of defense, they are by no means our only tool in the security toolbox to help keep us secure.