Blog

The Internet of Sh*t is finally here, and it sure does stink!

internet_of_poop

You may have heard recently how the popular security blog Krebs on Security was taken offline by a record DDOS attack along with Friday’s major attack on DynDNS.

The reason these attacks are newsworthy is because the attacks are so massive that even the best anti-DDOS systems like Akamai’s could not keep Krebs or DynDNS online.  Cloudflare recently posted some visualizations to show how large these types of attacks can be.

The reason these attacks were so powerful was because they were created from a botnet of “Internet of Things” devices that are unsecured by default, also known as the “Internet of Sh*t”.  Hackers created this new botnet called Mirai that searches the Internet for unsecured  DVRs and IP cameras with default passwords.

Unfortunately, now the Mirai source code is available to anyone, so these attacks will probably become more frequent and grow even larger.  Currently live Mirai infections world-wide are mapped by a security site called Malwaretech.com and the infection has spread to almost every country world-wide.

One of our favorite Twitter accounts that we follow is called InternetOfShit.  The account makes fun of how ridiculous it is to connect all these new devices to the Internet, and how they are mostly unusable and unsafe.

For example, check out this Internet connected teapot that caused the owner to have to spend 11 hours trying to make a cup of tea!  At first the “Internet of Sh*t” was a joke, but now due to the Mirai botnet it’s becoming more serious and governments may try to create regulations to stop companies from creating hardware products that are insecure by default.

Do you think you may have an Internet of Sh*t device on your network?  Go to GlassWire’s “Network” tab to see a list of all the devices on your network and get alerted when a new unknown device joins your network.

If you do have a Sh*t device on your network please do us all a favor and unplug it, or at least change the default password.  Not only could your Sh*t device be sending out DDOS attacks, it’s probably slowing your Internet access down considerably.

By the way… if you haven’t already, don’t forget to follow the InternetOfShit!

Blog

GlassWire 1.2.76 released!

newupdate

GlassWire 1.2.76 is now available for download.

This update uses a new default listening port (7010) for remote access to other GlassWire clients.  If you have remote GlassWire clients you are monitoring you’ll need to update your local client along with the remote client or the connection will fail.  The ports were changed due to user feedback.  Apparently some network security software will give false positives if certain ports are used.  This will be a one time change and we apologize for the inconvenience.

Please note that you can still use any port you prefer with GlassWire by going to GlassWire’s settings, then the “Server” tab, then changing the port numbers there.

We also removed an old cipher that could be used locally between the client and the service, fixed a problem where some free users had a crash when trying to make a remote connection, made GlassWire’s history deletion more secure, and made some changes so local traffic is detected more accurately.

Download GlassWire 1.2.76 nowChange List

Blog

Preventing others from seeing what websites you’re currently logged into

spying_logged_on_websites

Did you know that any website you visit could be making a log of all the other websites you’re currently logged into?

Some websites do this without your permission to build a profile about you to show you targeted ads.  Unfortunately, this data could also be used against you to attempt to hack you by sending you targeted exploits, clickjacking links, or phishing sites.

Do you think this problem doesn’t apply to you?  You’re probably wrong.

Check out this Github page by Robin Linus that will show you what sites you’re currently logged into.

How was Robin able to create this page?  As Robin explains on the page, websites can track what other sites you are logged on to by tracking whether certain favicons or images load or not.

How can you avoid being tracked like this?

Robin suggests a plug-In like Privacy Badger https://www.eff.org/privacybadger from the Electronic Frontier Foundation (please support them if you can, we do).

Another technique that can help is called “browser isolation”.  One simple way to do this is to dedicate one browser for your major social media or login accounts, then use a separate more secured browser for web surfing.  You can also use a “Private Window” or “Incognito mode” window in your browser separate from your logged in browser to surf the web.

The truly paranoid GlassWIre user could set up a virtual machine with a VPN, then only surf the web from that virtual machine.

Once you feel you’re protected visit Robin’s page again to confirm your logged on sites are safe again!