Cryptowall Infecting Systems via Advertisements

A new and dangerous variant of the original CRYPTOLOCKER (which brought an estimated $23 million to the bad actors) is on the loose. This malicious software is infecting machines through advertisements found on major sites such as Facebook, Disney, The Guardian and many others. The software gains final entry to a system via UNPATCHED software such as Flash, Internet Explorer, Java or Silverlight. Once infected, your most commonly used documents become encrypted/useless until you pay a ransom....get the full story here.

As part of our Systems Management Program, we automatically patch 3rd party software, this being only one layer in our multiple layer approach to managing systems and network security. With Cryptowall exploiting unpatched software, this is yet another reminder of the importance of updating/patching your software and having a reliable backup solution in place.


HTTPS Why no Padlock? Mixed Content Warnings

Ever visit a website and receive a popup "ONLY SECURE CONTENT IS DISPLAYED" or a broken padlock next to the URL of the site? This occurs when visiting a site using SSL (usually defined by the HTTPS in the beginning of the URL) and not all of the content on the site/page is being delivered through SSL. Unfortunately this is common place and usually a result of negligence on the site owners end, however it has also been noted that when a users browser/system is "infected", the malicious software will inject advertisements into the websites being viewed also resulting in a MIXED CONTENT WARNING. In any case, this breaks the SSL connection between you and the website, defeating the purpose of using SSL to begin with. Should you ever receive these warnings while visiting a financial website or your email providers "webmail", DO NOT PROCEED! Most if not all banking sites will never deliver content via HTTP but strictly HTTPS. It is advised to check your system for malware. A non HTTPS connection means that everything between you and the website is being sent in the clear, including passwords/usernames, personal information, etc.

A recent article posted at Qualys Security Labs suggests this "problem" being the easiest way to break SSL

Are you a site owner trying to fix this? The first step is to determine exactly which content is being delivered via HTTP rather than HTTPS. A very useful site for showing non https links being loaded can be found here.  Simply enter your sites URL and all the links on that page will be displayed. This will narrow down exactly which link(s) are causing the problem. If you require assistance, please contact us.

We believe ALL internet websites should implement SSL. The E.F.F (Electronic Frontier Foundation) started an HTTPS campaign back in 2011. By implementing SSL (regardless if your collecting personal information on your site or not), you are helping to protect users privacy and freedom. Begin by purchasing an SSL certificate. We can assist in converting your current site over to FULL TIME SSL

Other useful tools:

Is TRUECRYPT Really Dead?

The very popular software used by millions for encrypting data has apparently halted development and is advising users to migrate to something different due to "potential security concerns". While this is breaking news, at this time it is hard to believe for many. Some are guessing a defacement of their website has occurred, some suggest a disgruntled developer. An analysis of the software version (mysteriously released yesterday) has shown the same key being used as previous software releases. The latest software release does not allow you to encrypt anything, only decrypt. 

Worth noting:

  • A $70,000 dollar audit was started last year, the goal is to perform a complete analysis of the source code looking for any major vulnerabilities. Phase 1 of the audit was completed early this year with no major security issues found. Phase 2 was to conclude over this summer. The audit team has reached out to the developer(s) as of today regarding the "news", awaiting a response.
  • With the recent Snowden revelations, he mentioned the use of a secure email provider called Lavabit, shortly after he mentioned this publicly, the service shutdown with the explanation of a court order demanding the "keys" thus making the core of his service useless/insecure. Recent news mentions Snowden's use/belief in Truecrypt.
  • The Truecrypt team had posted a "roadmap" of sorts outlining the continued development of the software for use on the latest Windows 8.1 platform. This was not a "dead" project. Something bad has happened...
  • The Truecrypt developer(s) have always been "anonymous" however the audit team has been in contact with them.
  • A popular service called the waybackmachine is an internet website archive, you can view websites as they were in the past, the Truecrypt website has been excluded..hmm.

At this time, it is advised not to download or use the latest version found at It is also advised not yet to migrate away from any existing instance you may be running.  Until a "tool" is released, or the audit finds a big hole that exploits Truecrypt making it almost useless, it remains one of the best encryption tools out there. If however they were forced to insert a backdoor of sorts (via court order) and this is his/her/their way of letting everyone know (explains the bizarre recommendations), than by all means we will stop using it. Until more info is released, we are staying still.

More info: Arstechnica | Slashdot | Krebs on Security | Reddit | Cory Doctrow

Apple iPhone iPad iPod Ransomware - Device Locked Messsage?

"My device has been hacked" Cybercriminals have targeted a large number of users of Apple's iCloud connected devices with a sophisticated Ransomware in Australia.

The owners of iPhone, Mac and iPads are finding their devices locked remotely through iCloud and a message originating in Apple's find my device service that states "Device hacked by Oleg Pliss".

One user wrote on Apple Support Forum, "I went to check my phone and there was a message on the screen (it's still there) saying that my device(s) had been hacked by 'Oleg Pliss' and he/she/they demanded $100 USD/EUR (sent by paypal to lock404(at) to return them to me."

The Locked Devices are prompting to send up to US$100 to a Paypal account of the suspected hacker in order to have them unlocked. But we urge our users not to send money to the given account, as PayPal spokesman confirmed that, ‘There's no PayPal account linked to hacker email addr and any customer who has sent money will be refunded’

Continue to get updates for Windows XP?

Still running Windows XP? While it is advised to switch over to Windows 7 or 8.1 for many reasons, a technique is being used to continue to get security patches for Windows XP, while this will not protect the system as a whole, it will provide more security for your Windows XP than without.

A relatively simple method has emerged as a trick for the XP users which makes it possible to receive Windows XP security updates for the next five years i.e. until April 2019.

It makes use of updates for Windows Embedded POSReady 2009 based on Windows XP Service Pack 3, because the security updates which are being released for POSReady 2009 are inevitably the same updates Microsoft would have rolled out for its Windows XP, if it was still supporting XP Operating System.

Windows Embedded POSReady 2009 is the operating system installed in "point-of-sale" (POS) systems such as restaurant machine, ticket machines or other customized version of Windows Embedded systems. POS machine most likely uses the XP operating system, therefore receives the same updates that are delivered by Microsoft for the officially unsupported version of Windows XP.

You are not allowed to directly install these Windows updates for your OS. In order to download new security updates for your Windows XP, you just need to perform a simple intervention into the Windows registration database.


*Open Notepad and create a new file.

*Copy and Paste the text below:

    Windows Registry Editor Version 5.00

*Save file as .reg extension and run it by double clicking it.

Once executed, you will find lots of pending updates in your Windows Action Center.

Because the extended support for Windows Embedded POSReady 2009 systems ends after 5 years, Microsoft will continue to deliver new security updates and patches for this version of its embedded operating system till April 9th, 2019, so users can use this trick to get security updates of Windows XP for another five years.

WordPress Vulnerability Contributes to DDOS Attacks

Are running a WordPress site? A recent vulnerability, actively being used to perform DDOS attacks, is making its rounds. Basically, a “pingback” function that is built into WordPress (enabled by default), allows an "attacker" to target a specific site and use the built in feature "pingback" of another site, to take a targeted site down. This means that a vulnerable WordPress site is used to attack another site, multiply that by thousands, and the "target" is unable to handle the vast amount of requests.  While this isn't a direct threat to your site, by leaving this vulnerability enabled, your allowing your site to be used as a weapon. While the WordPress team is aware of the issue, they are not likely to release a "patch" because this is considered a "feature" and one that many other plugins use.

A plugin exists that will mitigate this vulnerablity on your WordPress site, download/install this highly rated plugin (disable XML-RPC).

How secure is your WordPress site? With WordPress becoming increasingly popular as the platform for many websites, mostly due to the "ease of use" factor, we continue to find that many of these sites lack any "best practice". High Desert Technology can help assess and implement "best practice".   

More information regarding this "vulnerability" can be found at SECURI.

Subscribe to our Newsletter

Search ALL Articles

Managed V. Non-Managed


US-CERT Latest Warnings

Latest US-CERT Released Warnings

Posted Articles