Ransomware?

I have to admit that this is a new one to me. It’s an obvious extension of some other scams but I haven’t come across it before. One reason might be that it’s currently more prevalent in the UK than here. The UK, it turns out, is the testing ground for a lot of nasty stuff online.

It works like this: Your system gets infected because you click on an email attachment, click on a pop-up offering something, or visit an infected website. Suddenly you discover that every website you visit has a pornographic overlay. Or you start seeing pop-ups threatening to delete some of your data. Frequently there is a ransom demand to end the harassment, and, with the data deletion threat, a time-based threat (“Pay XX dollars within 30 minutes or we will start deleting data from your hard drive”). Sometimes the ransom demand is a relatively small amount of money – say $10 or so.

First of all, no matter what you do, don’t pay. Because no matter what they say, paying a ransom will not end it. If you pay them, the harassment and ransom demands will continue and the ransom amount will increase. The first line of defense is to break their connection to your computer as quickly as possible: In other words, disconnect from the Internet. You can do this with a firewall if you use one, or you can simply unplug the data connection if you use a wired connection, or disable the WiFi function through your control panel (find Network Connections in the Control Panel, right-click on the wireless network connection, select “Disable” and you are disconnected). If you can’t figure out how to do one of these quickly, turn off the computer.

Then you need to find the infection. If you turned off the computer, make sure it is not connected to the network before you reboot it. If you already have a good anti-virus/anti-spyware program installed, run a scan. If not, you can download one on another machine, copy the installation file to a flash drive, and then install it on the infected machine from the flash drive. Or you can take it to a good computer technician who will do it for you.

The important points here are (1) Don’t cooperate; and (2) Disconnect. Once you have done that you can fix the problem calmly. And remember, it’s just a computer. It wasn’t infected before this happened so it can be returned to that condition.

One more thing: Threats of deleting your data become much less threatening if you back up regularly. If you know that you ran an online backup the previous night, then no matter what they do to your computer, all you can lose is whatever was done in the few hours since the last backup.

Windows XP Retrospective

OK, it’s a little early for a retrospective, but we have passed a major milestone: As of October 22, 2010, Microsoft is no longer selling any version of Windows XP. That means that Windows XP has been on sale to the public for about nine years (it was introduced in 2001) – longer than any other operating system.

This doesn’t mean that XP is going to disappear any time soon, however. Currently, 60% of all operating systems (that includes Macs and Linux machines too) run Windows XP. Next is Windows 7 at slightly over 17%. XP is losing 1% to 2% of market share per month, while Windows 7 is increasing at 2% to 3% per month. Where’s Vista? About 13% and dropping. Mac OS X 10.5 and 10.6 combined account for about 4.4%.

And because of XP’s large market share, Microsoft will be providing security updates for it until August 4, 2014. At that point XP will have been supported for 13 years, another record for an operating system.

XP is so successful that the Professional and Ultimate versions of Windows 7 include the option to run a complete, free, licensed, self-contained XP virtual PC inside Windows 7. So even if you upgrade to Windows 7 you can continue to run Windows XP for those applications that simply won’t run on Windows 7.

Upgrading from XP to Windows 7 is not as smooth as upgrading from Vista to Windows 7, but Microsoft and others have used the year that Windows 7 has been out (yes, it’s been an entire year) to develop some upgrade procedures that are, if not painless, at least usable by ordinary mortals*.

A more complete discussion of Windows XP’s history and future, along with an extensive collection of links to articles on everything from solving XP problems to upgrading to Windows 7, can be found in this article by Fred Langa, a very respected Windows guru who has been writing technical articles for many years.

Incidentally, the article first appeared in the Windows Secrets Newsletter. I consider this the best weekly Windows-focused technical newsletter around. Most of the articles are aimed at moderately technical people, so if you are looking for a good holiday present for a geek, this newsletter may be the answer. There is a free version, but the paid version is even better (twice as many articles per week). And there’s no set price for the paid version – they simply ask you to pay what you think it’s worth. $15/year is probably a minimum, but I’ve seen very expensive newsletters that provide less useful information than this one. And no, I have no connection to them, other than being an enthusiastic reader.

* – An “ordinary mortal” is someone who doesn’t understand the difference between 32-bit computing and 64-bit computing, and furthermore doesn’t care. For comparison, a “mere mortal” is someone who doesn’t know what version of Windows he or she is using, and doesn’t care.

What is a Firesheep and How do You Shear It?

What is Firesheep?

Do you use Facebook on public WiFi connections? If so, you may be vulnerable to an attack using Firesheep, a recent Firefox extension that allows someone using the same WiFi connection to gain control of your Facebook account. This has always been possible but until now it required a lot of techie knowledge and some fairly complex software to do it. With this extension, anybody who can download and install an attachment to their browser is able to grab control of your Facebook account.

This Firefox extension was released by someone who is attempting to raise the security issue by embarrassing websites like Facebook into using encrypted connections. In the long run this will probably be the positive result, but in the short run he has provided a route for unscrupulous but less-skilled people to hack Facebook accounts.

And before anybody raises the Mac vs. PC issue, let me say that this is platform-independent, which is techie jargon for “Yes, your Mac is just as vulnerable as a PC in this case.”

Here’s a quick run-down, with as little jargon as I can manage, of how this works:

Without some help, websites have no way to track an individual user from page to page. In practical terms, this means that if you log into Facebook and then click on a link to another page (say, your Profile page), Facebook has no clue that you are the person who just logged in.

Web developers solve this by using a cookie, which is simply a text file that contains a unique identifying number. When you click that link to the Profile page, your web browser sends that cookie along with the Profile page request. That way, Facebook knows whose Profile page to retrieve. When you log out of Facebook the cookie is deleted (and if you simply close your browser, the way most people do, the cookie automatically expires in about 20 minutes).

Now here’s where the WiFi issue comes up. Each time you click on a link within Facebook, your browser sends the cookie. If you are on a public WiFi connection without encryption (and if there’s no WiFi password there’s no WiFi encryption), your browser is, in effect, shouting out that cookie to everyone using that WiFi connection.

The Firesheep extension simply captures these cookies as they go by. Then the person using the Firesheep extension can simply take over your Facebook page because they have the cookie that identifies them as you. If they are reasonably adept at it, they may wait until you close your browser (without logging off, which is the way most people do it) and then grab hold of your account before the 20-minute timeout of the cookie. Next time you try to log into Facebook you may discover that your password has been changed, along with everything else on your page.

How to Shear Firesheep

Can you protect yourself from Firesheep? For popular sites like Facebook, Twitter, and Google, you can do so fairly easily. Curiously, these sites are capable of using encrypted connections but do not do so by default. You can force them into encrypted mode. Here’s how to do it:

If you are using Firefox, install the “Force TLS” extension. Once it is installed, look for Force TLS Configuration on the Tools menu. There you can enter the URLs of sites you want to force into encrypted mode.

If you are using Chrome, install the “Use HTTPS” extension. Once it is installed, go to the Tools | Extensions menu and click on Options under “Use HTTPS.” There you can enter the URLs of sites you want to force into encrypted mode. Use HTTPS has checkboxes for selecting Facebook and Twitter to save you a little typing.

I have not found similar extensions for Internet Explorer or Safari yet but if they don’t already exist they will soon. If someone finds one please tell me in the comments.

Note that this is not a universal fix beyond Facebook and Twitter — some websites won’t work at all in encrypted mode and some will work badly. Experiment with your favorite sites. If some don’t work right you will have to decide whether to avoid using them in public WiFi settings or use them and risk being Firesheeped (I don’t know if that’s considered a verb, but I just declared it to be).

Also remember that, for each website that you want to force to use encryption, you have to enter its URL into the extension (Force TLS for Firefox and Use HTTPS for Chrome).

How can you be sure you are using an encrypted connection? Easy. Just look at the website address in your browser address line. If it begins with “https” you are using an encrypted connection. If it begins with “http” it’s not encrypted, no matter what they may tell you.

The Really Good But More Difficult Solution

Yes, there is a better solution. It works with all websites and it is secure. However it costs. You can accept that cost in speed or money. It’s called VPN, or Virtual Private Network.

VPN is nothing new — it has been used for years by large corporations to allow employees to work remotely while maintaining a secure connection to the company network. In effect, VPN creates a secure (encrypted) tunnel through which everything sent to or from your computer travels. It’s secure until it reaches the VPN server, but from there it all travels via land-line so there are fewer security risks.

There are a couple of free VPN providers: OpenVPN and ItsHidden. OpenVPN is Open Source and therefore free. ItsHidden is not open source but provides a free and a premium ($9.99/month) service. Some users of both of the free services have reported occasional slow response.

Some paid VPN services (in addition to the ItsHidden Premium service) include Golden Frog VyprVPN ($14.99/month) and StrongVPN (“from $7/month”). These seem to work faster and more reliably than the free services.

Conclusion

If most of what you do in public WiFi environments is Facebook and Twitter, use the browser extensions to force the sites into encrypted mode. Once you set it up you can forget it — it works automatically.

If you connect to sites that don’t work with encryption you should seriously consider VPN.