Notes from the Field: Feb 20, 2014
Comcast has made an offer to buy Time Warner Cable. The deal which was accepted by TWC would combine the numbers one and two cable companies in the United States. Comcast which owns a number of media properties such as NBC and MSNBC has already given marching orders to its lobbyists to get the deal approved. In response, there has been some rather heavy criticism of the deal asking both Congress and the Justice Department not to approve the merger. As usual, Comcast has said this deal would give customers more choice, but as noted in the press, past mergers involving Comcast had evolved into even poorer customer service and significantly higher prices.
A new worm called the Moon worm is spreading through the Internet. This worm targets Linksys routers which includes a large number of home users including CEBUG members. Initially the Linksys E1000 and E1200 were targeted but that list now includes the following models: E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, and the E900. It is possible that even the older routers could be affected so you need to keep updated on this list. All of these routers need to have their firmware updated. The E900 and E1000 is no longer supported so updating the firmware may be out of the question. Apparently, the remote access function has a problem in the firmware in which home networks have been owned. Linksys/Cisco initially made no comment about this, but just today expanded the list of routers affected by this problem. The mitigation is to configure a good password for admin access, turn of remote admin functionality, or restrict the remote admin function to specific IP addresses users control. Another option is to remove the firmware completely and install dd-wrt which is router software that makes better use of the hardware found on most routers. However the caveat I’d suggest is that you engage with a security and/or IT experienced individual who has experience in making this firmware change. It is not for the light hearted and can brick a router in no time if not done correctly.
There is a report of phony SSL certificates being issued that allow smartphones to access banking systems; Modern browsers are not fooled by the phony certificates, but mobile apps are.
Adobe has rushed out another patch to fix yet another zero day flaw. This affects Flash versions 184.108.40.206 and earlier for windows and the Mac, and versions 220.127.116.116 and earlier for Linux. There are three vulnerabilities fixed in this update.