As of 4/14/2015, the Google Chrome browser version 42.xx and above will no longer directly support the Java platform.

Java relies on NPAPI, an API first introduced over twenty years ago.   Google feels that NPAPI’s “90s-era architecture has become a leading cause of hangs, crashes, security incidents, and code complexity.”   For these reasons, Google Chrome no longer supports NPAPI, which means the Java Platform will no longer work in Google Chrome.

Users experiencing issues with Java in Chrome may follow either of these workarounds:

1. Switch to a NPAPI supported web browser, such as Internet Explorer 11 or Mozilla Firefox.

2. Manually re-enable NPAPI in Google Chrome using the steps below.  (Note: This workaround will be removed by Chrome in September 2015 or earlier.)

  1. Paste the following link into your Google Chrome browser: chrome://flags/#enable-npapi
  2. Click “Enable” under NPAPI.  (If you see the word “Disable,” then it is already enabled.)
  3. After enabling NPAPI, click the “Relaunch Now” button at the bottom of the page or the changes will not take effect.

 

http://blog.chromium.org/2013/09/saying-goodbye-to-our-old-friend-npapi.html

 

A cyberattack against JPMorgan Chase last summer, which affected 76 million households, could have been prevented by a simple security fix, experts say.

Had JPMorgan Chase implemented TWO-FACTOR AUTHENTICATION on all of their servers, the breach would likely not have occurred.  From Dealbook at the New York Times:

“Most big banks use a double authentication scheme, known as two-factor authentication, which requires a second one-time password to gain access to a protected system. But JPMorgan’s security team had apparently neglected to upgrade one of its network servers with the dual password scheme, the people briefed on the matter said. That left the bank vulnerable to intrusion.”

Two-factor authentication adds a second layer of authentication to login procedures, beyond the username/password combination.  This second layer of authentication makes it increasingly difficult for hackers to remotely access your data.

Two-factor authentication can be established many ways, but the basic principle is to combine 1. SOMETHING YOU KNOW (like a username/password combination) with 2. SOMETHING YOU HAVE (like a key fob, mobile phone, or biometric fingerprint.)

Tier1Net recommends implementing two-factor authentication on all publicly accessible remote access portals.  The Sonicwall SRA appliance leveraged by many Tier1net customers has this capability bundled into its standard operating system.  This feature known as ONE-TIME PASSWORD or OTP works by challenging an authenticated user with a request for a second password.  The second password is sent from the device to the user via text message.  Upon each subsequent login, the user will receive a different one-time password for access.

Recently Tier1Net has been implementing all new Sonicwall SRAs with this secure configuration by default, and strongly recommends enabling it for all production appliances currently configured for single factor authentication.

Thanks and Happy Holidays!

Tier1Net

 

Read More: http://dealbook.nytimes.com/2014/12/22/entry-point-of-jpmorgan-data-breach-is-identified/

 

Countdown to Windows Server 2003 End of Support Date

The deadline for upgrading Windows 2003 Servers is fast approaching.

In July of 2015, Microsoft will be discontinuing support for Windows 2003 Operating Systems.

After that time, servers running Windows 2003 will no longer receive critical security updates and patches.

The US Department of Homeland Security has released a statement urging users to upgrade their systems prior to the End-of-Support date:

“Computer systems running unsupported software are exposed to an elevated risk to cybersecurity dangers, such as malicious attacks or electronic data loss.

Users may also encounter problems with software and hardware compatibility since new software applications and hardware devices may not be built for Windows Server 2003.

Organizations that are governed by regulatory obligations may find they are no longer able to satisfy compliance requirements while running Windows Server 2003.”

 

Tier1Net has been reaching out to individual clients who are still using Windows 2003 Operating Systems in their environments to discuss migration plans.

If you have questions about the Windows 2003 Server End-of-Support or migration process, please contact us.

 

Further Reading:

http://www.microsoft.com/en-us/server-cloud/products/windows-server-2003/

https://www.us-cert.gov/ncas/alerts/TA14-310A

The POODLE vulnerability, or “Padding Oracle On Downgraded Legacy Encryption”, is a new security threat found within existing, though outdated, encryption technology.

This vulnerability is not as threatening as Heartbleed or Shellshock which could both be exploited via direct attack vectors. The POODLE vulnerability requires a man in the middle attack vector in order to be exploited.

Unfortunately this vulnerability does not have a specific solution or patch but rather multiple methods of reducing risk to exposure.  Experts at Google, Microsoft, Mozilla, and others, have all posted possible methods to mitigate against the POODLE vulnerability.

Tier1Net is actively following all POODLE developments and will release a more detailed notice with information regarding the vulnerability and steps that can be taken to reduce exposure.

This vulnerability is not as threatening as Heartbleed or Shellshock

POODLE exposes a vulnerability in an outdated – but still used – web encryption technology SSL 3.0.  Modern web browsers are designed to prefer the newer TLS encryption protocol when accessing a service secured via SSL.  But most browsers will still accommodate SSL 3.0 traffic, if the host or client demands it.  SSL 3.0 traffic, however, exposes a unique vulnerability for attackers to decrypt data sent between the client and server.

The conditions that are required for the attack to be applicable are hard to obtain.

It would not be easy to exploit this vulnerability however.  “The conditions that are required for the attack to be applicable are hard to obtain.” said Itsik Mantin, director of security research at Imperva. “In particular, the attacker needs to become a man-in-the-middle between the attacked client and server, and to generate, block and modify client messages to the server and vice versa.”  An attacker could then theoretically force the host/client connection to “fallback” to SSL 3.0, where the attacker could then potentially access data.  An attack such as this would most likely occur on an unsecured public network, such as a Wi-Fi network at an airport.

In order to safeguard against POODLE, SSL 3.0 fallback must be blocked on all levels.  Due to the scope and complexity of possible SSL 3.0 usage, a permanent blocking solution is not yet agreed upon.  Blocking SSL 3.0 prematurely could break many existing websites: potentially blocking users from accessing a client’s own site, and also blocking employee’s from accessing business critical sites.

Tier1Net is actively following all recommendations and will keep its clients apprised of new developments.

 

https://www.openssl.org/news/secadv_20141015.txt

https://threatpost.com/new-poodle-ssl-3-0-attack-exploits-protocol-fallback-issue/108844

http://www.pcworld.com/article/2834015/security-experts-warn-of-poodle-attack-against-ssl-30.html

 

 

A new security vulnerability has been identified with the BASH shell used by Mac OS X, Unix and Linux.  A patch has already been released for this vulnerability.

Tier1Net does not employ Mac OS X/Linux/Unix within its network infrastructure.  However, certain nodes which incorporate Linux components may be impacted.  Tier1net is working with its vendors to determine if these nodes are vulnerable.  If any node is found to be vulnerable Tier1net will take immediate action to apply the appropriate patches to resolve the vulnerability.  As an added precaution Tier1net has verified no attack vector is available to any potentially impacted node.

Also Tier1net is currently evaluating the exposure of this security threat with regards to its managed services clients.

Based on current information, there is no known exposure to these clients.

Should new information be released to suggest otherwise, Tier1Net will notify all affected clients and take appropriate measures.

UPDATE: (9/26/14)

Tier1Net has spent the last day collecting data regarding this vulnerability, and waiting on clarification from vendors as to their exposure. It has been determined that Tier1net’s network infrastructure is not impacted by this vulnerability.
Furthermore, Tier1net has evaluated the risk to its Managed Service customers and determined little to no exposure within those networks. To those customers running Mac OS X at home or at work, Apple has stated the operating system is “safe by default,” and only vulnerable if a user has intentionally configured advanced Unix settings on their Mac device. For more information regarding the Mac OS X vulnerability please visit http://www.cnet.com/news/vast-majority-of-os-x-users-safe-from-bash-shellshock-bug-apple-says/ or http://www.apple.com

 

 

 

 

 

 

To Our Clients:

In a collaborative effort to enhance cyber security, Microsoft and Google recently announced their intention to cease support for certain SSL certificates within their Internet Explorer and Chrome web browsers.

Starting as early as September 26, 2014, Google Chrome will place a visual alert icon alongside certain previously trusted web addresses.  These visual icons will progress in phases over six months, as a means to alert visitors to potential security issues with a website.  Websites affected will be those which use SSL Certificates containing SHA-1 algorithm valid past 01/01/2016.  Microsoft will not be instituting any browser changes till later in 2016/2017.

To avoid the Google Chrome security icon from appearing our your site, Tier1Net will be re-issuing “Chrome Supported” SSL Certificates for all at-risk sites over the next few weeks.

Tier1Net will be contacting the owners of all at-risk sites to discuss the next steps for certificate re-issuance.

Please continue reading below for more information.

 

SSL certificate encryption, depicted by “https:” in a browser,  is what authenticates a website as secure and inimitable.  A theoretical breach in that encryption would allow another site to “copy” the https site, and potentially capture the secure traffic therein.   Today, there is little-to-no risk of a breach occurring in SSL encryption.   In future years however, technological advancements may increase the risk of SSL encryption breaches.  For that reason, Google is motivating certificate owners to upgrade their SSL encryption to the more robust SHA-2 algorithm.

To motivate certificate owners, starting this month, Google Chrome web browsers will display a warning icon next to any sites using SHA-1 certificatesThese warning icons will only appear on SHA-1 sites whose certificates are valid past 01/01/2016.  These visual warnings will progress over the next  few months from “secure, but with errors” to “neutral” to “not secure”:

To avoid these security warning icons from appearing on your site, Tier1Net will be re-issuing SSL Certificates for all at-risk sites.  The re-issued SSL Certificates will have the latest SHA-2 algorithm and will be “Chrome Supported.”

Tier1Net will be contacting all owners of at-risk sites to discuss next steps.

Please visit Google’s announcement to learn more.

Thank you.

Tier1Net

 

 

Dell SonicWALL has identified multiple LDAP authentication protocol vulnerabilities exposed when SonicOS is configured to use Microsoft Active Directory / LDAP for authentication of AD/LDAP usernames who are members of SonicWALL Administrator groups.   Tier1Net’s infrastructure is not exposed to this vulnerability.  However, to mitigate against possible future exposure, Tier1Net will be performing firmware updates on all Dell SonicWALL firewalls within its network infrastructure.

If you have questions or concerns about this matter, please contact Tier1Net.

 

 

 

Attention Tier1Net Clients:

We have heard reports of a widespread phishing scam posing as a legitimate American Express email.   Tier1Net is actively adding rules to block access to this phishing website across all managed firewalls.  Meanwhile, Tier1Net recommends alerting all users of this potential phishing scam and advising them to delete any suspicious American Express emails upon receipt.

The phishing email may contain the subject: “American Express – Safe Key” and claim to inquire about “recent charges on your account.”

If you receive this email, please delete it and do not click on any links within the email.  Clicking on the link within this email will take you a fraudulent webpage, requesting that you enter in sensitive information.  If you visit this page: do not enter any sensitive information.

If you believe you have accidentally clicked this link, and/or have entered any information on the phishing webpage, please contact Tier1Net immediately.

A screenshot of the phishing email is included below.

 

 

Two days ago, Hold Security revealed that Russian hackers have amassed over 1.2 billion usernames and passwords from various websites. The Milwaukee based firm would not elaborate on which websites were targeted, or how users could know if their credentials had been compromised.  Experts from within the firm, who played a role in identifying the previous security breaches with Adobe Systems and Target, say the latest Russian hacking scheme could be “the largest data breach known to date.”

Since the announcement, the scope and urgency of Hold Security’s claim has been questioned, with some arguing that the 1.2 billion usernames were amassed over multiple years via several hacking events: Stewart Baker, a partner at Steptoe & Johnson LLP and former general counsel of the National Security Agency, said, “1.2 billion is a very big number. If they got there by assembling two years’ worth of hacks, it is less impressive.”

Nevertheless, Tier1Net wants our clients to be aware that none of their Tier1Net hosted websites were affected by this alleged breach.

Meanwhile, we encourage all web users to review the Best Practices for Safe Web Use.

Please review Tier1Net’s Best Practices for Safe Web Use below.

1. Regularly change your passwords for any sites that contain sensitive information, such as anything related to your finances, healthcare, credit cards, and banking information.

2. Do not use the same password across multiple sites.

3. Do not store your online logins/passwords in a file on your computer.

4. Regularly review your bank, credit card, financial, and healthcare statements for accuracy. Report unknown or suspicious activity immediately to the account provider.

5. When offered by an online provider, always opt for two-factor authentication. Two-factor authentication relies on a second set of credentials for access (beyond your password.)

6. Proceed with caution.   When large scale malicious activity is reported, always assume that your accounts may have been targeted, and take the appropriate actions – such as changing your passwords – to safeguard against information breaches.

If you have questions about this latest security breach, or how to keep your web activity secure, please contact us.

Thanks,

Tier1Net

 

Researchers have just identified a vulnerability in OpenSSL software.   This vulnerability is known as the “Man in the Middle” threat, or MitM.

The MitM threat allows a hacker to potentially intercept and decrypt data transmitted between vulnerable clients and servers.

How Does MitM Work?

The attacker would create a fake “handshake” in between two devices that would allow them to believe that the attacker is a valid target. The attacker can use the key material to decrypt/modify traffic at their will. However, the attacker would need to be in the “man-in-the-middle” position on the network (in between the two devices) in order to exploit this vulnerability.

Wireless networks are at a higher risk of this MitM attack as they are more readily available and users could connect to any unsecured (and secured) network without a second thought.

 

Who Does MitM Affect?

MitM threat affects all versions of the OpenSSL Client.  Fortunately, Tier1Net’s Professional Services clients do not use OpenSSL for Windows Servers or Certificates, so those devices are not vulnerable to the threat.  Tier1Net’s web servers do not use OpenSSL for websites hosted on its backbone.

However, the OpenSSL technology is used in some Sonicwall SSLVPN devices.  Sonicwall SSLVPN devices may be affected by the MitM threat.

 

What is Tier1Net doing?

Tier1Net is in the process of upgrading the firmware of all potentially affected SSLVPN devices.  This firmware upgrade will protect against the MitM vulnerability.

Tier1Net has sent notices to all potentially affected clients.

 

For more information on the MitM Vulnerability, please click the sources below:

https://www.openssl.org/news/secadv_20140605.txt

http://threatpost.com/new-openssl-mitm-flaw-affects-all-clients-some-server-versions/106470