Username

Password
Latest News, Alerts and Items of Note

11/9/17

Cryptojacking craze that drains your CPU now done by 2,500 sites...read more

 

11/6/17

ColdFusion MailSpoolService Manual Restart Issue.  ColdFusion11 Standard server sending duplicate emails?  Read on: https://www.trunkful.com/index.cfm/2017/11/2/ColdFusion-MailSpoolService-Manual-Restart-Issue

 

10/26/17

"Bad Rabbit" data-encrypting malware striking overseas.  Read on at https://arstechnica.com/information-technology/2017/10/new-wave-of-data-encrypting-malware-crashes-through-russia-and-ukraine/.

 

10/25/17

Firefox add-on technology is modernizing

Add-ons allow you to add extra features and functionality to Firefox, modify the Firefox user interface and change its appearance. There are several types of add-ons but extensions are the most common. Anyone can create an extension and make it available for download.

What's happening?

In the past, extensions often stopped working each time a new version of Firefox was released, because developers had to update them every six weeks to keep them compatible. Since extensions could also modify Firefox internal code directly, it was possible for bad actors to include malicious code in an innocent-looking extension.

To address these issues, and as part of broader efforts to modernize Firefox as a whole, we’ve transitioned to a new framework for developing Firefox extensions. Outside of rare instances, extensions created with the new standard won’t break in new Firefox releases. You can still personalize Firefox with extensions the same way you do now, except they won’t break in new Firefox releases.

Note: Starting in Firefox 57, which will be released in November 2017, only extensions built with this new technology will work in Firefox. These are indicated by the "Compatible with Firefox 57+" label on addons.mozilla.org (AMO). Extensions built with the old technology are labeled "Legacy" in the Add-on Manager (about:addons) tab.

Keep in mind that many developers are in the process of updating to the new compatible format. Once they make the transition, your extension will automatically update and there is nothing you need to do.

If you are using legacy add-ons and want to start looking for alternatives in case they become incompatible in Firefox 57, use the extension finder utility to look up the extension you would like to replace and discover recommended replacements.

For more help, please head over to the FAQs.

We recommend that you install add-ons with the "Compatible with Firefox 57+" label to ensure compatibility with Firefox beyond November 2017.

 

10/17/17

Powerful strain of IoT attack malware: https://krebsonsecurity.com/2017/10/reaper-calm-before-the-iot-security-storm/

 

10/16/17

Security Alert: Serious Flaw in WPA2 (Wi-Fi) protocol called "KRACK Hack" Is Targeting Wi-Fi Users

Researchers have disclosed a serious weakness in the WPA2 (Wi-Fi) protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting. The WPA2 is the most common Wi-Fi protocol used by most Wi-Fi routers in homes and businesses.  

Read more at https://www.forbes.com/sites/thomasbrewster/2017/10/16/krack-attack-breaks-wifi-encryption.

The KRACK hack is affecting the core encryption protocol of Wi-Fi Protected Access 2 (WPA2), essentially tricking devices into accepting recycled authorization keys that a hacker has manipulated in order to intercept Internet traffic. In order for this security flaw to be taken advantage of, hacker needs to be within range of your Wi-Fi at home or the Wi-Fi you are using for example at a coffee shop or place of business. You should consider not using Wi-Fi at public locations until after your device(s) have ben updated.

This Security Alert affects the core WPA2 protocol itself and is effective against devices running Android, Linux, and OpenBSD, and to a lesser extent macOS, iOS, and Windows, as well as MediaTek Linksys, and other types of devices. Manufacturers are already distributing software updates for laptops, smartphones, and routers to fix this issue.

Until your devices have been updated, be cautious when using anything with a Wi-Fi connection, and consider using VPN software if you aren't already.

If you have any questions or want more information about the steps you can take to protect yourself and your business against KRACK, email me using the email address below.

wil@cfwebtools.com

 

9/29/17

Cryptocurrency Miners Hacking Servers

Are your free CPU cycles making others rich? There's a chance they are and it's at your expense. A recent article at Vice.com states that "At Least 1.65 Million Computers Are Mining Cryptocurrency for Hackers So Far This Year."  If this is to be believed then it's possible a server you are running has been compromised and is actually mining Cryptocurrency for the hackers.

Cryptocurrency is an anonymous, digital currency that is supposed to be untraceable. It's used on the internet to purchase more and more products and services. One of the most common forms of cryptocurrency is Bitcoin. This is from the Wikipedia entry on Bitcoin.

Bitcoin is a worldwide cryptocurrency and digital payment system called the first decentralized digital currency, since the system works without a central repository or single administrator. It was invented by an unknown programmer, or a group of programmers, under the name Satoshi Nakamoto and released as open-source software in 2009. The system is peer-to-peer, and transactions take place between users directly, without an intermediary. These transactions are verified by network nodes and recorded in a public distributed ledger called a block chain. Besides being created as a reward for mining, bitcoin can be exchanged for other currencies, products, and services. As of February 2015, over 100,000 merchants and vendors accepted bitcoin as payment. Bitcoin can also be held as an investment. According to research produced by Cambridge University in 2017, there are 2.9 to 5.8 million unique users using a cryptocurrency wallet, most of them using bitcoin. ...

Bitcoin Mining is a record-keeping service that runs on peoples computers, servers, or specialized Mining Devices, that are setup by individuals to help process Bitcoin transactions. As a reward for doing this you are given newly created bitcoins and transaction fees. i.e. You can make money by mining for Bitcoin.

This reward is enough that hackers have taken it to the next level and started hacking servers around the world so they can install mining software and use YOUR computers and servers to make money for themselves. Just this week it was discovered that some of Showtime's web servers were mining cryptocurrency. This isn't a new thing either. Back in 2014 Iowa State University servers were also hacked for the purpose on mining Bitcoins. These are not isolated occurrences. They are happening regularly. This practice is free to the hackers and costly to the owners of the servers. Here's why:

Case Study

CF Webtools has seen this type of hack in the real world. We recently had a company come to us seeking our services for both Server Administration and ColdFusion programming. Part of taking this new company on as a client we performed a security review on all of their servers. They also had existing issues that we needed to look at in particular. One of their web servers was rebooting multiple times per day at what seemed like "random" intervals.

Upon review we found the web server was always running at 100% CPU usage with no services claiming to be using that much CPU power. Certainly not ColdFusion or IIS. After completing additional research we decided to install a malware removal tool and scanned for malware. It didn't take long to find that indeed there was malware running on the server. What we found surprised us only because we had not seen this in action before. It was a cryptocurrency miner and it was so intensive that it would crash the server. All attempts to remove the malware failed. It would end up back on the server in a short period of time. The fact is this server was compromised. To resolve the issue we sent one of our decommissioned, but powerful servers, preinstalled with a clean OS to their data center. Then our Operations Manager went on the road to install the new server as well as a physical firewall. We essentially re-architected their entire server setup. Meanwhile the malware removal tool did it's best to keep the malware at bay while I recreated their web server on the new server. It was a busy week (or more), but we were able to clean the code on the clients server and put that on the new server. We also had to research and rebuild all the dependencies from scratch. When it was all said and done we replaced the compromised server with the new one and put all their servers behind a Cisco ASA.

This case of Hacking for Bitcoins proved costly, in the end, to the company that’s systems were compromised all while providing a free profit to the hacker(s).

This is one more friendly reminder to make sure your ColdFusion servers are patched! Either patch them yourself, have your hosting provider patch them. If you need help upgrading your VM or patching your server (or anything else) our operations group is standing by 24/7 - give us a call at 402-408-3733, or send a note to operations@cfwebtools.com.

 

9/19/17

ColdFusion Security Patches ColdFusion 11 Update 13 and ColdFusion 2016 Update 5

Adobe just released security updates for ColdFusion 11 and ColdFusion 2016. This is a critical security update and you should be updating your ColdFusion servers. The information below is from the CF Webtools Operations Group. If you need help upgrading your VM or patching your server (or anything else) our operations group is standing by 24/7 - give us a call at 402-408-3733, or send a note to operations at cfwebtools.com. Meanwhile, this info below will help IT staff and DIY types get started.

With ColdFusion 11 Update 13 and ColdFusion 2016 Update 5 there are additional manual updates that are required to complete the security patch. The additional requirements are the same for both ColdFusion 11 and ColdFusion 2016 and the remaining information pertains to both versions. Both updates require that ColdFusion be running on Java version 1.8.0_121 or higher. For reference, ColdFusion 11 comes with Java version 1.8.0_25 and ColdFusion 2016 comes with Java version 1.8.0_72. The Java that needs to be installed is different from the "Windows User" Java client that may already be installed. The installer is available from Oracle. Once the new Java version installed, the jvm.config file for each ColdFusion instance needs to be updated to point to the new Java version installation path. If you're running the Enterprise version of ColdFusion, there's a likely chance there is more than one ColdFusion instance running.

Part of the instructions from Adobe says that if your ColdFusion server is installed as J2EE server then there is an addiction manual configuration that you need to do. However, every installation of ColdFusion since the release of ColdFusion 10 is a J2EE or JEE installation. What Adobe really meant was that if you are using a third party JEE server and not the built-in Tomcat JEE server.

If your ColdFusion server is running on a third party JEE server such as WebLogic, Wildly, custom Apache Tomcat, etc. (Not the built in Tomcat that comes with ColdFusion), then the following step needs to be completed.

Set the following JVM flag, "-Djdk.serialFilter=!org.mozilla.** ", in the respective startup file depending on the type of Application Server being used.

For example,

  • On Apache Tomcat Application Server, edit JAVA_OPTS in the 'Catalina.bat/sh' file
  • On WebLogic Application Server, edit JAVA_OPTIONS in the 'startWeblogic.cmd' file
  • On a WildFly/EAP Application Server, edit JAVA_OPTS in the 'standalone.conf' file

This is one more friendly reminder to make sure your ColdFusion servers are patched! Either patch them yourself, have your hosting provider patch them or if they are not familiar or knowledgeable with ColdFusion contact us at CF Webtools to patch your servers.

As always, if you need help migrating to the next version, scanning your ColdFusion server for security vectors or installing this patch and new Java version, contact your Project or Account Manager directly, or send an email to support@cfwebtools.com or call 403-408-3733.

*Note: ColdFusion11 when it was first released came with a version of Java 1.7.0_nn. Adobe later re-released ColdFusion 11 with Java 1.8.0_25. If you have ColdFusion 11 still running on Java 1.7 I highly recommend that Java be upgraded to Java 1.8. Oracle is no longer supporting Java 1.7 and 1.7 is long past it's end of life. Even though the Adobe instructions for this current security update states that you can run Java 1.7.0_131, I highly recommend upgrading to Java 1.8.