What is that over there on the horizon? Do you see it? It looks like a HUGE SECURITY ISSUE!!!
That’s right. Just a couple weeks ago, the Black Hat Security Conference took place. For those of you who have never heard of this conference, I’ll explain how this one is a bit ‘different’ than your average security meeting. You see, in the Black Hat conference, instead of focusing on ways to secure computers, involves people coming together to share ways to exploit computers. By coming out and showing all of the different ways that computers can be hacked, it supposedly encourages the software and hardware makers to develop their products more securely. The biggest problem with this approach is that a ton of hackers learn a bunch of new tricks. These tricks work for awhile until the software and hardware makers find ways to patch the holes.
Well, this year’s Black Hat conference was no different than any other year. What that means for you is that there are some big security problems about to hit the fan! The one that I’m going to tell you about today is one that has even me worried. Luckily, there are some very simple steps you can follow to avoid this attack until the software companies actually fix it.
This one is called Ippon and it attacks something that most people just assume are a good thing. I’m talking about automatic updates. Almost all programs out there rely on some type of automatic update feature. They connect to the internet and check for available updates on a regular basis. If one is found, it is downloaded and installed. This is where Ippon comes in.
Ippon works by listening to unsecured wireless networks. It can sit and listen to these networks, waiting until your computer checks for updates. Once Ippon detects that your system it checking for updates, it jumps in an impersonates the update server. It tells the program on your computer that there are updates available (even if there aren’t) and then sends a virus to the system that is disguised as the update file. Once your computer attempts to install the “update”, you’re done for!
Believe me, this is not something to take lightly. This attack was introduced to thousands of people just a couple weeks ago, so it will be in use very soon.
But… There are some positive points to make about security with the Ippon attack. First, Microsoft updates will not be affected by this attack. MS auto updates are encrypted and security verified. This means that only Microsoft can send an MS update. They cannot be impersonated. This is the case with some other auto updates, but not all of them.
Also, like I mentioned above, there is one fool proof way to avoid an attack from Ippon: Secure your wireless network! I have said it before, I will say it again. If your wireless network does not require you to enter a password when you first connect to it with a computer, you are making a big mistake. Using a wireless network that is not encrypted can ruin your day in a number of ways. Ippon is just another one to add to the list.
Until next time, stay safe out there!