Archive for the ‘Uncategorized’ Category

Gyver 101 Launches!

Tuesday, April 7th, 2015

Gyver Networks has launched a class for twelve students here in our Beverly, MA office. We feel it’s important to start training these young ones, whose ages are 10-19, not only to use technology, but to manipulate it and find ways to grow with it. For this endeavor, we are borrowing out some of our programmers, web developers and others to train these ones with current web site and back-end design. We are even pulling in other companies to help with this training. After, we will grow the class to include networking, wireless and much more. With 3 classes already behind us, stay tuned to see what these young minds think of next!

Case Studies: Point-to-point wireless bridge – Campus

Friday, December 6th, 2013


Gyver Networks recently completed a point-to-point (PTP) bridge installation to provide wireless backhaul for a Boston college

Challenge:  The only connectivity to local network or Internet resources from this school’s otherwise modern athletic center was via a T1 line topping out at 1.5 Mbps bandwidth.  This was unacceptable not only to the faculty onsite attempting to connect to the school’s network, but to the attendees, faculty, and media outlets attempting to connect to the Internet during the high-profile events and press conferences routinely held inside.

Another vendor’s design for a 150 Mbps unlicensed wireless backhaul link failed during a VIP visit, necessitating a redesign by Gyver Networks.  After performing a spectrum analysis of the surrounding environment, Gyver Networks determined that the wireless solution originally proposed to the school was not viable due to RF spectrum interference.

For a price point close to the unlicensed, failed design, Gyver Networks engineered a secure, 700 Mbps point-to-point wireless bridge in the licensed 80GHz band to link the main campus with the athletic center, providing adequate bandwidth for both local network and Internet connectivity at the remote site.  Faculty are now able to work without restriction, and event attendees can blog, post to social media, and upload photos and videos without constraint.

Spear phishing poses threat to industrial control systems

Tuesday, August 27th, 2013

Hackers don’t need Stuxnet or Flame to turn off a city’s lights, say security experts

While the energy industry may fear the appearance of another Stuxnet on the systems they use to keep oil and gas flowing and the electric grid powered, an equally devastating attack could come from a much more mundane source: phishing.

Rather than worry about exotic cyber weapons like Stuxnet and its big brother, Flame, companies that have Supervisory Control and Data Acquisition (SCADA) systems — computer systems that monitor and control industrial processes — should make sure that their anti-phishing programs are in order, say security experts.

“The way malware is getting into these internal networks is by social engineering people via email,” Rohyt Belani, CEO and co-founder of the anti-phishing training firm PhishMe, said in an interview.

“You send them something that’s targeted, that contains a believable story, not high-volume spam, and people will act on it by clicking a link or opening a file attached to it,” he said. “Then, boom, the attackers get that initial foothold they’re looking for.”

In a case study cited by Belani, he recalled a very narrow attack on a single employee working the night shift monitoring his company’s SCADA systems.

The attacker researched the worker’s background on the Internet and used the fact he had four children to craft a bogus email from the company’s human resources department with a special health insurance offer for families with three or more kids.

The employee clicked a malicious link in the message and infected his company’s network with malware. “Engineers are pretty vulnerable to phishing attacks,” Tyler Klinger, a researcher with Critical Intelligence, said in an interview.

He recalled an experiment he conducted with several companies on engineers and others with access to SCADA systems in which 26 percent of the spear phishing attacks on them were successful.

Success means that the target clicked on a malicious link in the phishing mail. Klinger’s experiment ended with those clicks. In real life, those clicks would just be the beginning of the story and would not necessarily end in success for the attacker.

“If it’s a common Joe or script kiddie, a company’s IDS [Intrusion Detection Systems] systems will probably catch the attack,” Klinger said. “If they’re using a Java zero-day or something like that, there would be no defense against it.”

In addition, phishing attacks are aimed at a target’s email, which are usually located on a company’s IT network. Companies with SCADA systems typically segregate them from their IT networks with an “air gap.”

That air gap is designed to insulate the SCADA systems from the kinds of infections perpetrated by spear phishing attacks. “Air gaps are a mess these days,” Klinger said. “Stuxnet taught us that.”

“Once you’re in an engineer’s email, it’s just a matter of cross-contamination,” he added. “Eventually an engineer is going to have to access the Internet to update something on the SCADA and that’s when you get cross-contamination.”

Phishing attacks on SCADA systems are likely rare, said Raj Samani, vice president and CTO of McAfee’s EMEA.

“I would anticipate that the majority of spear phishing attacks against employees would be focused against the IT network,” Samani said in an interview. “The espionage attacks on IT systems would dwarf those against SCADA equipment.”

Still, the attacks are happening. “These are very targeted attacks and not something widely publicized,” said Dave Jevans chairman and CTO of Marble Security and chairman of the Anti-Phishing Work Group.

Jevans acknowledged, though, that most SCADA attacks involve surveillance of the systems and not infection of them. “They’re looking for how it works, can a backdoor be maintained into the system so they can use it in the future,” he said.

“Most of those SCADA systems have no real security,” Jevans said. “They rely on not being directly connected to the Internet, but there’s always some Internet connection somewhere.”

Some companies even still have dial-in numbers for connection to their systems with a modem. “Their security on that system is, ‘Don’t tell anybody the phone number,'” he said.


Nasdaq stops all trading due to systems issue, plans to reopen in a limited capacity soon

Thursday, August 22nd, 2013
Well, this is rather peculiar. The Nasdaq stock market — the entire Nasdaq, which lists major tech firms such as Apple and Facebook — has temporarily suspended all trading due to a technical issue.

The exchange sent an alert to traders at 12:14PM ET today announcing that it was halting all trading “until further notice,” according to a New York Times report. Reuters is reporting that Nasdaq will reopen trading soon, but with a 5-minute quote period. The market will not be canceling open orders, however, so firms that don’t want their orders processed once everything’s up and running should cancel their orders manually now.

It’s not entirely clear what caused the issue, or how and when it will be resolved, but you better believe it’s causing some commotion on Wall Street, and could impact traders for days and months to come.

Update (2:28PM ET): CNBC and the Wall Street Journal are reporting that Nasdaq will resume limited trading beginning at 2:45PM ET.

Update (2:32PM ET): CNBC is now reporting that trading will resume with just two securities at 2:45PM ET. Full trading will begin at 3:10PM ET.


Obama launches high-speed Internet program for all schools

Monday, June 10th, 2013

More than 80 percent of educators say the Internet connection at their schools is too slow to meet their needs — that’s why the president plans to bring broadband to 99 percent of all students.

In 2011, Loris Elementary School in Loris, S.C., was ranked 41st in the state among grammar schools with similar demographics. By 2012, it had risen to 19th.

What happened? According to the White House: technology.

Many of the students at Loris Elementary School are from low-income families that don’t have the means to give their children all of today’s high-tech devices, according to the Obama administration. That’s why in 2012 the school decided to introduce a technology blended learning program complete with laptops, software, and Internet access. It’s apparently made a difference.

President Barack Obama is convinced that if all schools worked more technology into their curriculum, they would also excel. That’s why he announced on Thursday a new initiative (PDF) to bring high-speed Internet access to 99 percent of all of the country’s K-12 students within the next five years.

“We are living in a digital age, and to help our students get ahead, we must make sure they have access to cutting-edge technology,” Obama said in a statement. “So today, I’m issuing a new challenge for America — one that families, businesses, school districts, and the federal government can rally around together — to connect virtually every student in America’s classrooms to high-speed broadband Internet within five years, and equip them with the tools to make the most of it.”

Dubbed ConnectED, the program aims to get all classrooms equipped with Internet access that has speeds of at least 100Mbps, with a target goal of 1Gbps. The initiative will also provide teachers with training on how to use more technology in their curriculum. ConnectED plans to especially focus on rural schools where Internet access can be sparse.

The majority of schools in the U.S. already have Internet access, but it can be extremely slow. According to the White House, fewer than 20 percent of teachers say their school’s Internet connections are fast enough to be used sufficiently.

No Congressional action is required for ConnectED to go into effect, but the Federal Communications Commission will have to cooperate by leveraging its E-Rate program and provide more discounts to schools on Internet costs.

Source:  CNET

Gyver Networks January newsletter

Tuesday, January 8th, 2013

Click here to view our January newsletter

Gyver Networks Newsletter

Friday, January 4th, 2013

Click here to view our January newsletter

Malware starts using the mouse to hide itself

Tuesday, October 30th, 2012

Malware production is a lucrative industry for both the malware writers who sell their work and security companies who sell us, the end users, protection. In order for the malware writers to get paid they need to develop malware that evades detection by the security companies, and in order to do that they’ve come up with some clever, yet quite simple techniques.

Security vendors have to analyze and detect millions of potential threats every year. In so doing they can regularly update the anti-malware software running on our machines and provide up-to-date protection. However, you can’t analyze all potential threats by hand, so automated threat analysis systems are employed. These typically look at suspicious files in a virtual machine and test each one quickly to see if it poses a threat.

The malware developers know such systems exist and have therefore employed countermeasures to try and avoid detection. These measures center around detecting whether they are being run in a virtual environment by checking registry entries, drivers, system services, which ports are available, and what processes are being run. If anything points to a virtual environment being present the malware shuts down and effectively hides from the automated system.

In the never ending cat and mouse game these two parties play, the security vendors can also try and hide the fact code is being run in a virtual environment, which in turn leads malware writers to develop new ways of detecting one. The latest of these quite simply uses the mouse or goes to sleep before kicking into action.

Symantec has discovered that some malware won’t start running unless it detects activity from the mouse. Why would malware writers do this? Mouse activity is done by a user, and in an automated threat analysis system a user isn’t present and therefore no mouse activity is required.

Malware checking for mouse activity (upper code segment) and deciding to sleep and then wait to execute (lower code segment)

Some malware has also been found to go to sleep for several minutes and then wait several more minutes once active before infiltrating a system. The reason for this is a typical automated threat analysis system looks at individual files very quickly, so waiting to execute helps ensure the malware is on a real system and not a virtual test environment.

The checks are clever because they are so simple. That simplicity also makes them relatively easy to fool. All Symantec needs do is add some simulated mouse movement to their testing system to fool the mouse check. As for the malware that waits before executing, it may just be a case of tweaking the system time in order to jolt any sleeping malware into action so it can be detected.


Boarding pass barcodes ‘can be read by smartphones’

Friday, October 26th, 2012

A vulnerability in US domestic airline boarding pass barcodes could allow travellers to bring unauthorised items on board, says a security expert.

The codes reveal what kind of airport checks a passenger will face and can be read by smartphones, he says.

It could undermine the US’s PreCheck system which randomly decides which frequent fliers can skip part of the pre-boarding security process.

The barcodes could allow passengers to work out if they had been picked.

Selected travellers are able to avoid having to remove their shoes, jackets and belts. In addition they are allowed to leave their laptops and toiletries in their bags.

Unencrypted codes

The security information on the barcodes is only meant to be decoded by Transportation Security Administration (TSA) officers, so it was not thought to be a problem that PreCheck selected which users would get a less rigorous safety check in advance.

The fact that passengers can use their handsets to find out if they have been picked poses a problem, says Christopher Soghoian, principal technologist at the American Civil Liberties Union.

“The disclosure of this information means that bad guys are not going to be kept on their toes anymore,” he said.

The security issue was publicised by aviation blogger John Butler, but had been discussed in specialist online forums since last summer.

“The problem is, the passenger and flight information encoded in barcode is not encrypted in any way,” wrote Mr Butler.

“Using a website I decoded my boarding pass for my upcoming trip.

“It’s all there PNR [passenger name record], seat assignment, flight number, name, etc. But what is interesting is the bolded three on the end. This is the TSA PreCheck information. The number means the number of beeps. 1 beep no PreCheck, 3 beeps yes PreCheck.”

The US Transportation Security Administration (TSA) did not respond to a BBC request for a statement, but has previously said: “TSA does not comment on specifics of the screening process, which contain measures both seen and unseen. In addition, TSA incorporates random and unpredictable security measures throughout the travelling process.”

Encryption issues

Mr Soghoian told the BBC that information about how to make sense of the boarding pass codes had been documented in the International Air Transport Association’s (IATA) implementation guide.

“Thousands of people have reported being able to get the information using their phones,” he added.

There are two ways to become eligible for the PreCheck system.

Passengers can pay $100 (£62) to the US customs agency which then performs a background check. If the passenger is approved it gives him or her the right to use all of the US airlines’ PreCheck systems for five years.

Frequent fliers could also be invited by an airline to use the system for free.

“You have to be in the system first before they let you to potentially be eligible to skip the standard line,” said Mr Soghoian.

“But if you scan the barcode, you can tell 24 hours before you get to the airport that you are not going to undergo a regular search.

“On some random occasion you’ll be sent to the other line anyway – and it was meant to keep terrorists on their toes – but not anymore.”

Security firm Sophos said the revelation was “very worrying”.

“No one should be able to tell in advance what level of security screening they will be receive before an air flight,” said the firm’s senior technology consultant Graham Cluley.

“The risk is that potential attackers could determine in advance which of them is going to be given the weakest screening – and get them to attempt to carry unauthorised item onboard.

“Potential attackers should not be given advance warning of the security measures they will be facing.”

Source:  BBC

Cisco study on mobility: Is the office really necessary?

Tuesday, October 26th, 2010

“Global study by Cisco reveals 60 percent of workers believe being in the office is no longer needed to be productive.  Demand to work anywhere, anytime stronger than desire for higher salary; two of three workers expect IT to allow access to corporate information with any device, personal or company-issued” – Cisco release

Mobile workers increase demand on ITA recent study commissioned by Cisco Systems, with statistics on worker mobility in relation to everything from productivity and corporate security, to company loyalty, salary and job preference, has been released with the tease line, “Is the office really necessary?”  The Cisco Connected World Report includes responses from workers and IT professionals in 13 countries worldwide.  Here are some of the key findings from the workers interviewed:

  • As many as 60% of workers believe their office is not integral to their productivity, with 66% expecting IT to permit corporate access from mobile devices, whether corporate or personal
  • A 66% majority said they would accept a position paying lower salary, provided it had greater flexibility with regard to mobile and  social media access, over a position paying a higher salary

The trends aren’t really surprising.  As offices offer increasingly greater options for mobile access, workers are going to continue to demand more.  The concern is actually with regard to the responses of the IT professionals interviewed :

  • Nearly half (45%) declared their company unprepared for increased mobile demand, citing security as the greatest impediment, with corporate policies and inadequate technology infrastructure factoring in as well
  • In support of their security concerns, 26% of IT respondents reported that one in four of the mobile devices issued to workers in the past year had already been lost or stolen

The study’s findings indicate that enhanced network infrastructure is absolutely necessary to accomodate the increasing demand for worker mobility, as well as management’s demand for worker productivity.  On the management side, progressive policies and employee education on mobile access will contribute to company morale and productivity, and, of course, data security.

Is your company ready to expand the boundaries of your office?  Contact Gyver Networks today to find out.