LITIGATION SUPPORT TIP OF THE NIGHT

When preparing a zip file be sure to use a secure password to encrypt the file. Freeware such Moose O'Malley's Zip Password Cracker Pro can be used to perform dictionary and brute force attacks on an encrypted zip files. However such password crackers have their limitations.

AES-256 encryption is not supported by Zip Password Cracker Pro, and this is currently the default encryption method in the latest version of WinZip.

If you attempt to run a dictionary attack against a zip file with this kind of encryption Cracker Pro will get this message.

Cracker Pro is capable of running both brute force attacks and dictionary attacks. You can set the parameters for a brute force attack. Cracker Pro will generate a list of possible combinations using your settings.

For a dictionary attack you need to download a list of commonly used words such as the Cain & Abel list posted to the Skull Security site. This list contains more than 300,000 words. If you set a password in the StuffIt file compression application, and use the normal method of encryption (under Edit . . . Format Options - on the Zip tab)

. . . you will be able to use Cracker Pro to find the password, by copying and pasting the list on the last tab, "Password List and Test", and then clicking on 'Start ZIP Testing'.

However also note that Cracker Pro doesn't work entirely as you'd expect. It has trouble searching a list as long as 300,000 words and may falsely indicate that the password is not in such a long list. Try breaking up the dictionary list into smaller segments.

On Friday, Judge Edward Chen issued a decision in Beyer v. Symantec, Corp., 18-cv-02006-EMC, 2018 U.S. Dist. LEXIS 162166 (N.D. Cal. Sept. 21, 2018) granting in part and denying in part the Defendant’s Motion to Dismiss. The Plaintiff alleged that Symantec’s Norton security software had critical defects. Google’s Project Zero found vulnerabilities in the antivirus software. The AntiVirus Decomposer Engine unpacked executable files to the operating system's core, which has unrestricted access to the computer's files. The Symantec software failed to practice 'sandboxing' which involves opening files in an isolated, secure area.

The Court denied the Defendant's Motion to Dismiss for lack of standing to bring class actions for purchasers of Enterprise products (marketed to businesses). While Beyer only used the Norton products marketed to consumers, Judge Chen concluded that, "[t]he ability to centrally manage security data does not gainsay the fundamental defect in the way the Symantec products were designed. The same alleged defects exist in both lines of products." Id. at *8.

The Court denied a motion to dismiss the fraud claims because Symantec was found to have known how its Norton 360 Premier worked. Despite the fact that the software was purchased in 2009, and Project Zero revealed its defects in 2016, Judge Chen found that, "the complaint sufficiently alleges knowledge, because it alleges that Symantec designed and produced the software in question. It plausibly follows from this fact that Symantec knew how the Second Software functioned,including that the software unpacked potentially malicious files in a high-privilege environment. It also plausibly follows that Symantec knew it had used third party code and knew it did not patch that code when updates were released by the third parties." Id. at 29.

The Court also declined to dismiss an unfairness claim made under the California Unfair Competition Law and a claim for unjust enrichment. Judge Chen did dismiss claims made with respect to Norton software purchased from Best Buy, because claims about the software's capabilities were not attributable to Symantec.

As noted recently on Ride the Lightning, the blog of cyber security expert Sharon Nelson of Sensei Enterprises, Inc., the experts at FireEye have released a report showing the results of an analysis of email messages for harmful content.

The report found that more than 90% of cyber security related criminal incidents are effectuated via email, and nearly two-thirds of emails contain content which should be blocked - whether it's spam or something with malicious content. FireEye's analyzed more than 500 million emails sent in the first six months of 2018. Only about 10% of cyber attacks conducted with email constitute malware - those involving viruses, ransomware or spyware. The rest of the attacks include whaling (scams directed at C level executives), spear fishing (targeted social engineering attacks), impersonation, and fraud. The April tax deadline season is the occasion for attacks which attempt to access W2 forms. The organized crime group FIN7 (or the Carbanak Group) is known for planning impersonation email attacks.

Business email compromise (BEC) email attacks may only consist of ordinary text. It will be up to an end user to identify them as threats. Typosquatting and homoglyphs involve the use of friendly seeming domain names as a means of deception. (e.g., @yaho0.com).