Reduce Your Attack Surface:
Use Control Panel to Dump the
Junk Software
Users of the LastPass Password Manager app were certainly shocked and horrified that theirs and all other LastPass users' password vaults had been hacked. Maybe even more unnerving for these poor souls is that the latest LastPass hack may well have been completely avoidable. As BleepingComputer, reported, March 7, 2023:
The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what's a sobering reminder of the dangers of failing to keep software up-to-date.
What is even more startling is this particular vulnerability was patched May 2020.
The shortcoming, which was discovered and reported to Plex by
Tenable in March 2020, was addressed by Plex in version 1.19.3.2764
released on May 7, 2020. The current version of Plex Media Server is
1.31.1.6733.
"Unfortunately, the LastPass
employee never upgraded their software to activate the patch," Plex said
in a statement. "For reference, the version that addressed this exploit
was roughly 75 versions ago."
This was the second attack on LastPass due to unpatched contactors to occur in the last 12 months. A prior compromise of LastPass was first reported by The Hacker News, August 26, 2022, and later investigations discovered that the August attack was also predicated by a vulnerability on a contractor's system. As quoted by BleepingComputer, February 28, 2023:
"The threat actor leveraged information stolen during the first
incident, information available from a third-party data breach, and a
vulnerability in a third-party media software package to launch a
coordinated second attack," the password management service said.
This intrusion targeted the company's infrastructure, resources, and
the aforementioned employee from August 12, 2022, to October 26, 2022.
The original incident, on the other hand, ended on August 12, 2022.
The August breach saw the intruders accessing source code and
proprietary technical information from its development environment by
means of a single compromised employee account.
It's not only LastPass that has been hacked, Norton LifeLock Password Manager was hacked in January 2023. As was also reported by BleepingComputer, January 13, 2023, the official statement by the vendor stated:
"Our own systems were not compromised. However, we strongly
believe that an unauthorized third party knows and has utilized your
username and password for your account," NortonLifeLock said.
"This username and password combination may potentially also be known to
others."
More specifically, the notice explains that around
December 1, 2022, an attacker used username and password pairs they
bought from the dark web to attempt to log in to Norton customer
accounts.
The article further details how, again, hackers gained access to customers' password vault.
For customers utilizing the Norton Password Manager feature, the
notice warns that the attackers might have obtained details stored in
the private vaults.
Depending on what users store in their
accounts, this could lead to the compromise of other online accounts,
loss of digital assets, exposure of secrets, and more.
The problem of the personal security of others put at risk by lackadaisical 3rd party contactors plagued even the NSA for several years. In 2017, it was widely reported that Russian hackers stole NSA secret cybertools via a contractor's notebook that had Kaspersky Antivirus software installed. As NBC News reported on the incident, October 5, 2017, "the stolen material included secret details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the U.S." This contractor had no respect for the rules the NSA has about taking documents home.
The man took his work home in violation of NSA rules, and Russian hackers were able to identify the material and access his machine because he was using Kaspersky software...
It is my contention that, since you are reading this, you most likely possess
enough technical know how to manage your own security — maybe not
perfectly, but certainly proven better than these 3rd party vendors. To
care about one's own security is a mission and personal quest for many
computer users, and not simply a product's feature that gets easily
turned into a bug.
All software has vulnerabilities of one kind
or another. Either these vulnerabilities are exploited and
possibly allow for the compromise of networks and computers, or the
vulnerabilities get patched
before they can successfully attack. Vendors the size of
Microsoft, Google, Apple, Intel, HP, all have the capacity to move fast
to contain a breach of their products. Smaller vendors are rarely
ever so nimble. As is more than exemplified by the various LastPass
fiascos, a patch that doesn't get installed is the same thing as
there is no patch.
Most 3rd party utility type applications are really of very little value in the Windows ecosystem. More often than not, these superfluous applications do little that a Windows user with a little training could not do for themselves. These minor apps only serve to expand your own attack surface, and leave a user more vulnerable to the cybercrooks than if the apps were never installed. So my suggestion is to take a little inventory of what is installed on your computer; and what is starting up when the computer starts. If you really do not know why you have any one vendor's apps on your system, you can most likely safely uninstall that app. If the app says Microsoft or your Computer Manufacturer Brand, or other apps you recognize as needed and useful, then leave those apps alone.
On February 13, 2022, in a discussion about the Intel device driver installer, I introduced how to use the Windows Utility Task Manager to see what is running automatically at start up and how to stop those apps from running. So, I will borrow from myself.
So to open Task Manager, first, click the search icon. Then type the word "task". Then click Run As Administrator to open Task Manager.
When Task Manager starts, click the Startup tab.
At the startup tab, you will see a list of applications that startup when Windows starts. Here you can also disable unwanted apps like Microsoft Teams, or OneDrive, also the Intel Installer. The Intel Installer can be ran anytime from the Application list. And I don't want MS Teams, at all.
.
Even in my very minimal installation, there are apps running that I don't want to run. And also apps I simply do not need anymore. Those I will uninstall. Although the usual way to make systems changes in Windows 10 or 11 is by using Settings, there are many different controls in Apps Settings. It is more straight forward to uninstall using Windows Control Panel. Start by typing the word "control" into the Search Box. Then click Control Panel.
When Control Panel opens, we want to change the Category to Large Icons. Click Category. Then click Large Icons.
Select Programs and Features from the Menu of Categories.
I no longer need the software for the HP 2600 printer, so away we go. Select the device by its name, and click the Uninstall tab.
The User Account Control will appear asking if you really want to do this, and after you agree to let Windows do the uninstallation, the removal begins. In this case, that HP app has several other components besides the Device software, and each one requiring its own uninstall procedure. After you have uninstalled what you want to uninstall, it is always best to reboot the PC, whether or not you are prompted to reboot.
There is a certain amount of supply and demand among the various applications installed on your computer. The fewer applications that are installed, and especially those that run in the background at startup, the greater will be the amount of computer resources, like system memory and drive space, that can be allocated to all the applications that you choose to let run on your computer. I mean, it is your computer, even if it doesn't seem like it sometimes.
And, as Bing would say, I close with, "Happy Sweeping."
