Tag Archives: infosecnews

Secure Wifi Hijacked by KRACK Vulns in WPA2

Secure Wifi Hijacked by KRACK Vulns in WPA2

All modern WiFi access points and devices that have implemented the protocol vulnerable to attacks that allow decryption, traffic hijacking other attacks. Second, unrelated crypto vulnerability also found in RSA code library in TPM chips.

Researchers at Belgium’s University of Leuven have uncovered as many as 10 critical vulnerabilities in the Wi-Fi Protected Access II (WPA2) protocol used to secure WiFi networks.

The vulnerabilities are present on both client and access point implementations of the protocol and give attackers a way to decrypt data packets, inject malware into a data stream and hijack secure connections via so-called key reinstallation attacks (KRACKs).

(The disclosure of the WPA2 flaws is the second one in recent days involving a crypto standard.  Last week, Google, Microsoft and others warned about a bug in several Infineon trusted platform module (TPM) firmware versions that gives attackers a way to recover the private part of RSA keys generated by the TPM using only the corresponding public key. Nearly all Chrome OS devices that include an Infineon TPM chip are affected, and although large-scale attacks are not possible, a practical exploit already exists for targeted attacks.)  

The KRACK attacks work on all modern wireless networks using the WPA2 protocol and any device that supports WiFi is most likely impacted, the researchers said in a technical paper that they will present at the upcoming Black Hat Europe security conference. However the flaws are not easy to exploit and require attackers to be in close proximity to a victim, thereby making the flaws somewhat less severe of a threat despite their ubiquity.

“Vulnerabilities that focus on issues with network protocols across many devices makes the threat landscape of this vulnerability very large,” says Richard Rushing, CISO of Motorola Mobility and a speaker at Dark Reading’s upcoming INsecurity security conference in November.

[Discuss “Writing an Effective Mobile Security Policy” with Richard Rushing, CISO of Motorola Mobility, at the INsecurity Conference, for the defenders of enterprise security, Nov. 29 – 30.]

But as with all Wifi threats, physical proximity is required for the vulnerabilities to be exploitable, he says. “Most wireless IDS and IPS should be able to see this attack, and take preventative actions,” Rushing said. “In many cases there are other Wifi man-in-the-middle attacks that can be just as successful given a user WiFi configuration.” 

Meanwhile, US-CERT described the KRACK vulnerabilities as existing in the WPA2 standard itself thereby putting all correct implementations of the protocol at risk of attack. An attacker within range of a modern access point and client can use the vulnerabilities to carry out a range of malicious actions. Depending on the encryption protocols being used by the WiFi network, the “attacks may include arbitrary packet decryption and injection, TCP connection hijacking, HTTP content injection, or the replay of unicast and group-addressed frames,” US-CERT said. The advisory listed close to 150 vendors whose products are impacted by the vulnerabilities.

In the technical paper and a blog, researchers Mathy Vanhoef and Frank Piessens from the University of Leuven demonstrated a proof-of-concept key reinstallation attack that takes advantage of the WPA2 vulnerabilities to decrypt encrypted data.

The attack is targeted at the four-way handshake that takes place when a client device wants to join a protected WiFi network. The handshake is designed to ensure that both the client and the access point have the correct credentials to communicate with each other.  The manner in which the third handshake takes place essentially gives attackers an opportunity to force resets of a cryptographic nonce counter used by the encryption protocol so data packets can be decrypted, replayed or forged, according to the two researchers.

The key reinstallation attack against the 4-way handshake is the most widespread and practically impactful attack currently possible against the WPA2 vulnerabilities, Vanhoef and Piessens said in the paper. “First, during our own research we found that most clients were affected by it. Second, adversaries can use this attack to decrypt packets sent by clients, allowing them to intercept sensitive information such as passwords or cookies.” The manner in which WPA-2 has been implemented on devices running Linux and Android 6.0 and above make them particularly vulnerable to key reinstallation attacks, they said.

Organizations – corporate enterprises, businesses, schools and universities, retail shops and restaurants, government agencies – that have deployed Wi-Fi networks using WPA2 encryption are affected. When mobile users connect to these Wi-Fi networks with smartphones, tablets, laptops and other devices, they are also exposed to these vulnerabilities. Both the 802.1x (EAP) and PSK (password)-based networks are affected.

Hemant Chaskar, CISO and vice president of technology, at Mojo Networks says corporate enterprises, businesses, schools and universities, retail shops restaurants, government agencies and any organization that has deployed Wi-Fi networks using WPA2 encryption are affected.  “When mobile users connect to these Wi-Fi networks with smartphones, tablets, laptops and other devices, they are also exposed to these vulnerabilities. Both the 802.1x (EAP) and PSK (password)-based networks are affected,” he says.

Nine of the 10 vulnerabilities require attackers to be relatively sophisticated, he says. In order to exploit these flaws an attacker would need to use a MAC spoofing access point as a Man-in-the-Middle to manipulate data flowing between the client device and the real access point. “For the remaining, a practical exploit can be launched using a sniffer that can listen to and replay the frames over the wireless medium. So, it requires less attacker sophistication. “The main risk from all of them is replay of packets into the client or access point,” Choskar says. “Another potential arising out of these exploits is the presence of packets in the air that are decryption-prone.”

Gaurav Banga, founder and CEO of Balbix said the newly vulnerabilities, while present in a lot of products, should not be a cause of widespread panic. For one thing, it requires a sophisticated attacker and physical proximity in order to exploit. There has also been no sign of any exploit code in the wild so far and patches are available or will soon be available. “With iOS and Windows, the attack is quite difficult to pull off. Many of the security questions are around Android, since it is rarely patched,” he says.

Users and organizations can mitigate the risk by using VPN over WiFi, avoiding websites that do not use HTTPS and updating their devices as soon as patches are released, he says.

Related content:

  

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

More Insights

from Dark Reading – All Stories http://ubm.io/2gm9lEA
via IFTTT

US Supreme Court to Hear Microsoft-DOJ Email Case

US Supreme Court to Hear Microsoft-DOJ Email Case

High court to rule on email privacy case, pitting Redmond giant against DOJ over access to its foreign-based email servers.

The US Supreme Court agreed Monday to hear Microsoft’s email privacy case against the Department of Justice, in which the Redmond giant is fighting to keep law enforcement from accessing its email servers in Ireland, Reuters reports.

Federal prosecutors are asking the high court to hear the case, after a federal appeals court ruled in Microsoft’s favor that the software giant did not have to provide law enforcement access to its Dublin, Ireland, servers. The DOJ wants to review emails stored on the servers, as part of its investigation into a drug trafficking case, according to Reuters.

Although the DOJ characterizes the lower court ruling as a threat to public safety and national security, Reuters reports that Microsoft contends a ruling against it would put US citizens’ privacy at risk.

Microsoft’s case marks the first time a domestic company is fighting a US search warrant seeking to access to data the organization holds in other countries, Reuters notes.

Read more about the case here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

More Insights

from Dark Reading – All Stories http://ubm.io/2gddtTM
via IFTTT

What You Should Know About the ‘KRACK’ WiFi Security Weakness

Researchers this week published information about a newfound, serious weakness in WPA2 — the security standard that protects all modern Wi-Fi networks. What follows is a short rundown on what exactly is at stake here, who’s most at-risk from this vulnerability, and what organizations and individuals can do about it.

wifi

Short for Wi-Fi Protected Access II, WPA2 is the security protocol used by most wireless networks today. Researchers have discovered and published a flaw in WPA2 that allows anyone to break this security model and steal data flowing between your wireless device and the targeted Wi-Fi network, such as passwords, chat messages and photos.

“The attack works against all modern protected Wi-Fi networks,” the researchers wrote of their exploit dubbed “KRACK,” short for “Key Reinstallation AttaCK.”

“Depending on the network configuration, it is also possible to inject and manipulate data,” the researchers continued. “For example, an attacker might be able to inject ransomware or other malware into websites. The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected.”

What that means is the vulnerability potentially impacts a wide range of devices including those running operating systems from Android, Apple, Linux, OpenBSD and Windows.

As scary as this attack sounds, there are several mitigating factors at work here. First off, this is not an attack that can be pulled off remotely: An attacker would have to be within range of the wireless signal between your device and a nearby wireless access point.

More importantly, most sensitive communications that might be intercepted these days, such as interactions with your financial institution or browsing email, are likely already protected end-to-end with Secure Sockets Layer (SSL) encryption that is separate from any encryption added by WPA2 — i.e., any connection in your browser that starts with “https://”.

Also, the public announcement about this security weakness was held for weeks in order to give Wi-Fi hardware vendors a chance to produce security updates. The Computer Emergency Readiness Team has a running list of hardware vendors that are known to be affected by this, as well as links to available advisories and patches.

“There is no evidence that the vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections,” reads a statement published today by a Wi-Fi industry trade group. “This issue can be resolved through straightforward software updates, and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.”

Sounds great, but in practice a great many products on the CERT list are currently designated “unknown” as to whether they are vulnerable to this flaw. I would expect this list to be updated in the coming days and weeks as more information comes in.

Some readers have asked if MAC address filtering will protect against this attack. Every network-capable device has a hard-coded, unique “media access control” or MAC address, and most Wi-Fi routers have a feature that lets you only allow access to your network for specified MAC addresses.

However, because this attack compromises the WPA2 protocol that both your wireless devices and wireless access point use, MAC filtering is not a particularly effective deterrent against this attack. Also, MAC addresses can be spoofed fairly easily.

To my mind, those most at risk from this vulnerability are organizations that have not done a good job separating their wireless networks from their enterprise, wired networks.

I don’t see this becoming a major threat to most users unless and until we start seeing the availability of easy-to-use attack tools to exploit this flaw. Those tools may emerge sooner rather than later, so if you’re super concerned about this attack and updates are not yet available for your devices, perhaps the best approach in the short run is to connect any devices on your network to the router via an ethernet cable (assuming your device still has an ethernet port).

From reading the advisory on this flaw, it appears that the most recent versions of Windows and Apple’s iOS are either not vulnerable to this flaw or are only exposed in very specific circumstances. Android devices, on the other hand, are likely going to need some patching, and soon.

If you discover from browsing the CERT advisory that there is an update available or your computer, wireless device or access point, take care to read and understand the instructions on updating those devices before you update. Failing to do so with a wireless access point, for example can quickly leave you with an expensive, oversized paperweight.

Finally, consider browsing the Web with an extension or browser add-on like HTTPS Everywhere, which forces any site that supports https:// connections to encrypt your communications with the Web site — regardless of whether this is the default for that site.

For those interested in a deeper dive on the technical details of this attack, check out the paper (PDF) released by the researchers who discovered the bug.

Tags: , , , , , , , , ,

You can skip to the end and leave a comment. Pinging is currently not allowed.

from Krebs on Security http://bit.ly/2ylUgtJ
via IFTTT

DHS to Require All Fed Agencies to Use DMARC, HTTPS, and STARTTLS

DHS to Require All Fed Agencies to Use DMARC, HTTPS, and STARTTLS

The move follows a DHS review of federal government agencies’ steps to secure email and deploy authentication technologies.

U.S. Department of Homeland Security issued a binding operational directive (BOD) requiring all federal agencies that use .gov email and website domains to secure email and deploy authentication technologies in the coming months, the DHS announced Monday.

In the next 30 days, all federal agencies are mandated to develop a plan to implement the Domain-based Message Authentication, Reporting & Conformance (DMARC) security protocol, which is designed to prevent phishing and spamming attacks.

DMARC creates a whitelist of verified senders, then seeks to deliver only authenticated emails and delete fake ones before a user sees them. It also has the potential side benefit of reducing  “shadow IT” by restricting the ability for company employees to send out unauthorized email campaigns.

Three categories of filtering exist under DMARC: monitoring email for phishing and spam, quarantining emails that fall into this category, and, lastly, deleting such emails.

Within the next 90 days, all federal agencies are required to have their DMARC plans in place and, at a minimum, have begun monitoring emails.

Over the coming year, the DHS aims to have 100% of federal agencies rejecting phishing and spam emails, says Jeanette Manfra, assistant secretary for the Office of Cybersecurity and Communications at the DHS, during a joint-press conference with the Global Cyber Alliance.  

“Citizens who depend upon interaction with the government deserve a trusted relationship. So, if they see an email from the IRS or FEMA, they need to believe and trust it is an email from the IRS or FEMA,” Manfra says.

Additionally, within the next 120 days, all federal agencies will be required to use encryption on their websites via HTTPS and STARTTLS for email.

DHS has been working to implement DMARC over the past year and in the spring ramped up its efforts to encourage federal agencies to adopt the protocol. But, apparently, that was not enough.

“We felt in talking with all the agencies that we needed a little bit of a push to get people to really prioritize it and focus on it,” says Manfra, who noted the DHS has previously used a BOD in a few cases with federal civilian offices.

DMARC Industry Details
Google, Yahoo, and Microsoft email services support DMARC, providing a large leg up in migrating consumers to the security protocol. The DHS reports 4.8 billion inboxes worldwide support DMAC, accounting for 76% of global email accounts.

Federal agencies and enterprise companies are far from the 50% DMARC level, according to the DHS and industry reports.


Source: Global Cyber Alliance

Two-thirds of Fortune 500 companies, meanwhile, have not deployed any level of DMARC, according to an analysis of DNS records by Agari.

Agari’s report found 25% of survey respondents chose to only monitor email, 3% have a quarantine policy, and 5% have implemented a reject policy. Agari lumped the organizations that only monitor email into the category of not deploying any level of DMARC, because users would not have received the protection of having their emails quarantined or rejected.

DMARC Deployment Delays
The majority of DMARC deployments fail, according to a report last year by ValiMail. The report found 62% to 80% of DMARC efforts failed.

The protocol’s low adoption rate may be blamed, in part, on a lack of education by users, as well as a hesitation to try a new technology, industry experts say. ValiMail also pointed to a reluctance to change back-end email systems, which have complex DNS tables.

But the Global Cyber Alliance (GCA) says implementing DMARC is not difficult. Shehzad Mirza, GCA’s director of global operations, says the organization has a relatively easy DMARC setup guide on its website.

“Anyone with an email domain, small businesses, large businesses, should be using it,” Mirza says.

Enterprises Stand to Win
Enterprises will “absolutely” benefit from the mandate, says Patrick Peterson, Agari’s founder and executive chairman.

“This mandate will reduce risk for the enterprise as many phishing and malware attacks impersonate government agencies such as recent threats highlighting SEC and IRS spoofing. This leadership from DHS also sets a clear message that DMARC is valuable and should be implemented at scale which will drive enterprise awareness and adoption,” says Peterson.

Peter Goldstein, chief technology officer and co-founder of ValiMail, also agrees enterprises stand to benefit from the DHS mandate.

And although Goldstein applauds the DHS’s mandate, he cautions it is not enough to publish a DMARC record to the DNS.

“You have to get to enforcement to get real value out of DMARC,” says Goldstein. “At enforcement, receiving mail servers are instructed to quarantine (flag as spam) or delete messages that fail authentication. But getting there requires authenticating all of an organization’s legitimate senders — both internal and cloud services sending on their behalf.”

He noted that only 20% of companies succeed at reaching this point because of the complexity of modern email systems, which include dozens of cloud services a company may use to send emails on their behalf. As a result, it may prove tricky for many companies to get all of these services whitelisted, he says.

“We’re seeing progress in some areas, like the biggest financial companies,” Goldstein says. “But across the board, the rates of enforcement are still quite low.”

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Related Content:

 

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET’s … View Full Bio

More Insights

from Dark Reading – All Stories http://ubm.io/2ytOqG7
via IFTTT

New Adobe Flash ZeroDay Used To Plant Surveillance Software

New Adobe Flash ZeroDay Used To Plant Surveillance Software

Adobe has patched critical vulnerability that was found being exploited and planting FINSPY surveillance tool used by nation-states and law enforcement.

Adobe released a patch for a critical, remote code execution zero-day vulnerability in Adobe Flash Player today. Kasperksy Lab discovered the vulnerability when it saw the BlackOasis threat group using the FINSPY (aka FinFisher) surveillance tool to exploit the bug in attacks last week, according to a Reuters report; Adobe acknowledged Kaspersky researcher Anton Ivanov in its advisory.

A type confusion vulnerability in Flash, CVE-2017-11292 impacts Flash running on Windows, Macintosh, Linux and Chrome OS. The attacks witnessed in-the-wild were targeted and against Windows machines. 

FINSPY can be bought by law enforcement and nation-state intelligence agencies as part of “lawful intercept” surveillance tools. Last month, Microsoft patched a zero-day vulnerability in Office, discovered by FireEye, that was also being used to spread FINSPY. It was the second zero-day being used to spread FINSPY that FireEye had discovered this year.  

For more information see the Adobe release and Reuters

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

More Insights

from Dark Reading – All Stories http://ubm.io/2kTKpFP
via IFTTT

New Cybercrime Campaign a ‘Clear and Imminent’ Threat to Banks Worldwide

New Cybercrime Campaign a ‘Clear and Imminent’ Threat to Banks Worldwide

Hundreds of millions of dollars stolen from banks via an sophisticated attack that blended cyber and physical elements.

A wave of cyberattacks early this year that resulted in the theft of hundreds of millions of dollars from banks mostly in Eastern Europe began with villagers in nearby regions being recruited to open their first bank accounts and receive debit cards.

Dozens of these so-called “mules” set up their accounts with phony documents provided by an organized crime gang that paid them off and later used other “mules” to cash out those accounts in ATM machines in various cities in the region, hitting five banks in Eastern Europe and one in Africa and stealing anywhere from $3 million to $10 million from each.

The well-orchestrated bank heist campaign that appears to be the handiwork of an Eastern European crime gang blended the physical fraud actions of money mules and phony documentation with a cyberattack that began with spear-phishing emails that got the criminals access into low-level bank employee user accounts, and then ultimately, to bank employees with domain administrator accounts, says Brian Hussey, vice president of cyberthreat protection and response at Trustwave, which helped investigate the attacks after a payment-card processor in February of this year spotted a series of sketchy ATM withdrawals from the banks’ customer accounts.

Trustwave says the attack campaign “represents a clear and imminent threat to financial institutions in European, North American, Asian and Australian regions within the next year.”

Although the attack campaign was limited to nations in Eastern Europe and Africa, it could be deployed against banks in other geographic areas as well, Hussey says.

“This is a bit of warning to banks in western countries, as well as Eastern Europe and Russia,” Hussey says. “It’s really interesting how they combined the physical element with the cyber element, in a very organized fashion.”

Trustwave’s incident response team was hired by a third party-payment processor in March whose network had been infiltrated by the attackers as part of the heist. “They [the cybercriminals] took out 4G of data over a month. They had all the domains, administrator credentials .. and access to the payment processor,” says Hussey, a former FBI cybercrime investigator.

The heist went down this way, according to Trustwave:

Physical Stage I Recruit of mules to open bank accounts and issue new debit cards

Cyber Stage I Obtain unauthorized privileged access to the bank’s network

Cyber Stage II Compromise third party processor’s network

Cyber Stage III Obtain privileged access to Card Management System

Cyber Stage IV Activate overdraft on specific bank accounts

Physical Stage I Cash-out from ATMs in multiple cities and countries

Source: Trustwave

The criminals needed access to the bank employee accounts to set overdraft features to the debit-card accounts the mules had opened. That’s where a low-risk debit card account can be converted to a credit card so a customer can withdraw cash even if he or she doesn’t have the requisite balance. Once they stole those bank credentials, they altered the debit cards to low risk and high-overdraft levels and eliminated existing anti-fraud parameters set for the accounts. With the overdraft feature, “you can take $25,000- to $30,000” out of the ATM per card, Hussey notes.

“In a very coordinated fashion, people in Eastern Europe were at ATMs and taking out as much money as they could from as many ATMs as they could … In video footage, you could see them walking out and handing over the cash,” he says.

He says his team hasn’t had enough information to publicly say the attacks were aligned with a specific cybercrime gang, although it is possible it could be the infamous Carbanak/aka FIN7 group out of Russia. “But we haven’t found any technical clues” to determine that, he says.

Weak Links in the Chain

The attacks took advantage of several configuration and management holes in the banking systems. According to Trustwave, because the core banking systems and card management software weren’t integrated, there were no red-flag detections of fraud, which gave the criminals more time and leeway to pull off the heist.

User authorization controls was another weakness: a single bank employee user could both request changes to and approve changes to debit card account, and domain administrator privileges were easily stolen via the Windows Domain administrator, Trustwave said in its report.

Interestingly, malware was not the centerpiece of the campaign. “They were living off the land using tools used by real users, such as network scanning and some administrative tools,” Hussey says. “They did as much as they could not using malware” so as not to raise any alarms, he says.

With all of the banks hit, Trustwave’s investigators saw the same MO that led them to conclude the campaign originated out of an organized crime operation. And there are likely more victim banks that haven’t yet discovered they were breached, Hussey says.

“We think this is just one [instance] of many attacks,” he says.

Ilia Kolochenko, CEO of Web security firm High-Tech Bridge, points out that the attacks’ techniques are less sophisticated than those that Western banks experience. “This can probably be explained by practicality and a pragmatic approach from attackers – banking infrastructure and enacted security controls in developing countries are much less sophisticated than in the Western World,” Kolochenko says. Even so, Western banks should be on alert for this type of campaign, however, he says.

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise … View Full Bio

More Insights

from Dark Reading – All Stories http://ubm.io/2zdvyIP
via IFTTT

New Adobe Flash ZeroDay Used To Plant Surveillance Software

New Adobe Flash ZeroDay Used To Plant Surveillance Software

Adobe has patched critical vulnerability that was found being exploited and planting FINSPY surveillance tool used by nation-states and law enforcement.

Adobe released a patch for a critical, remote code execution zero-day vulnerability in Adobe Flash Player today. Kasperksy Lab discovered the vulnerability when it saw the BlackOasis threat group using the FINSPY (aka FinFisher) surveillance tool to exploit the bug in attacks last week, according to a Reuters report; Adobe acknowledged Kaspersky researcher Anton Ivanov in its advisory.

A type confusion vulnerability in Flash, CVE-2017-11292 impacts Flash running on Windows, Macintosh, Linux and Chrome OS. The attacks witnessed in-the-wild were targeted and against Windows machines. 

FINSPY can be bought by law enforcement and nation-state intelligence agencies as part of “lawful intercept” surveillance tools. Last month, Microsoft patched a zero-day vulnerability in Office, discovered by FireEye, that was also being used to spread FINSPY. It was the second zero-day being used to spread FINSPY that FireEye had discovered this year.  

For more information see the Adobe release and Reuters

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

More Insights

from Dark Reading – All Stories http://ubm.io/2ihZekD
via IFTTT