Press "Enter" to skip to content

Month: May 2019

Friday, May 10th, 2019

U.S. charges Chinese national in hacks of Anthem, other businesses

Two crypto-mining groups are fighting a turf war over unsecured Linux servers

Bumper Crop of New Briefings Added for Black Hat USA


 [00:00:06] All right first things first from Reuters by Diana Childs how editing by Susan Thomas and Peter Cooney. So I don’t know why they needed two editors. It’s like four paragraphs. The U.S. charges Chinese national hacks of Anthem and other businesses. So a federal grand jury charged a Chinese national in a 2014 hacking campaign that affected large U.S. businesses including anthem. So we all remember the anthem was a pretty big breach. It was right on the tail of a lot of large breaches so it got a lot of attention to a lot of P.I. obviously not great. So this. They call it an extremely sophisticated hacking group stole nearly 80 million people’s worth of data from Anthem anthem. So obviously quite a bit. Included birthdays names Social Security number street address e-mail address employment information including income data. So a Chinese national has been charged. I don’t see anything in here about this person being extradited. We know how that goes. It’ll probably never happen. This is a shot across the bow but attribution is tough. More power to these people for being a motive to do this. It’s a good thing.

 [00:01:17] From ZDnet by Caitlyn Kimpower now to crypto mining groups are fighting a turf war over unsecured Linux servers. So there are two large crypto mining groups out there called Pacha and rocky. Probably pronouncing both of those wrong but currently, they both have developed their own malware which is not necessarily anything new. You know bad guys do that. That’s what they do. That’s why they’re bad guys but they’re using this malware in order to mine Martin Monaro on the end. So and obviously they’re going back and forth with each other so one guy you know they pop a box and they rip the other person’s malware off and it just keeps going back and forth back and forth to gain quote unquote market share which is interesting. I mean everything has a market share right. So one of the interesting things here is they’re mostly going after cloud-based services due to the amount of resources that those machines have. Makes perfect sense right. I mean imagine if you could get a pop box that had that scale to automatically based on load right. I mean it probably wouldn’t last long but there’d be an interesting one. So some interesting notes in here one of the newest ways they are getting into these boxes are with the Atlassian confluence server vulnerabilities that got released in March. So apparently they’re using three separate ones to really do this in this rocket group has an advantage because their power is more superior because it has the ability to uninstall cloud-based security products which is interesting so it can go on a box in the route removing HIV. And it’s also removing the competitor’s malware. So it sees what there was one other thing in here. Oh there. Exploit portfolio systems that they’re going after. Jenkins confluence Apache struts Jay Bos and others. So those are all we know all of those systems have a lot of vulnerabilities. So if you have them protect them to make sure they’re good to go. Hopefully, none of those systems are like at least your confluence. I don’t know why it would be Internet-facing. But anyways here we go next. And this one is pretty light but it is almost hacker summer camp time which means hopefully you’ve got all your papers submitted. Black hat has announced 50 plus new briefings today. This article comes from Dark Reading obviously black hat dark reading. Can’t believe they announced it on Dark Reading. It’s called bumper crop of new briefings added for Black Hat USA written by Black Hat staff. So they highlight a few of these big ones trust here. Here’s what they’ve got on here. Trust and transformation the post breeds journey so you’re gonna learn about the Home Depot and Equifax breaches which are you know those are big breaches so that’ll be an interesting one in the next inside the Apple T2 which is the inner workings of the apple T2 security chip so if you’re in a hardware hacking and that kind of stuff that’ll be a good one for you. And then next Bruce Schneier. That’s pretty big. He’s gonna have a talk called information security in the public interest. I would highly recommend if you’re going to be a black hack go see this. I don’t know how often he speaks this is the first time I’ve heard of him speaking in public at least is something like this. So go check him out a very smart guy. Don’t be surprised if half of what he says goes straight over your head it does for a lot of people even the smartest people in this industry have a hard time grasping all the concepts he can put out in one small piece of time very smart guy. So that’s it for today. Nice easy day it’s a wet day here in Houston I hope everybody has a wonderful weekend and we’ll talk on Monday.

Thursday, May 9th, 2019

Breach Incidents on Record Pace for 2019

C-level executives increasingly and proactively targeted by social breaches

IT Specialist Convicted on Cyber Hacking Charges Sentenced


 [00:00:00] Good morning friends. It is Thursday May 9th 2019. And this is Security on the bayou. Hope everybody’s having a wonderful week two more days you’re almost done get there it’s can be a beautiful we can hopefully wherever you are. All right.

First up from security Boulevard dot com by Erica chick while whiskey breach incidents on record pace for 20 19. So this is an interesting report. And this is again one of those articles that you’re going to find multiple people reporting on it throughout the industry and all over the news right. So in quarter one of 20 19 there were 1903 data compromise incidents exposing more than one point nine billion records. Obviously this sounds like a lot because it is a lot. Let’s compare it to last year twenty eighteen The volume of reported breach incidents was up 56 percent in one quarter and expose records was up by nearly 30 percent. That’s a huge jump year over year. That’s I mean that’s really really hit 56 percent and 30 percent anywhere else. Those percentages jump like that most usually you’re getting rich right. Not here this is bad news it’s gone backwards and some more perspective on this. Usually in between 2009 and 2016 the average records exposed was right around and one quarter was right around 100 million to 200 million. So in 2015 there was a R there was a larger number. 2015. I don’t remember exactly what was breached then but also look that up for you guys. So there I mean there’s been a huge increase over you go from 100 million to 200 million and then you go to a billion in less than two years. That’s significant. That’s quite a bit. This just goes to show you it’s not stopping. It’s not slowing down. People are continuing to get breached. So you got to do your do your part right protect yourself. So I don’t want this to be a scare tactic. You know you shouldn’t be scared by some of this stuff. This is just information you can use to go make things better. Right. Put this in your tool belt and move along

Next from help net security dot com title the article sea level executives increasingly and proactively targeted by social breaches. Normally this is not something I would have included. I mean this is sort of a no brainer C-level executives are getting fish wailed horrible vicious whatever you want to call it pretty consistently over the time over forever. Right. It’s just something that’s going to continue to happen surely because of the amount of access to information they have. But here we go. This again came from the rise in DVR we’ll start to see more and more stuff. People will start digging in this and pulling out little nuggets here and there so I’m not going to read one of these every day hopefully but for a while you’re going to be hearing about this stuff. So senior executives are 12 times more likely to be target of social incidents and nine times more likely to be the target of social breaches than in previous years. So once again this is big because increase year over year 12 times and nine times more likely than they were last year. That’s that’s significant. Once again the six significant so there’s things you have to be focusing on right. You know you don’t need to go buy all these fancy technical solutions right and the security tools and DLP and Cosbys I mean eventually in order to mature your organization you should. Right. But at the end of the day one of the biggest things is your I.T. hygiene right. What are your your helpdesk processes to investigate phishing. What are you patching. How are you filtering emails real basic sort of business operations items right. So I.T. hygiene it always comes back to I.T. hygiene. Right. Do the small things right to build upon and build your organization up right. You can’t have a good. You can’t build a big house if you ain’t got a good foundation create a good foundation for your house next.

I like this one. If you’re ever on Reddit or just in the world you know people always talk about what would you do if you got fired from this job. You know people that really hate their job always end up you know I’m going to delete everything I’m going to take everything down I’m a hack this right on my delete number write a script that’s going to blow up the machine right I’ve heard that one before. Here it is from security week via the Associated Press I.T. specialist convicted on cyber hacking charges is sentenced you may or may not remember this but there’s a gentleman named Edward Sobel. He was convicted by a federal jury in December on 12 counts of computer hacking. The 35 year old soy Bell of Chicago acted after the industrial supply company fired him in 2016 for quote unquote on unprofessional conduct and punctuality issues. So you his late and he was an asshole so essentially he got fired and he decided well if that’s the case and I’m going to take down everything I can guess what still illegal. Now he’s in jail for three years. So there you go. Don’t do it. It’s pretty simple right. One of the principles of life. Don’t be an asshole and you’ll be OK. All right folks I hope you learned something today. Someone put in your tool belt and take back to work with you. Everybody have a wonderful Thursday it is May 9th 2019 the security on the bayou.

Wednesday, May 8th, 2019

LulZSec and Anonymous Ita hackers published sensitive data from 30,000 Roman lawyers

CIA camps out in anonymized Tor network

Highlights from the Verizon DBIR 2019


 [00:00:00] Welcome friends. It is Wednesday May 8th 20 19 and here’s today’s security news.

 [00:00:07] First thing’s first let’s start with this from security affairs by Pierluigi Paganini which I think he wrote an article yesterday if I remember correctly. This one entitled little SEC anonymous IPA hackers published sensitive data from 30000 Roman lawyers. So I.T. here standing for Italian. So they were able to collect the data of 30000 different lawyers over there all with personal information and evidence of access to PCC accounts which is the certified email account so it sounds like all of the lawyers in Italy are given a certified email account which sort of makes sense him audit purposes and know regulatory stuff. So keep that going. It appears that maybe the actual target of this was the mayor of Rome Virginia Froggy. So which is a member of this group? So I originally when I first saw this headline I assumed they were you know they were on the warpath for maybe for the Catholic Church but it appears not. I’m not to do some bit more research on this but the reason that they did this is we want to remember our friends arrested a few years ago and make them understand that we ate Anonymous is legion. So I don’t know who our friends are from a few years ago author look around but it’s an interesting hacker from little sac who you know we hear from stuff from occasionally little sex slash anonymous. How you know pretty much the same thing at this point. But this is probably one of their larger hacks in quite some time so it appears they’re back. Maybe they’ve reorganized a little bit or just maybe some new motivation that’s probably the correct answer there next. Yep

 [00:02:03] So this one’s fun from ZDnet by Charlie Osborne and this is one of those articles that this just happens to be the link I found it’s going to be everywhere it’s all over the place title that article is CIA camps out in anonymous toward the network. So the CIA has spun up their own onion version of the CIA’s Web site at really long address dot onion. So it’s a mirror image of the standard web site. But the CIA CIA says that creating this version meets the agency’s intelligence collection mission by being secure on anonymous and untraceable. If you believe any of those last three words I got I got some beach front land in a desert to sell you. Secure anonymous and untraceable in CIA and onion all in one sentence. I just have a hard time believing this. I don’t even believe that their intentions are pure here. I think this is there’s something going on here and there has to be. It’s the CIA. That’s what they do. They try to make you believe that everything is hunky dory in the background they’re actually doing something nefarious. Let’s call it nefarious. So you best believe I’m to go check this thing out. It’s curious. Right. I want to go see it and then I just burn my laptop. I don’t know. I might probably do this in a virtual machine that’s what I’ll end up doing. Even though it’s probably not going to matter some. An interesting article from Xena about the CIA the new tor Web site.

 [00:03:42] Next from the state of security on Tripwire by Tim Erland highlights from the Verizon DBIR 2019 so I’m not going to read this whole article but for those that don’t know Verizon over year over year releases a report it’s called the Data Breach Investigations Report. It’s sort of an industry standard at this point. I look forward to it pretty much every year. Do I. I don’t know. It’s usually a pain in the ass but I like reading it every year because there’s usually some good findings in there. Essentially what it is they send these surveys out to people across the industry that work in security all the time and they start you know they let them know sort of what happened in their world that year. So for instance look let’s see let me pick one of the things out of here the grid. There were six hundred and eighty-four information incidents related to denial of service. So don’t forget what this thing is. This graph is that they. This matrix I guess it would be that they built. There’s a specific name for it but it’s interesting because it breaks down incidents and breaches by pattern action and assets. So like that same one, the information incident had 684 denials of service seven hundred ninety-six were classified as hacking. 874 were servers so you know there are different categories in here like under asset you have user development server person network media kiosk slash terminal. So in that report, they define all this stuff. There’s always usually some interesting things that come out apparently. Here we go. This is right off the top so I will give you a little bit of it. Health care has the most problems with miscellaneous errors a departure for most other sectors. That’s interesting. I mean health care has a huge M&A aspect to it. So anytime you start putting that much MD&A into it things get harry but  Banks also do a lot of. So why don’t they have the same problem? So just answer there’s always some interesting things in here but always take into account right. Humans wrote this down and no matter how many times they read a definition of something they may get it wrong. Like the difference between malware and hacking misuse, social error and physical one can lead to the other. Right. All the time. And where does phishing fall in there right? Is it hacking or is that malware. It could also fall into social obviously. So there’s a lot of things that can change in here but it’s a good report. Go find it. Once again it’s the rise and D.B.I.RE Delta Bravo India Romeo Romeo Romo hey Tony Romo. OK. I think that’ll do it it is Wednesday, May 8th, 2019. Everybody have a wonderful day we’ll talk again tomorrow.

Tuesday, May 7th, 2019

A bug in Mirai code allows crashing C2 servers

DuckDuckGo proposes “Do-Not-Track Act of 2019” to require sites to respect DNT browser setting

‘Matrix’-Themed Ransomware Variant Spreads


 [00:00:00] Welcome to Security led by you it is Tuesday, May 7th, 2019. Hope everybody had a wonderful weekend.

All right let’s kick things off here. First off from security affairs echoed by Pier Luigi Pagani a bug in Meri code allows crashing CE to servers. So as you may know the MRI botnet is out there and it’s taking over as the devices like crazy. It’s hard to go anywhere and not hear about MRI. Now when it comes to botnet society. So it is it’s prevalent. It’s across the world but apparently, it has a bug which according to this article the bad guys have known about for a while and they actually use this to take down a rival botnet which is fairly interesting. So essentially what this bug is is that the C2 several crashes when someone tries to connect to it using a user name sequence of 125 plus characters. So in this happens because the function within the code sets the byte limit at 1024. So if you do a thousand and twenty-five it will crash the server. So you know that that in and of itself is neat right. But what this article goes on to talk about is why isn’t somebody just running a script to constantly check to see if these C2 servers are up. I don’t pad packets tracks these things. Why isn’t somebody just pinging them seeing if they’re up and then if they are you take them down? Well, unfortunately, that would be illegal. But I would say well what they’re doing is illegal as well. Right. So you know two can play this game. Why not just go get a bulletproof server spin up this script and start pounding these things and taking them down. I’m not going to do that. I got enough to do in my life but I’m not saying that maybe you know I’m not saying it’s a bad idea. So you can go check that article out it’s really quick and easy there’s a link to the get hub although if you don’t know. The more I get sources. Just go search for it on Google I’m sure it’s been fought a thousand times. It’s pretty neat to read within the source code or in on the Github repos. There’s a list of username the password so fun project you can do that’s not illegal but you want to see maybe you’ve got a web server that is you can pump that listen and see if anybody see what the hits are there are some unique user names that are being used. So any little project for you if you’ve got a web server running whether AWB says or something like that. All right.

Next, from Security Boulevard, this one by strong got a lady Duck Duck Go proposes do not track the act of to 2019 to require sites to respect D.A. browser sizing settings. So for those that don’t know do not track essentially as a way of telling the Web site that no I don’t want you to track my activity across the browser across the site that I’m on is. You’re not allowed to do that. So that doesn’t necessarily some browsers have this but doesn’t necessarily mean they’re going to respect those wishes. So this act would do two things. No third party tracking by default which means that Web sites wouldn’t be allowed to use hidden trackers anymore on the sites that you visit. So on average when you go to a site there are up you know 15 20 different trackers running in the background that are collecting data whether it be Facebook Twitter Instagram all the social media’s or even in-house or even in-house trackers. One way to sort of combat that right now is I use personally it’s called ghost story. So it’ll tell you for instance actually let’s do this on security Boulevard right now. There are 12 trackers I see a Google. I see a discus HubSpot forums Google Tag HubSpot gravity car add any Twitter button Twitter syndication. So I mean that in that’s a security Web site. Imagine you know a bad Web site and no trackers are out there so you can use something like that to currently protect yourself from this to an extent. The next part of this would be no first party tracking outside what the user exempt it expects. I think you’re right. They gave a great example of this I’m just gonna read it right here. For example, if you use WhatsApp its parent company Facebook wouldn’t be able to use your data from WhatsApp you know unrelated situations like for advertising on Instagram also owned by Facebook as another example if you go to a weather site it could give you the local forecast but not share or sell your location history. So this is an extremely common practice and this is one of the reasons that these companies go and buy all this stuff up Facebook went and bought WhatsApp because as a massive user base. Right. And that just feeds right into its advertising. So that’s a separate conversation but you’ve got to be on the lookout for this stuff. Understand where the software you’re using comes from and how it’s connected for you know most folks that have used WhatsApp in the past have now shifted away from WhatsApp because of this exact purpose. If you’ve created an Instagram account lately you’ll know that it asked you if to use your Facebook account or associate your Facebook account so know what you’re using when you use things on the internet. Don’t talk to strangers either.

Next. This is your sort of you’re funny of the day. This one is from dark reading one of my favorite Web sites Kelly Jackson Higgins writes matrix themed ransomware variant spreads. So this is it’s called Mega cortex. At this point I think can we just call it its standard ransomware. But this isn’t standard but it’s just ransomware. It comes from the ransom note is read in the voice of Laurence Fishburne character Morpheus from the Matrix which is you know I want to hear that it’d be pretty funny I’m gonna go track that down. Maybe I’ll find it I’ll play for you guys. So what it is instead of asking for a bitcoin theorem whatever it is they’re asking for these days for monetary value. It is asking for consultation on how to improve your company’s cybersecurity and a promise that taking the attackers upon will on that will guarantee they won’t attack you again. I’m called bullshit on that right away. So this is something that Sophos found. Apparently whoever these guys are guys whoever these people are that are doing this they conducted 47 attacks in a 48 hour period so they’re clearly they’re trying to make money they’re just trying to do it in a different way. I hope to God that this isn’t some security consulting firm out there trying to drum up business because this is the fastest way to go out of business. So interesting read there’s some details in here about what makes it different. They’re using domain controllers and they’re snagging credentials off the domain controllers to do a lot of this and then it’s also they see this being dropped by Emotet So if you have iEmotet. You should already be cleaning them. But here’s another reason to do that. All right, folks, that’s it. That is our day today. It is what it was today. It is Tuesday, May 7th 20 19 is Security on the bayou. Everybody have a wonderful day. We’ll talk again tomorrow.

Friday, May 3rd, 2019

McAfee Survey Finds IT at Cybersecurity Fault Most

President Trump Signs EO to Bolster Federal Digital Security Workforce



[00:00:00] Hello folks it is Friday, May 3rd 20. And here is today’s security news first. [00:00:06][6.0]

[00:00:06] Let’s start with security Boulevard dot com from Michael Vizard. The title is McAfee survey finds I.T. at cybersecurity fault. Most first things first that headline terrible I clicked it because it said Mac Freeman intrigued me to try to figure what the hell he’s talking about. So here it is. This week McAfee published a survey they conducted of 700 professionals working in organizations with over 1000 employees entitled Grand Theft data too. All right if you’ve been in the industry long enough you know what these reports are going to boil down to right. They’re going to try and sell you something at the end of the day. But what I want to bring up what is interesting about this report is something that hasn’t come up before but is probably 100 percent spot on the report finds 52 percent of respondents claim I.T. is at fault when data leakage event occurs versus twenty-nine percent who say business operations. So essentially what they’re saying all these I.T. professionals is that more often than not it’s the I.T. professional fault and it’s not the user which is common in this industry it’s extremely common to try and blame the user for our issues right. One of the reasons that this number is higher is that there is more opportunity for an I.T. professional to mess something up. All it takes is one misconfigured server. Right. And then there you go. You may have a back door open and boom daily. Right. So this you know this directly speaks to you here all the time people process technology right for sort of you know the people part of the thing. We you know we know what we’ve got to do there. It’s all about training and building these people up to make sure they have the right skill sets. But if they don’t have the right processes in place to help them then you know they’re screwed. All right. So I think that’s it here. You know this article goes on to talk about CASB and EDR tools all of which are things that McAfee would love to sell you let’s move on from there. [00:02:05][118.8]

[00:02:06] Speaking of people process and technology the next one big one coming to the White House today. This is from trip wire dot com. Although you could find this probably anywhere it’s coming on CNN Fox News all over the place. President Trump science EO to bolster federal digital security workforce. This one by David Bissonnette. So President Trump is signing an executive order on America’s cybersecurity workforce. So they realize that there is a skills gap within the cybersecurity workforce whether it be in the federal government or even in the public sector so they’re doing a few things. Obviously, this is more about the federal government. They are going to develop a digital security rotational program within 90 days. This platform for purpose is to enable federal 18 digital security practitioners to receive temporary assignments in the Department of Homeland Security and vice versa thereby facilitating the exchange of knowledge training and experiences. So this is something that gets talked about in good practice all the time within a security organization is that you should be rotating people around nine times out of ten it never happens. So this is the White House making that happen for these folks. So I mean this, in my opinion, nothing but good can come from this 90 days to create that program and make a sustainable program seems a bit far fetched. But you know more power to them see if they can get it done if done correctly this can do a lot of good for that that the cyber is the federal cybersecurity workforce. And this is not just is the which is pretty interesting. I’m curious to see with where this goes is called the President’s Cup cybersecurity competition which is going to be not just for government employees but also it sounds like they’re going to let third-party contractors that are in the cybersecurity space compete in this as well so they’re talking about you know cash prizes days off which if you’ve never been in the military or the federal government that’s a thing they award you with the day you know a week off or whatever. I’d rather have the cash personally and then another thing they’re doing which is not listen to this article but as you know some I saw in another one I read was that they’re also going to start doing some programs where they’re going to award Elementary in junior high teachers for their accomplishments and cybersecurity education which I think is great start them young right. I mean this industry is new enough now that this quote-unquote cybersecurity that most the people that are in their prime if you will. This is stuff that came about when they were late in high school or college right. It didn’t necessarily exist at that time. And those that have been around for quite a while they started out as I.T. folks. They were not cybersecurity quote unquote people. So I think this is good stuff. I really hope this works out. I’m rooting for it should be good. We’ll see what happens. [00:04:58][171.8]

[00:05:00] Next. This is a long article on I’ll give you a quick recap of it. Some things I pulled out that I thought were interesting but go read this-this is a sort of an expose a. This is from Wired dot com and mysterious hacker group is on supply is on a supply chain hacking hijacking spree by Andy Greenberg. Yeah, I guess they’re mysterious but you’re gonna know the name either known as barium shadow hammer shadow pad a pad or wicked Panda. So that right there wicked panda should give you an idea of where these folks are based. So these are the folks that will be blamed for hijacking the software update stuff from a Seuss and then also this S.S. cleaner tool issue. And so one of their attacks their tactic here is sort of a spray and pray tactic where use harkens back to the Russian submarine force back in the day where they didn’t necessarily aim they just shot as much as they could to hope to hit something and take something else out. Right. So that’s sort of what’s going on here with their attacks is they’re just spraying it everywhere collecting the data see what they have that looks interesting and then going after that. So it’s an I mean it’s a tactic that has worked in the past and many different things not just cybersecurity submarine warfare as well. And then in the article, they interviewed some folks and you know they claim to say that if they were to try and deploy a ransomware sort of like not pet. Yeah, it would be even more destructive around the world. So I don’t necessarily disagree at the I’d like to dig into that a bit more before I really get into that some of this. Those are the three articles for the day. [00:06:40][100.7]

[00:06:41] One last thing a quick update with the other day we talked about the ICS security stuff with California and Utah. Well apparently there’s some more information has come out. It’s still a little fuzzy here but there was a denial of service attack but no service was disrupted. No, no service or production was disrupted. So why that report was filed. We’re still kind of unsure I guess within the organizations in these states. Everybody’s pointing fingers say hey we didn’t do it. Did you guys do it? Who filed this thing where did it come from. So there’s some question as to what happened here but it appears that there was a denial of service and there was no disruption to service or production. So I think all’s well that ends well and that one there is clearly some process and procedure issue that they’ve got to figure out there. All right folks thank you. It is Friday, May 3rd and this is security on the bayou. Everybody have a wonderful weekend. We will talk again on Monday. [00:06:41][0.0]

Thursday, May 2nd, 2019

Sinister secret backdoor found in networking gear perfect for government espionage: The Chinese are – oh no, wait, it’s Cisco again

Putin Signs Controversial Internet Law

We dunno what’s worse: Hackers ransacked Citrix for FIVE months, or that Equifax was picked to help mop up the mess


 [00:00:00] Good morning folks it is Thursday May 2nd 2019 and here’s today’s security news.

 [00:00:05] First things first from security week by AFP. Putin signs controversial Internet law. So today Putin signed this sovereign internet bill act in Russia which would essentially do a few things. One of those is it creates a central point of entrance and exit out of the country for the country’s Internet traffic. A lot of criticism of this bill comes from its vagueness in the way it was written. A lot of people are trying to get a lot of people. People are trying to claim that this will create an avenue censor the voice and opinion of the folks on the Internet in Russia. I don’t necessarily disagree and I don’t think this is one of those we have to see how it plays out. This is pretty well bad off for everybody involved. You know I tried not to get too deep into the privacy stuff on this thing is how it’s a security podcast but it’s sort of part of the deal. So for this one, I’m going to steer away from the privacy aspect to this and I want to try to sort of ask a few questions about the security aspect of this. One of those being if there is a central point of entrance and exit for all internet traffic coming from Russia. No attribution is already really hard, especially for the regular non-government agencies. So this. My assumption is that we’ll make it extremely difficult because now they can control more heavily what they can and will mask in and out of that country. So you know common tactics of hopping VPN or different boxes upon boxes around the world. That’s common, I think. Obviously, they use it. Everybody uses it. I think that having this central point of entrance and exit is gonna make it extremely difficult for there to be any further additional attribution for anything Russian related. You know this comes off the heels of last year when the federal government essentially said that Russia meddled in the elections and it was their fault. So this feels like a response to that in such that they say Well you figured out who it was well good luck finding out next time. So we’ll keep an eye on this we’ll see what happens. You know this reminds me a lot of when net neutrality was repealed the first time all these companies said oh well well we’ll never actually you know use these stipulations that are in here. We’re still for the consumer. This feels a lot like that right. We know that eventually at some point they’re going to use this for the wrong reasons. OK let’s stop on that let’s move on.  

[00:02:40] Next a from the Register by Ian Thompson in San Francisco. Sinister secret backdoor found networking gear perfect for government espionage. The Chinese are Oh no wait it’s Cisco again. So Cisco issued a fix yesterday for their 9000 Series Nexus switches. Excuse me Cisco Nexus 9000 Series Application Centric Infrastructure mode switch software that is a mouthful anyway. A piece of software on one of their switches. There was a backdoor into it and it was it was caused by. Let me get this right. Default SSH key pair. Hardcoded into the software so understandably people make mistakes. That’s a pretty big mistake. We talked about default passwords yesterday and IOT law that came from me that’s coming out of the UK. Clearly, anything default is bad because once you get it one of them you’ve got access to everything. So they are now it’s patched. You know this is an interesting article because the author immediately was turned it right into the highway stuff so he got back to the point but I know there’s clearly another incentive here in this article but nonetheless, Cisco patch a vulnerability due to SSH key management not being up to par they’re doing me wrong. That is not easy. That is a hard problem is not a hard problem to solve. There’s plenty of solutions for it. It’s a hard problem to continue to solve and get developers and training people to do things the right way.

Next from the register. By Ian Thompson still in San Francisco. We don’t know what’s worse. Hackers ransacked Citrix for five months. Or that Equifax was picked to help mop up the mess. So yesterday we talked about the Citrix breach and how their employee’s information was stolen while more and more is coming out about this six terabytes of data were pulled out. They suspect that some of that was not just employee data but was also intellectual property. You know any business document sort of like Crown Jewels sort of stuff. But here’s the deal so as you guys know we’ve all had our accounts taken over dinner. Identity issues. So when this happens there’s always free credit monitoring offered for the employees or the users whoever it may be. Well, in this case, Citrix has chosen to go with Equifax which is just dripping with irony considering everything that happened with Equifax. Not even two years ago at this point. And so my question is there are three of these credit reporting agencies there’s plenty of other consumer report credit reporting agencies out there companies third party companies that do this. You had to pick Equifax you couldn’t just go with one of the other two. That’s what you had to pick Equifax. Something stinks here. From my perspective. All right. I know I got my rant on today. Thank you for listening. I appreciate it. I hope you get as upset as about this stuff as I do because it just motivates me to go out there and change things. Today is Thursday, May 2nd. This is security in the bayou. Thank you for listening everybody have a wonderful day.

Wednesday, May 1st, 2019

Phone and laptop searches at US border ‘quadruple’

Plan to secure internet of things with new law

A ‘Cyber Event’ Disrupted the Power Grid in California and Wyoming, But Don’t Panic Just Yet

Hackers went undetected in Citrix’s internal network for six months


 [00:00:00] Hello folks it is Wednesday May 1st twenty And here’s today’s security news.

First from BBC News. Phone and laptop search at U.S. border quadruple. That’s a lot quadrupling that’s four times that’s a lot in 2018. There were three thirty-three thousand two hundred ninety-five searches at the border. So this is all coming out because of the NFF and the ACLU ACLU have filed a lawsuit alleging that these are warrantless and unconstitutional searches. So this is what I would call this a pretty big deal in the privacy world. One of the things that we know is that when you go through the border there’s a lot of things that can happen to you physically enter your stuff right. I don’t think anybody likes having their cell phone touch or their laptop. It sucks right. It’s no fun you don’t know. I don’t have anything to hide. But the last thing I want is somebody else going through my stuff. So obviously there is a spot for this and quote-unquote protecting the country and it’s needed at certain points. But how far is too far as I really think was what the crux of the issue is here. So an interesting article here from the BBC. I’ll try and keep up with it it seems like it’s in its infancy. But I’ll see if I can’t keep track of it and give you guys some updates on it next.

Also from the BBC in the UK they have proposed a piece of legislation to regulate IO T manufacturers a title that article is “plan to secure Internet of Things with the new law”. So I don’t know the full process of you know law in the UK or something becoming a law. But I do like the basis of this. It’s a start. It’s not perfect but it will get where we need to go. It’s three things they want to implement. First, every I.T. device comes with a unique password by default. So no more default passwords of default or password or password with a capital P.. Right. That’s one of the big issues we see in the hacking of all these routers is every links us device out there has the same default password a password right. Well not necessarily IO T. You get the point right. No more default passwords second state clearly for how long security updates would be made available. This is great. This means you’re not going to buy a product and then it’s going to go out of warranty or no more support after a year. Right. What does that timeline look like in the enterprise world this helps big time with scheduling tech refreshes. Right. We don’t want to buy a product that’s going to not be supported in two years. If we can get the same thing for the same price for five years so on and so forth. Third one offering a public point of contact to whom any cybersecurity vulnerabilities may be disclosed. This is also big because a lot of these smaller companies don’t have that out there available. So now if a researcher finds a vulnerability it just doesn’t go and float in the wind on Reddit or Twitter right. They can go to report these things in proper fashion so that they can be fixed. These all seem like no brainers but apparently, they’re not because they’re going to have to enact a law in the UK to fix some of these things hopefully this moves across the pond. We’ll see. Time will tell

Next. From motherboard “a cyber event disrupted the power grid in California and Wyoming. But don’t panic just yet.” So the Department of Energy has a program called the O E 417 its electric emergency and disturbance report. So these electric or providers are required to report anytime that they have an emergency or a disturbance. So this was listed in one of those. And there’s really no detail at all it just says a cyber event in California Khem County Los Angeles County Utah Salt Lake County Wyoming Converse County. So something happened in those three counties. We’re not really sure cyber event that causes interruption of electrical system operations. So the key here is that there wasn’t an interruption. But what. While this is all good Well they’re they reported what I find the most interesting thing about this article is my new discovery that o e 417 is a thing and everybody has access to it. So in this article go click on the link and you’ll see there is a link to the Department of Energy’s o e 417 forms and submarines page which anytime one of these are filed you can go and look at. So it’s just an interesting item to add your tool box of knowledge right. If you have a question or you think something may have happened. Well, here you go. Here you go look now there is some stuff around what they it’s some gray area about what they will and will report. Obviously, if it’s you know the critical infrastructure and it’s super important to the plant and you know it’s a vulnerability it’s probably not going to be on here. But in any case it’s some visibility into what goes on. So this is a good thing.

Last but not least from Tech Crunch and Zach Whitaker hackers went undetected in Citrix’s internal network for six months. All right. Nobody freak out. It was Citrix because internal network nothing to do with their products. So as bad as this may sound it’s just another breach. The employee’s information was stolen at this point. This has run of the mill every day. This is caught my eye because it’s Citrix. This is not just some random little company. This is Citrix. This is I would be hard pressed to find an enterprise in this country that does not have some form of a Citrix product. So even the people we think that is the most secure and that we can trust the most in the products we use all the time even they are vulnerable to bad things happening. It’s just part of the world we live in this day. All right folks. That’s it for today Wednesday, April 1st. Everybody have a wonderful day.