Still boggles my mind that people will try to beat the BOFH... and they get caught.
It is not worth it. Rather walk away, keep your record clean and avoid all sorts of nasty surprises down the line.
It has been a busy week for security, with the CYBERUK 2018 conference in the UK and the industry gearing up for BSides and the RSA conference in San Francisco next week. But there have been a bunch of smaller stories that may have slipped under your radar, plus all the other bits and pieces we've covered this week. Wreckin' …
Walk away after making sure someone disables your accounts and remote access.
>As any security professional will tell you it's not outside hacking attacks that make up the bulk of issues, but your own staff.
BS - A recent El Reg article estimated internal issues as 25% of the total, and even that was inflated by inappropriate access, e.g. users accessing celebrities records.
>Kugler pleaded guilty to one count of fraud
Strange that a fraud charge was used, as it doesn't appear that she took money. But maybe it's easier for the courts to handle than hacking charges.
Rather ensure that it can't be traced back to you. And that any business you're trying to take down is taken down hard - including all backups etc.
I see such a plan as taking around 2 years to mature (ie ensure that backups are corrupt or at least no longer relevant). By that time they will most likely have other people who are more likely to be blamed too.
The security team is now aware of automated attacks attempting to compromise Drupal 7 and 8 websites using the vulnerability reported in SA-CORE-2018-002. Due to this, the security team is increasing the security risk score of that issue to 24/25
Basically, if you didn’t patch then why not?
@anon: "What are you? Some kind of reject from Pointy Haired Boss School?"
Not exactly, it's just a violation of elReg editorial policy to mention $THAT->SYSTEM in relation to computer malware. The short version being that if you enable UPnP and use the default password on your router, you can get compromised.
"In all, Akamai estimated that around five million routers could be vulnerable to hijacking via UPnP exploits: miscreants can use the flaws to rewrite networking tables, and turn devices into proxy servers. "
Yep. If you didn't know this, you didn't do your research and turned on UPnP because it was "convenient". UPnP is an unauthenticated protocol that allows ANY LOCAL USER to open ANY PORT to the world and direct it to ANY internal machine. Yes, your kids clicking one thing doesn't just break the computer they are on, it can put a permanent port forward of your CIFS/SMB port out to the public Internet for all the see, if it wants.
Most routers have terrible UPnP implementations too, so that it's not just local users, so that settings can persist, so that the user is never aware they're being accessed, etc.
UPnP is, was, and always will be a ridiculous idea for "convenience" when 99.9% of the world doesn't need to open any incoming ports anyway, no, not even for gaming. Only if YOU are hosting the server do you need to do that, and even then with an intermediary server on the Internet, you can still host games with ZERO open ports. Companies are just lazy and ask UPnP to open up port X to the world while you're playing your game rather than deploy even a single intermediary server.
And if you have UPnP on... tell me how the average user is supposed to know what's open, why and when it opens up? Because I've never seen a router that had that level of detail outside of big commercial things. Literally, UPnP is just a trojan horse that can unlock all your network firewall protections in seconds because ANY user asked it to, even unwittingly, from a games console, mobile phone or PC.
I left a job in acrimonious circumstances, and made one of the most senior people there in terms of service (the facilities management lady) who could not be bought or intimidated by manglement, watch while my replacement disabled my accounts and changed the root passwords with me in the room (me being on the other side of the room). I also had a copy of the dates, sizes and checksums for all the important config files and libraries, and told manglement I did so (in a secure repository) and that if they falsely attributed my work to any faults, I would hear about it and I would sue. (I had references from others who had already left, and from my replacement who was a stand-up lady). Post-departure was surprisingly quiet in terms of support requests :)
The report from Akamai regarding UPnP and the list of 400 router models from 73 manufacturers that are hackable is somewhat flawed.
i.e. ASUS 'have not' opened up UPnP to the Internet (it is not supposed to be), therefore I am puzzled what vulnerability has been proven on the listed routers, or has an assumption been made based on other routers without verification. !!!
The Akamai report mentions "Open WRT" with a note that they couldn't tell the version.
Well, it's open source software for any number of different boxen, so maybe the model number is pointless, but it looks a bit odd how they handled it.
On the version I have on my router, UPnP is not enabled by default. It's a bit reckless not to check the Firewall settings.
I suspect that finding whether UPnP is enabled is easier to check than some think, but many users will need some hand-holding while they do the check. And that can start getting expensive.
Seriously though, If I rang the local plod with a story like that there no way they would quickly apprehend a suspect. Hell , I could ring them and say my garage has been broken into , here's the kid on cctv , unfortunately wearing a balaclava , but we all know its billy from "the estate" and still nothing would happen.
Biting the hand that feeds IT © 1998–2019