Miscreants sweep internet for unpatched Cisco kit, fears over bugged Chinese parts, Roger Stone nabbed... This week we saw Hadoop hacks, Exchange exploits, and Deadpool besting scammers. Here's some more computer security news to round off your week... Alarms sounded over incoming Cisco attacks Earlier this week, Cisco cleaned up a series of security flaws in its routers. Now, admins are being urged to apply those fixes as soon …
Anyone notice a common thread in these reports every week? It seems to me that we're failing in everything and learning no lessons - moral behavior, honesty, real quality control? I guess someone is working on an app so that we can run these things on our phones in the belief that it will change the world ... and make them lots of money.
"Once is an accident. Twice is a coincidence. Three times is an enemy action." - Goldfinger
The remarkable thing is that nobody seems to mind that Sanders was cheated of his candidacy/presidency. This is the only thing that is clearly proven. Clinton & co. betrayed the democratic voters. They faked the primary elections. The press does not seem to be bothered by this FACT. But why? ;-)
Or that a disgruntled Sanders supporter, named Seth Rich died right after Assange got those emails, you know, the ones that the timestamps (checked by ex NSA program manager William Binney) showed were copied at USB2 full speed - faster than the link to any Russian hacker could be....investigation of that was as perfunctory as say "no reasonable prosecutor would" or some foundation collecting millions that never made it to Haiti - but did to a daughter's wedding, or quite a long list of other issues like whether selling uranium to a foreign power was OK because it couldn't be shipped (other than that loophole that allowed it to be shipped that any responsible Sec State would know about).
See, in the US we have selective enforcement, not a nation of laws - we have the laws but they don't mean much anymore unless you're small time.
I've repeated these same sentiments here many times, but all I get is heavy downvoting.The readers of ElReg don't want to hear anything about Seth Rich because it contradicts their cherished fable about Russians hacking the DNC, which feeds into the fable about Trump being Putin's BFF.
Probably because you have no evidence to back up any of your statements, while people are sitting in jail becuase of the Russian side of the investigation. It's almost like one side has evidence and the other side is chanting "lock her up!"
RE: "The readers of ElReg don't want to hear anything about Seth Rich because it contradicts their cherished fable"
Sigh. Here we go again. I'm fed up of arguing about this so I'll just post a couple of links. Read them or don't. I no longer care if you and your ilk want to be stubbornly ignorant.
https://www.snopes.com/news/2017/05/25/seth-rich-conspiracy-theory
https://www.snopes.com/fact-check/seth-conrad-rich
I just read your link (again) and again it fails to prove or disprove anything. Yet Snopes hews strongly to the Democrat Party line that the Russians hacked the DNC computers, despite the fact that the DNC refused any independent entity permission to examine their computers, not even the FBI. Further, there is the matter of the email timestamps, which are somehow never mentioned in the Snopes article.
I assume you are aware that those emails had timestamps (made during the last copy operation) which were far too close together in time to have happened over any remote network connection. Only a direct connection such as a copy to a thumb drive could produce timestamps so close together in time. Yet we are asked to swallow this anomaly whole, that is, on the rare occasion the timestamps are even acknowledged by the "Russians did it" crowd.
So, how do you explain it? Another link perhaps? That aside, I prefer to accept reality and therefore suspect Seth Rich did indeed steal those damning emails from his place of work once it became clear the DNC was colluding with Mrs. Clinton to cheat Bernie out of the nomination. Then they found out about it and offed him, but it was too late; Their dirty laundry had already escaped and the rest is history.
Why are you trying to make it about Seth Rich? What about Sanders and his voters getting cheated? They simple ignored their votes and dictated a different result.
Isn't that supposed to be one of the greatest crimes in a democracy?
"You don't have to be authenticated, you just have to be able to reach the router's web-based management portal."
And why would you have that visible remotely over a plain Internet connection, or indeed internally unless you're on an administrative VLAN?
It's the ridiculous logistical arrangements that companies decide to use that cause security problems, much more than the fact that someone may have found a small hole?
It's time we made systems that *ACTIVELY* prevented their poor implementation. Like refusing to expose administrative web consoles on any Internet-facing connection, enforcing administrative action only over a physical separated console cable (like we always used to do!), refusing to activate service until passwords have been changed from the default, etc.
You don't have to be authenticated, you just have to be able to reach the router's web-based management portal.
I would expect this kind of sh1tty code (easily exploitable) and wrapped in an equally cheap-n-nasty IoT product from some eastern Asian country.
I was not expecting this sort of code exploit to be in an expensive product made by a multi-billion dollar company called Cisco. Makes me think out aloud if Cisco actually sub-contracted the code from some the same east Asian country (and not bother checking)?
Another thing, Cisco own Talos. So Cisco (and Talos) didn't bother checking on their own product and it took an outside security firm to spot this?
Is it April 1 already?
> this latest episode of infosec scrutiny might be a bit much even for Washington, DC.
> A report from NextGov examines how Senators have become concerned that the planned overhaul of the District's metro rail system with new carriages could put national security at risk.
Not as silly as it sounds.
Bear in mind, France's security service got sprung big time many many moons ago (40yrs?), having bugged every Air France plane's seats, monitoring passenger lists, and keeping the recordings of anyone of interest.
And it's a LOT cheaper & simpler to do, nowadays.
And could Washington DC be considered potentially a riper richer area of interest than most?...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
