IT management biz Kaseya's VSA abused to infect businesses with ransomware In what's looking like a nasty supply-chain attack, IT management biz Kaseya's on-prem VSA product was abused to infect its customers and/or their customers with ransomware. At least 200 businesses were hit total, according to infosec biz Huntress. Kaseya meanwhile initially estimated 40 of its own customers worldwide were …
...police seize 3D printers...
Well, they should also seize pen and paper because they are used for writing bad and violent notes by the bad guys. And all those paper planes blinding us when they are colliding with our eyes. It would be good to lock these dangerous materials away from general use.
Next we will all need a weapon license to buy a 3D printer and an extra fee is put on the raw materials. You are only allowed to buy raw materials with the license and the raw materials will be DNA marked with the license ID for tracking purposes. The collected money is for the copyright infractions every owner of a 3D printer surely is making all the time. The license ensures that we will kill each other in a registered and trackable way. This setup will work magic because only criminals will ignore the rules and will therefore be caught.
I'm wondering when someone invents 3D printing explosives for human consumption.
"...we will all need a weapon license to buy a 3D printer and an extra fee is put on the raw materials. You are only allowed to buy raw materials with the license and the raw materials will be DNA marked with the license ID for tracking purposes. The collected money is for the copyright infractions every owner of a 3D printer surely is making all the time. The license ensures that we will kill each other in a registered and trackable way. This setup will work magic because only criminals will ignore the rules and will therefore be caught."
I like this idea
They advertise their services as including protection for their customers from intrusion etc.
So maybe there's a very big question to answer here with regard to their ability to perform their contracts. One that needs a public investigation and presumably court action. After all, since they not only failed to prevent intrusion on their customers'/clients of customers - but they failed to secure their own systems -which has to be the first level of security.
"Kaseya told all of its nearly 40,000 customers to disconnect their Kaseya software immediately... Huntress Labs said it had tracked 20 IT companies, known as managed-service providers, that had been hit. More than 1,000 of those companies’ clients, mostly small businesses, also had been affected by the hack" [Washington Post]
Another outstanding success for outsourcing your crown jewels to some software company with good advertising.
This is a perfect example of why any company big enough to be able to afford to hire in-house IT staff should NEVER outsource their IT. It's also a perfect example of why any company too small to afford full-time IT staff should only hire other small local IT support companies and NEVER one of these large outsourcing outfits.
All you're doing is expanding your risk.
How do you think small IT support companies manage their clients? They use things like Kasaya (or Labtech, Autotask, etc.) otherwise they'd be wasting time and money doing everything manually. Everybody automates as much as possible if they want to stay in business.
(Yes, I have implemented both Kasays and Labtech for a small IT support company)
It is not just outsourcing, it is the every-growing use of cloud services to provide some form of funky solution that protects both your on-prem and cloud services.
Where you services are located is pretty much irrelevant when buying these sort of solutions. This is going to keep happening, again and again until such time as something so big kicks off Governments actually do something.
Look at how much is delivered as a "modern cloud" service with claims that anything that is only managed on-prem (or even in your own cloud subscription) is legacy. Management continue to buy the services because snake-oil salespeople use the fear of being left with "legacy" systems as the stick. The fact that the "legacy" systems are just as good as the "modern, cloud delivered" solution are ignored.
Many of these solutions have agents that are deep in the OS, any OS as they are providing security or monitoring. It is a perfect attack vector, compromise the Command and Control and that is it. simply millions of assets ripe for picking.
I don't care what these organisations claim, nothing is 100% secure, the more that is hanging off a webservice in the Internet, the higher the risk.
Kaseya has always been a lush target for malware slingers. As is any other centralised network management platform.
Kaseya stands out though because it fucking sucks. I haven't a clue what it's like these days but going back 10+ years it was an absolute ballache to manage. The IT shop I worked at had a member of staff dedicated to managing it.
While it is possible for a competent machine shop who has the right tools to make a relaiable gun I have my doubts about a 3D printer making a reliable gun. My understanding of gun manufacturing is there are very specific alloys and heat treatment used on critical parts. If the wrong alloys or heat treatment is done the gun can literally explode in the firer's face. For the 3D printer gun makers this is closer to a nomination for the Darwin Award than anything I particularly fear.
While it is possible for a competent machine shop who has the right tools to make a relaiable gun I have my doubts about a 3D printer making a reliable gun
Back in the 70s, 80s and early 90s, there was a town in the Philippines called Danao very popular among Yakuza.
The product Danao "exports" to the Yakuza were very cheap handguns. These handguns were very "reliable" in the first three rounds. After that succeeding rounds would cause the barrels to heat up and warp. Granted, metallurgy in the Philippines, back then, was no match to commercial- or even military-grade weapons factory.
Once the "deed" was done the users would discard the weapon in public and because the barrels were so badly damaged, it was very difficult to "trace" which weapon the bullet came from.
3D-printed weapons do not need to be "endurance"-reliable. 3D-printed weapons would need to WORK in the first two or three rounds. Period.
The Danao firearms have the same design ethos as the American "Liberator FP45" and "Deer Hunter" pistols. Those weapons were designed to the user to acquire a proper weapon. Very much a "use it and the survivor gets to keep the good gun" approach for desparate times.
Links:
https://www.thingiverse.com/thing:3060548
https://www.thingiverse.com/thing:3081128
Thanks to "Mussy" @ Thingiverse for the models and write up. NOTE - These 3D models are stage prop / replica models. Firing the originals would be risky for the user - firing a copy would almost certainly be a life-changing event.
I doubt they print reliable rocket parts using an Ender, or maybe they do as one was seen in NASA
On a consumer grade FDM/FFM (Fused Deposition Modelling/Fused Filament Fabrication - only prints plastics), like the Enders pictured in the AG Shapiro article, you aren't going to be able to print things like usable barrels, though you certainly can print some parts and moulds.
If you go professional then your choices of materials go up, but so does the expense - from $200/400 for typical Ender to many thousands/10 of thousands
TFA says "components". From what I recall when this issue came round previously it some components were strictly controlled by weapons legislation and some weren't and the printers were being used to make the controlled components.
As to competent machine shops making weapons, back in the troubles it was reported a few technicians working in a shop in the basement of a QUB building had been discovered making sub-machine guns - Sterling replicas IIRC.
There were also home-made mortars in use back then. I've seen a few which had been seized and some of them and some of those had failed with strips of barrel peeled back from the muzzle end rather like a banana skin. I don't know whether their operators had been standing close enough to collect their Darwin awards.
Gun control: "Guns kill people, I don't want to die so lets get rid of guns"
Gun owners: "Stop trying to take away my protection, I don't want to die"
Law enforcement: "I just need to make my ticket quota, please don't shoot me"
Politicians: "Let's keep both side divided and we will have a job for life"
Media: "Lets highlight only the extremes on both sides and we can sell anything"
Me: "A 400lb Non-radioactive wild hogs can kill people to. They are covered in mud, so it requires a high caliber rifle to stop them and if you are not a good shot, you better have a high capacity magazine."
I will not print or shoot a printed gun. Just too dangerous. If we can just stop the Politicians and Media from dividing us, we might be able to find a solution that will make us all safe.
If we can just stop the Politicians and Media from dividing us
One of the major problems eroding capitalism based nations, is that good government does not make good headlines.
Competent management does not generate scandal and exposure, so the media empires have a direct interest in not encouraging it. They actually promote a narrative where the media is protecting us from the evil government...
But actually, the corruption and incompetence is fostered and supported by the media empires themselves, to ensure a fruitful harvest of juicy stories now and down the line.
I am not saying politicians would be angels if they weren't in this environment, but the ones who might be decent are going to have a harder time progressing their career.
Look at Murdoch and the Australian Liberals, he keeps them in power, and they provide an endless supply of fuckups and idiocy... Win/Win (everyone else... lose)
Looks like they are keeping an old joke alive..
as in IoT, Where the 'S' is for security..
now, even though the full title contains 'Secure', 'ioXt' can still say the "s' is for security...
Its actually a bit too self aware and self deprecating to be credible as a silicon valley thing, so it was probably a cool suggestion offered by some subversive tech head..
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
