* Posts by Diogenes8080

137 publicly visible posts • joined 7 Jul 2020

Page:

Disney kicks Slack to the curb, looks to Microsoft Teams for a happily ever after

Diogenes8080

Re: Teams is fine

"Tha's all I got for ye. Go away now."

Admins wonder if the cloud was such a good idea after all

Diogenes8080

Re: "Why didn't anyone ask the admin*?"

If you were a cloud advocate, we were the enemy - a pure and simple sales obstruction.

Transport for London confirms cyberattack, assures us all is well

Diogenes8080

Reconnoitring

MX:tfl.gov.uk = sundry Forcepoint / Blackspider

SPF:tfl.gov.uk = ditto, their own ASN, a host associated with training, some miscellaneous Rackspace and Exchange Online.

I think we can guess what's happened.

What a coincidence. Spyware makers, Russia's Cozy Bear seem to share same exploits

Diogenes8080

Lyudi Smayli

I have always maintained that at the individual level, the barrier between APT "Bears" and financially motivated "Spiders" is far more porous than many give credit for.

So if you are not locked up in a warm hut in Siberia with all the hardware and bandwidth you can eat (as opposed to being thrown into some brutal tuberculosis-raddled hell-hole) then there is nothing to stop you from engaging in some "private enterprise" in whatever free time you are granted. And if you are in the game, you know where the commercial players are advertising and that they pay well.

Naturally we see tactics and methods transferred between the two groups.

France charges Telegram CEO with multiple crimes

Diogenes8080

Re: "It looks like he didn't comply"

Lift capacity is one thing and CEP is another. Without soft landing, could SpaceX hit the 8th arrondissement?

Would the current inhabitants of the White House be that upset if the force de frappe double-glazed Texas in response?

Microsoft security tools questioned for treating employees as threats

Diogenes8080

Balancing act

No, the resolution of the conflict between privacy and employer interest is well established. The automatics do the checking for you, and if they say there is something wrong then you have due cause to go checking for yourself. If you can see that there is definitely something bad, that gets referred to management / HR.

Diogenes8080

Re: Bosses and 'mangle-ment'

I'm on my fifth proxy technology and have never been asked to exempt any tier of management from the governance applied to other staff. Some might have more access rights, but the logging is the same. On average, we spend more time worrying about senior management and sysadmins because there is scope for worse trouble if they are breached or go rogue.

Microsoft sends Windows Control Panel to tech graveyard

Diogenes8080

Raise

I see your short-specified Vista install and raise you Windows 98 SE with Active Desktop actively disintegrating.

Choose Your Own Adventure with Microsoft 365

Diogenes8080

You feed your budget to a grue.

It is still hungry.

UK tech pioneer Mike Lynch dead at 59

Diogenes8080

Contrariwise

Is it not a very strange and inexplicable coincidence that a waterspout should turn up just as there were sinister plots afoot to sink the boat ?

I'm assuming that we have incontrovertible evidence that there was a waterspout, and that beyond a little cloud seeding weather control remains firmly in the field of science fiction.

Is Lenovo a blind spot in US anti-China security measures?

Diogenes8080

Promise you won't smell no...

ITYM https://www.theregister.com/2015/02/19/superfish_lenovo_spyware/

That was for teh adz. Lenovo customers worried about the PLA one day deciding to weaponize their interest in Lenovo should consider whether they really want Lenovo Vantage installing updates direct from Lenovo when and how it pleases.

And yes, that bloatware finds its way into commercial builds too.

ICANN reserves .internal for private use at the DNS level

Diogenes8080

Re: "it is not certain setting aside .internal will improve anything"

It prevents any number of Onanists from registering it as a spurious public top-level domain with a compliant ICANN in order to extort money from those who already use it.

I assume that the usual suspects tried it on but ended up on an oompa-loompa hit squad. "It's not chocolate in that glass pipe!"

UK health services call-handling vendor faces $7.7M fine over 2022 ransomware attack

Diogenes8080

Re: Justice to come?

Also consider that after 2 years we have only arrived at the "You can start to argue the fine down" stage. By the time any penalty finally hits the Advanced books, the original directors / managers responsible for the operational state of affairs there will have moved on.

"A murderer was captured this morning and tried today. Tune in for the execution at six tonight. All net, all channels. Would you like to know more?"

Sneaky SnakeKeylogger slithers into Windows inboxes to steal sensitive secrets

Diogenes8080

slipping monopoly

Beware of that equation shifting for MacOs given the probable higher reward of successfully phishing a Mac user. The iCloud platform has also become more of a target / enabler in recent years.

US sends cybercriminals back to Russia in prisoner swap that freed WSJ journo, others

Diogenes8080

Spaghetti

I hate to break it to you, but "thievocracy" is a mash of Old English "theof" and Greek "kratos", the root words having drifted somewhat for modern usage. Either go with "government of thieves" or kleptocracy, which is perfectly well understood even by those who only know a few Greek loan words.

"Thievocracy" sounds like the product of a rather dim and guilt-ridden academic. It jars.

Ransomware infection cuts off blood supply to 250+ hospitals

Diogenes8080

Out of the generosity of their hearts?

Anyone able to explain to me what a not-for-profit is doing in a key point in the supply chain to the highly commercialised US healthcare sector?

Proofpoint phishing palaver plagues millions with 'perfectly spoofed' emails from IBM, Nike, Disney, others

Diogenes8080

Re: Insecure by default

That's a non sequitur. You invite discussion of acceptable content, but this scandal involved an egregious failure of message authentication.

Proof: if plain text was the only acceptable medium then organizations would communicate in that format (anyone remember telex?). These spoofs would still appear perfect in that format, and any client code that added a security preamble to the message would show that it had passed authentication checks. Transfer the funds, Ms Heisselippen!

Text-based attempts to commence BEC are still very commonplace. The plainer ones stand out because a colossal quantity of dross is accepted and even expected in messages, but level the field and they would remain perfectly effective.

I must admit that I had noticed this flow, deduced that the senders were M365 tenants and had assumed simple account breaches. For many, I doubt that the actual cause makes much difference.

DigiCert gives unlucky folks 24 hours to replace doomed certificates after code blunder

Diogenes8080

You have 20 seconds to comply

I had assumed that the real reason for swift compliance was that Google will throw them out of the marketplace at the first opportunity.

CrowdStrike blames a test software bug for that giant global mess it made

Diogenes8080

Re: It worked on my machine!

No, that plays to the Microsoft canard of blaming an open market for security software for the catastrophe. That is in turn a not-so-subtle return the position where MS grant themselves monopoly privileges when writing new software (because only they have complete access to the system APIs). We were arguing that one in the mid-90s.

I would point out that no Crowdstrike customer was deceived into installing the software, and I would expect that all of them fully accepted that they were granting significant system trust to Falcon. What no-one expected was the shocking lack of software quality that allowed a poorly written _data_ update to crash the software and the machines it ran on. Blaming an automatic content validation tool is no excuse; that approach would not prevent an attack by poisoning the data files after validation.

Crowdstrike need to fix that flaw before I would trust Falcon on my kit.

Forget security – Google's reCAPTCHA v2 is exploiting users for profit

Diogenes8080

Re: Just say no

He jesteth not.

The joke being that if your root file system needs fsck, it probably is.

CrowdStrike file update bricks Windows machines around the world

Diogenes8080

Re: Related?

Server options like iDrac, ILO et al exist for a reason.

For the humble workstation - you have various Intel vulnerabilities.

Once you have access to the crashed system, I understand that a simple wildcard delete and restart cures all. Am not a MobPunt customer so cannot confirm.

Diogenes8080

Re: Related?

Been there. Did that. Have the vendor T-shirt.

Strangely enough, they now have an arrangement whereby the clueful can designate a test group and release the software to that before deciding to release it to the entire estate.

Others say "we only deploy $newstuff to 10% of your estate" (so only 10% is fscked, and hopefully that does not include both of your solitary pair of DCs). Scream loudly enough and the other 90% shall be saved.

Qilin: We knew our Synnovis attack would cause a healthcare crisis at London hospitals

Diogenes8080

Re: Simply criminals

Assuming a fairly fluid boundary between financially-motivated and state-sponsored groups, this would allow them to accumulate brownie points with those providing the "krisha", or possibly with the frothing loon activists if there's normally little love lost there.

We need a volunteer to literally crawl over broken glass to fix this network

Diogenes8080

Re: my message to Your "oncall@register" has triggered your junk email

I remember when even in Outhouse Express (I am setting the bar pretty low here) ROT-13 was only quick mouse-click away.

Diogenes8080

Re: "I literally crawled over broken glass for this company."

At least you were not required to fight another tech on the lily pad with stripped network cable ends, dodging broken glass scattered on the surface of the pad itself whilst it rolled unpredictably around the exhibit.

What do Europeans, Americans and Australians have in common? Scammed $50M by fake e-stores

Diogenes8080

Re: Are the deleted posts in the room with us now?

The resale by registrars of established lapsed domain names with no more diligence than they apply to entirely new registrations really ought to be a crime. It certainly invites one.

Patch up – 4 critical bugs in ArubaOS lead to remote code execution

Diogenes8080

Re: No idea what ArubaOS is[1]

It's Heaving Packhorse - have a look at the logo on your wireless access points and in your patch cabinets. If you see the word "Aruba", start asking questions.

Original item here for those hitting dud links elsewhere:

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04640en_us&docLocale=en_US

Which is little more than the TXT for ARUBA-PSA-2024-004 but slightly easier reading.

BOFH: Smells like Teams spirit

Diogenes8080

Au contraire - I suspect that "yes" was not the answer they were looking for.

Your trainee just took down our business and has no idea how or why

Diogenes8080

I believe that a hasty attempt to reverse an inadvertent power-down was what caused The Great Fire of Hounslow whereby British Airway's global booking system irretrievably desynchronised itself.

Was that the 2017 event or am I thinking of another occasion?

Prolific phishing-made-easy emporium LabHost knocked offline in cyber-cop op

Diogenes8080

Re: Good but...

Take-downs put a temporary stop on fraud, but unless the right people are arrested, remanded and face a sufficient increase in sentencing unless they give up their backups the take-down will only last until a new host is found and a new name established. As LabHost is suspected of being a clone of a previous souk, it is possible that these sites are being run in series.

The news articles are all either light on technical information because of their natures or are coy about answering my question - exactly who is hosting this sort of thing? The US DoJ article is a little more forthcoming:

https://www.justice.gov/usao-wdpa/pr/justice-department-seizes-four-web-domains-used-create-over-40000-spoofed-websites-and

The only real answer is to shift part of the liability back to these hosts and registrars, something they would be resolutely against even when investigation shows a complete lack of diligence by them when accepting the business. For a more spiritually uplifting tale for a Friday, read this crimp in Freenom activity:

https://www.spamhaus.com/resource-center/troubles-in-tokelau-malfeasance-in-mali-whats-happening-with-freenom/ (2023)

I never, ever thought I would cheer on Facebook, but go Zuck!

JetBrains is still mad at Rapid7 for the ransomware attacks on its customers

Diogenes8080

Re: Ranty-rant

That might have been wiser to exclude, though we also use the existence of a working proof-of-concept in assessing how immediate a threat is. If you are going to trust a security vendor, you may as well trust their assertion "We have seen and tested a POC but are not publishing it in order to prevent exploitation".

Diogenes8080

Re: Ranty-rant

Rapid7's responsibility is to its customers to inform them of vulnerabilities. Everyone else can be thankful that the information is at least partly available publicly rather than behind a paywall. As a member of the public, assume that you will be the last one informed - the tester of varied hat colour who found the vulnerability knows about it, the agency he sold it to knows about it, the original publisher who may or may not have paid a bug bounty knows about it, and other testers may have found it. There are many chances for a vulnerability to escape before it goes public, and those risks cannot be negated.

Even if Rapid7 had quietly added the vulnerability to their database just for their customers, that would have widened the chances of escape via an attentive customer. Disclosure is the only way.

In that context, trying to quietly plaster over a vulnerability is really not on.

Ransomware payment rates drop to new low – now 'only 29% of victims' fork over cash

Diogenes8080

Values

1) it's progress.

2) it's still a lot of money incentivising bad guys to do bad stuff.

Congress told how Chinese goons plan to incite 'societal chaos' in the US

Diogenes8080

Re: IoShite.

Obligatory XKCD reference https://xkcd.com/1966/

How not to write about network security – and I'm speaking from experience

Diogenes8080

Not to blame all founding fathers

Yes, a lot of internet protocols are horribly open. Read any account of the early days and you will soon appreciate that the internet is a far bigger thing than they expected.

The real question is why nothing effective has been done since then to address the problem for the vast majority of users. It's been over 30 years since Eternal September started - that's longer than the time between the birth of the internet and that catastrophic date. Why not? Because those who opened that dreadful door have always resisted taking any liability for their actions, and continue to lobby so to this day.

Diogenes8080

Re: I would really like a good book on network security

Not sure it would be practical to publish in dead tree format on a subject that changes every second Tuesday of the month.

Diogenes8080

Wrong

That is offensive security - you will master a number of techniques, but unless you study how to run a methodical pen test you will not know about security.

Defensive security involves knowing the complete map of vulnerabilities and how you can intercept or interfere with attacks en masse at every step of the chain.

What Microsoft's latest email breach says about this IT security heavyweight

Diogenes8080

Incompetent or overly siloed?

The horrifying thing here is how a compromise of a non-product test tenant account can turn into access to "senior leadership" accounts in Microsoft's own tenancy. The best case (which is still fairly damning) is that this "test tenant" was testing some sort of internal super-partner access for licence auditing or something similar. Unforgivable that it was not on MFA and left open after it was no longer needed.

Exploit for under-siege SharePoint vuln reportedly in hands of ransomware crew

Diogenes8080

The weakest link

There seems to be some confusion between SharePoint Server and SharePoint Online here. Whilst they do not appear in lockstep, I see vulnerabilities announced for SharePoint Server almost as frequently as Exchange Server. Neither should be exposed directly to the internet. SharePoint Online is only available on the internet. The problem there is exposing your SharePoint Online users to the internet...

Can solar power be beamed down from space? Yes. Is it commercially viable? Not yet

Diogenes8080

Re: So just crank up the power until it is harmful.

The satellites presumably have rockets for occasional orbital correction. Use those to aim a number of satellites at the same spot. Instant barbie!

Former Post Office boss returns CBE to sender over computer system scandal

Diogenes8080

I don't know if there were also many smaller debts that were paid, but in the headline cases many of the victims were unable to pay and were bankrupted by the accusations. The PO would have still claimed those imaginary losses in their accounts, so the HMRC has been defrauded too.

Infostealer malware, weak password leaves Orange Spain RIPE for plucking

Diogenes8080

Not limited

So if "Snow" had chosen to redirect a whole collection of announcements for high-traffic Orange networks on to one specific customer, the effect would have been trivial?

Considering previous BGP whoopsies, I think not. In fact, is there a correlation between the MFA implementation date for ARIN and an apparently inadvertent attempt to route a large part of the US eastern seaboard through an obscure southern US steelworks or lumber yard?

Cybercrooks book a stay in hotel email inboxes to trick staff into spilling credentials

Diogenes8080

Public file sharers

Precisely, and it's not just Giggle; your collective correspondent base is going to want to use every sharing service out there, and some of the dodgier encrypted mail providers too.

Diogenes8080

Re: Solution - not commercially practical

Even the pointy-haired ones can see that's a silly idea that is still exploitable.

1) text based bogus writ threats will still get through

2) socially engineer the recipient to reassemble the link - which is a variation of these password-protected droppers that are making a comeback.

'The computer was sitting in a puddle of mud, with water up to the motherboard'

Diogenes8080

Gross

Did not happen at our shop, but I heard from a TPM that accidentally spilling milk into a keyboard tray and then leaving the keyboard in the "hardware in" pile in a warm IT office over the seasonal holiday period results in a fairly awful pong.

You get a Copilot, and you get a Copilot – Microsoft now the Copilot company

Diogenes8080

Pan-galactic AI

Try a slice of lemon wrapped around a half-brick.

Microsoft introduces AI meddling to your files with Copilot in OneDrive

Diogenes8080

Obligatory full frontal nerdity

http://ffn.nodwick.com/?p=1782

Please note that this was written before the acquisition of Twitter, etc.

Singapore may split liability for phishing losses between banks and victims

Diogenes8080

RTFA

Some commentators appear to have missed one of the points - the Singaporean paper is saying that the banks do not pick up liability if they have not practiced fsckwittery.

That rather limits their scope for communication, since many of the available media are inherently fsckwitted for financial communication. A PSTN that is open to spoofing? SIMs that can be 'jacked by spinning a tale at the local carrier retail outlet? Active collusion by corrupt staff at any point in the over-extended outsourcing chain? Secret Q&A in an era of criminal e-pending? FFS, that's worse that a moderately weak password.

There are secure means of consumer communication. The banks know them and many of us know them. We simply need an ombudsman that knows them, but that might be too big an ask.

Page: