Skip to content

Firewalls

Trump: Blame the Computers not Russia

Trump: “I think we ought to get on with our lives. I think that computers have complicated lives very greatly. The whole age of computer has made it where nobody knows exactly what is going on. We have speed, we have a lot of other things, but I’m not sure we have the kind the security we need,” Trump said according to press pool report. He was at the Mar-a-Lago resort at the time of making the statement.” Source

Actually, I agree with Trump on this. We do not have the security we need. More fundamental to that, we do not have a mindset that puts computer security first. We bolt the front door and secure our physical premises with 24/7 monitoring services, yet we leave the barn door wide open for our online presence be it email, social media, browsing and shopping.

Privacy and security is an option when in fact it should come first. Imagine if the internet was built from the ground up with privacy and security as the foundation layer? That would mean no web bugs, tracking cookies, targeted advertising, privacy statements like Netflix’s (for example) that say, let me rape you and sell my experience and if you do not agree, your option is to cancel your subscription.

And home router manufacturers that make appliances so easily hacked it is a joke. And Microsoft windows that to this day facilitates users running with administrator privileges in everyday use. And the IoT – internet of things that have little if any security. And the mindset of the average consumer the allows Amazon’s Alexa into their home. Completely secure, right? Yeah sure, Why then, I ask, did this happen: “Amazon had been served with a search warrant in a murder case, as detectives in Bentonville, Ark., want to know what Alexa heard in the early morning hours of Nov. 22, 2015 — when Victor Collins was found dead in a hot tub behind a home after an Arkansas Razorbacks football game. (Read more) Come on! Lock the door, arm yourself to the teeth, **but** let a device with 7 microphones listening to every sound in your house connected to ?? and easily hacked by ?? (you’ll never know!). By the way, the same goes with Siri and Google voice on your smart phones.

Don’t blame the Russians, blame yourself. Yes, the mindset needs to change indeed.

Happy New Year.

Fortigate Back Door

Quote

Fortinet has admitted that many more of its networking boxes have the SSH backdoor that was found hardcoded into FortiOS – with FortiSwitch, FortiAnalyzer and FortiCache all vulnerable…..”Following the recent SSH issue, Fortinet’s Product Security Incident Response team, in coordination with our engineering and QA teams, undertook an additional review of all of our Fortinet products,” said the company in a blog post.

“During this review we discovered the same vulnerability issue on some versions of FortiSwitch, FortiAnalyzer and FortiCache. These versions have the same management authentication issue that was disclosed in legacy versions of FortiOS.”

Now the risk list includes FortiAnalyzer versions 5.0.5 to 5.0.11 and 5.2.0 to 5.2.4, FortiSwitch versions 3.3.0 to 3.3.2, FortiCache 3.0.0 to 3.0.7 (but branch 3.1 is not affected) along with gear running FortiOS 4.1.0 to 4.1.10, 4.2.0 to 4.2.15, 4.3.0 to 4.3.16, and the builds 5.0.0 to 5.0.7.

In all cases, the problem can be sorted by updating to the latest firmware builds. Don’t delay – hackers are closing in on the backdoor management authentication issue.

“Looking at our collected SSH data, we’ve seen an increase in scanning for those devices in the days since the revelation of the vulnerability,” said Jim Clausing, a mentor with the SANS Institute.

“Nearly all of this scanning has come from two IPs in China (124.160.116.194 and 183.131.19.18). So if you haven’t already applied patches and put ACLs/firewall rules in front of these devices limiting access to ssh from only specific management IPs, you have probably already been scanned and possibly pwned.”

Comcast (monopolist) using browser injection Upsell New Modems

quote

We already know that Comcast can — and does — inject alerts into users’ web browsers to alert them to potential copyright infringement, but the nation’s largest Internet provider can also use this ability to interrupt your enjoyment of the web in order to remind you to upgrade your modem.

Consumerist reader and Comcast customer “BB” says that the cable company upgraded the network in his area in recent months, and has been writing and calling him regularly about upgrading his modem ever since.

“For months we received multiple letters in the mail, explaining how we were missing out on the great new capabilities of their network,” writes BB. “This eventually escalated to repeated phone calls from Comcast, stating that we should really upgrade our modem.”
Thing is, BB owns the modem he uses and he’s experienced no problems with service or speeds since the network upgrade. He’d rather not spend money on a new modem — or pay Comcast too much to rent one from the company — when what he has is working just fine.

And BB is not some minor Internet user with an ancient desktop computer that he only uses to check email once a week. In fact, he’s a software developer living — like many of us — in a home with multiple web-connected devices.

“We stream Netflix and YouTube and our Internet speed is great for everything we need,” he writes. “Why should I spend the money?” ….“Now they’ve moved to more aggressive measures to try to get me to upgrade,” writes BB. “The other day as I was browsing the web on my phone, on my home WiFi, I got a pop-up notice while browsing on wired.com.” (see screenshot above)

In big red letters, the notice alerts BB that there is some “Action Needed” on his service.

It reads:
“Our records indicate that the cable modem, which you currently use for your XFINITY Internet service, may not be able to receive the full range of our speeds. To ensure you’re receiving the full benefits of your XFINITY Internet service, please replace your cable modem.”

Use HTTPS and change your DNS to a non Comcast DNS. Above all, do not use any Comcast firewall/routers as they are cheap, insecure and feature COmcast’s ability to turn your paid for internet connection into a public wifi access point which they on-sell to others at your expense. That should be disabled.

Comcast is an example of what is wrong in the country. In many markets it acts and is a monopolist. It is time to separate content delivery from transmission and end the monopoly and duopoly market conditions.

Comcast resets 200k cleartext passwords,

Quote

Zimbra mail server exploit claimed as source of dump

A hacker has tried to sell 200,000 valid cleartext Comcast credentials he claims he stole in 2013 from the telco’s then-vulnerable mailserver.

The telco has reset passwords for the affected accounts after news surfaced of the credentials being sold on the Python Market hidden marketplace.

Of the total pool of 590,000 accounts for sale for US$1,000, the company says around a third were accurate.

It told the Chicago Tribune the data was probably obtained through phishing, malware, or a breach of a third party site.

But the hacker responsible for the selling of the credentials, known as Orion, told Vulture South he obtained the credentials when he popped a Comcast mail server in December 2013.

He said the breach yielded 800,000 Comcast credentials of which 590,000 contained cleartext passwords.

Comcast has been contacted for comment.

“So in 2013 December the f****s at NullCrew came across an exploit for Zimbra which Comcast used at this domain *****.comcast.net ,” Orion says.

“NullCrew only got [about] 27k emails with no passwords lol while I got 800k with only 590k users with plaintext passwords.”

I do not whether to laugh or cry at all the businesses that think they are secure using the likes of Comcast and Verizon email. What is even worse is the firewalls these outfits provide. They are as bad as no firewall at all.