Skip to content

IT News

Fortigate Back Door

Quote

Fortinet has admitted that many more of its networking boxes have the SSH backdoor that was found hardcoded into FortiOS – with FortiSwitch, FortiAnalyzer and FortiCache all vulnerable…..”Following the recent SSH issue, Fortinet’s Product Security Incident Response team, in coordination with our engineering and QA teams, undertook an additional review of all of our Fortinet products,” said the company in a blog post.

“During this review we discovered the same vulnerability issue on some versions of FortiSwitch, FortiAnalyzer and FortiCache. These versions have the same management authentication issue that was disclosed in legacy versions of FortiOS.”

Now the risk list includes FortiAnalyzer versions 5.0.5 to 5.0.11 and 5.2.0 to 5.2.4, FortiSwitch versions 3.3.0 to 3.3.2, FortiCache 3.0.0 to 3.0.7 (but branch 3.1 is not affected) along with gear running FortiOS 4.1.0 to 4.1.10, 4.2.0 to 4.2.15, 4.3.0 to 4.3.16, and the builds 5.0.0 to 5.0.7.

In all cases, the problem can be sorted by updating to the latest firmware builds. Don’t delay – hackers are closing in on the backdoor management authentication issue.

“Looking at our collected SSH data, we’ve seen an increase in scanning for those devices in the days since the revelation of the vulnerability,” said Jim Clausing, a mentor with the SANS Institute.

“Nearly all of this scanning has come from two IPs in China (124.160.116.194 and 183.131.19.18). So if you haven’t already applied patches and put ACLs/firewall rules in front of these devices limiting access to ssh from only specific management IPs, you have probably already been scanned and possibly pwned.”

Comcast (monopolist) using browser injection Upsell New Modems

quote

We already know that Comcast can — and does — inject alerts into users’ web browsers to alert them to potential copyright infringement, but the nation’s largest Internet provider can also use this ability to interrupt your enjoyment of the web in order to remind you to upgrade your modem.

Consumerist reader and Comcast customer “BB” says that the cable company upgraded the network in his area in recent months, and has been writing and calling him regularly about upgrading his modem ever since.

“For months we received multiple letters in the mail, explaining how we were missing out on the great new capabilities of their network,” writes BB. “This eventually escalated to repeated phone calls from Comcast, stating that we should really upgrade our modem.”
Thing is, BB owns the modem he uses and he’s experienced no problems with service or speeds since the network upgrade. He’d rather not spend money on a new modem — or pay Comcast too much to rent one from the company — when what he has is working just fine.

And BB is not some minor Internet user with an ancient desktop computer that he only uses to check email once a week. In fact, he’s a software developer living — like many of us — in a home with multiple web-connected devices.

“We stream Netflix and YouTube and our Internet speed is great for everything we need,” he writes. “Why should I spend the money?” ….“Now they’ve moved to more aggressive measures to try to get me to upgrade,” writes BB. “The other day as I was browsing the web on my phone, on my home WiFi, I got a pop-up notice while browsing on wired.com.” (see screenshot above)

In big red letters, the notice alerts BB that there is some “Action Needed” on his service.

It reads:
“Our records indicate that the cable modem, which you currently use for your XFINITY Internet service, may not be able to receive the full range of our speeds. To ensure you’re receiving the full benefits of your XFINITY Internet service, please replace your cable modem.”

Use HTTPS and change your DNS to a non Comcast DNS. Above all, do not use any Comcast firewall/routers as they are cheap, insecure and feature COmcast’s ability to turn your paid for internet connection into a public wifi access point which they on-sell to others at your expense. That should be disabled.

Comcast is an example of what is wrong in the country. In many markets it acts and is a monopolist. It is time to separate content delivery from transmission and end the monopoly and duopoly market conditions.

Comcast’s Xfinity home alarms can be disabled by wireless jammers

Comcast-security

If you trust your ISP to provide Network and Physical Security, you have a fool for an adviser

Quote

Some intruders no longer need to come in through the kitchen window. Instead, they can waltz right in through the front door, even when a home is protected by an internet-connected alarm system. A vulnerability in Comcast’s Xfinity Home Security System could allow attackers to open protected doors and windows without triggering alarms, researchers with cybersecurity firm Rapid7 wrote in a blog post today.

The security bug relates back to the way in which the system’s sensors communicate with their home base station. Comcast’s system uses the popular ZigBee protocol, but doesn’t maintain the proper checks and balances, allowing a given sensor to go minutes or even hours without checking in. The biggest hurdle in exploiting the vulnerability is finding or building a radio jammer, which are illegal under federal law. Attackers can also circumvent alarms with a software-based de-authentication attack on the ZigBee protocol itself, although that method requires more expertise. Attackers would also need to know a house was using the Xfinity system before attempting to break in, a major hurdle in exploiting the finding.

“The sensor had no memory of the break-in happening”

To prove his findings, Rapid7 researcher Phil Bosco simulated a radio jamming attack on one of his system’s armed window sensors. While jamming the sensor’s signal, he opened a monitored window. The sensor said it was armed, but it failed to detect anything out of the ordinary. But perhaps even more worrisome than the active intrusion itself is that the sensor had no memory of it happening and took anywhere from several minutes to three hours to come back online and reestablish communication with its home base.

Firefox finally comes to iOS

Quote

At long last, Firefox has come to iOS. Rather unusually, this is the first version of the Firefox browser that does not use the Gecko layout engine, instead using iOS’s built-in WebKit-based layout engine. …..There are two big reasons that you might want to use Firefox for iOS: you’re a Firefox user on your desktop PC and want to avail yourself of synchronised bookmark and tab histories; or you buy into the idea that Mozilla is a better and safer shepherd of your Web surfing experience.

Wi-Fi blocking at hotels and convention centers

Quote

The Federal Communications Commission yesterday issued proposed fines against two companies in its latest actions against Wi-Fi blocking at hotels and convention centers.

Each company has been accused of blocking personal Wi-Fi hotspots that let consumers share mobile data access with other devices such as laptops and tablets. Hilton and M.C. Dean must pay the fines within 30 days or file written statements seeking reduction or cancellation of the penalties. We’ve contacted both Hilton and M.C. Dean this morning but have not heard back.
..
The FCC last year received a complaint against a Hilton hotel in Anaheim, California that the company “blocked Wi-Fi access for visitors at the venue unless they paid a $500 fee.” More complaints against other Hilton properties followed, and in November 2014, the FCC issued Hilton a letter of inquiry seeking information about its Wi-Fi management practices at various Hilton-owned hotel chains.

“After nearly one year, Hilton has failed to provide the requested information for the vast majority of its properties. Hilton operates several brands, including Hilton, Conrad, DoubleTree, Embassy Suites, and Waldorf Astoria properties,” the FCC said. Hilton’s response “contained corporate policy documents pertaining only generally to wireless management practices (which did not discuss Wi-Fi blocking) and provided Wi-Fi management records pertaining only to the single Hilton-brand property named in the complaint,” the FCC said in a Notice of Apparent Liability.
..
Hilton did not provide information or documents regarding its other properties. The company “stated that providing the omitted material ‘would be oppressive and unduly burdensome,’ and questioned the Bureau’s authority to investigate potential Wi-Fi blocking at other Hilton-brand properties,” according to the FCC.

In addition to the fine, the FCC ordered Hilton to file full responses to all of its previous requests for information.

M.C. Dean is the exclusive Wi-Fi provider at the Baltimore Convention Center and “charges exhibitors and visitors as much as $1,095 per event for Wi-Fi access,” the FCC said.

The FCC last year received a complaint that M.C. Dean was blocking personal hotspots, and it sent Enforcement Bureau field agents to the venue “on multiple occasions and confirmed that Wi-Fi blocking activity was taking place,” the commission said.

“During the investigation, M.C. Dean revealed that it used the ‘Auto Block Mode’ on its Wi-Fi system to block consumer-created Wi-Fi hotspots at the venue. The Wi-Fi system’s manual describes this mode as ‘shoot first, and ask questions later.’ M.C. Dean’s Wi-Fi blocking activity also appears to have blocked Wi-Fi hotspots located outside of the venue, including passing vehicles,” the FCC said.

What charming corporate citizens.