Parameter's recent activity

  1. Friday Security Briefing

    Friday Security Briefing Hello there! I hope you're all looking forward to something this weekend. Today's briefing will cover a captivating tale of scheming against financial centers, woes of...

    Friday Security Briefing

    Hello there! I hope you're all looking forward to something this weekend. Today's briefing will cover a captivating tale of scheming against financial centers, woes of virtual networking, and the possibility of Russia behaving quite unnecessarily.

    "Listen, or your tongue will make you deaf." ~ Unattributed proverb


    Wall Street targeted by new Capital Call investment email scammers

    The tactic of exploiting enterprise email systems remains a successful and active attack vector for bad actors. The emerging development is the use of "capital call" style scam, wherein scammers pretend to have investor or insurance business with the business.

    "In an example shared by the researchers, the scam email attached a Capital Call Notice for US $970,357.00 to be deposited into a bank account under the fraudsters’ control."

    "If the targeted investor was duped into wiring the funds, then it is likely that money would be quickly moved into other accounts and withdrawn by mules to prevent the payment from being returned to the victim."

    The flexibility that cryptocurrencies provide to discreetly rearrange money may actually be disadvantageous for banks in certain situations.

    Source: Tripwire, Wall Street targeted by new Capital Call investment email scammers



    High severity Linux network security holes found, fixed

    (CVE-2021-26708) Alexander Popov of London has discovered five security holes in the Linux kernel's virtual socket implementation. This is concerning, my personal use of virtual networking systems could be a lot more thought out. I do tend to keep my use of libvirt to a minimum but ideally I would be running my virtualization workstation on a separate box optimized for safe practices.

    "These holes entered Linux when virtual socket multi-transport support was added. This networking transport facilitates communication between virtual machines (VM) and their host. It's commonly used by guest agents and hypervisor services that need a communications channel that is independent of the VM network configuration. As such, people who are running VMs on the cloud, which is pretty much everyone these days, are especially vulnerable."

    Source: ZDNet, High severity Linux network security holes found, fixed



    Ukraine: DDoS attacks on govt sites originated from Russia

    Ukraine is proposing that information on the threat actors responsible for a DDoS on Ukrainian government websites originated from Russian domains.

    However, they did not claim that the threat actors were affiliated with the Russian state.

    I am curious about the motivations if this was sanctioned by Russia. Are they testing their capabilities against a softer target in order to learn from the European and American Cyber-Defense response? Perhaps this was a way for Russia to demonstrate it's competency at cyber warfare.

    "The National Coordination Center for Cybersecurity (NCCC) at the NSDC states that these DDoS attacks have been massive and have targeted government websites in the defense and security sector."

    Possible retaliation?

    "Last week, news leaked that Ukrainian law enforcement, in cooperation with the US and French police, arrested alleged Egregor ransomware operation members.

    Three days later, the Security Service of Ukraine (SBU) issued a press release about the Egregor arrests and seizing the ransomware group's equipment."

    Source: Bleeping Computer, Ukraine: DDoS attacks on govt sites originated from Russia


    8 votes
  2. Comment on New Spotify patent involves monitoring users’ speech to recommend music in ~tech

    Parameter
    Link
    I don't understand how this technology could benefit Spotify's users. But I definitely understand how this could benefit Spotify. I wonder what the implications would be for a system that plays...

    I don't understand how this technology could benefit Spotify's users. But I definitely understand how this could benefit Spotify.

    I wonder what the implications would be for a system that plays 'random' music for you while monitoring your camera and microphone to gauge your reaction then applies an AI system to parse out useful data.

    I feel like I would actually give that a try and be 100x more comfortable (assuming you could turn the feature off) with versus what this article is describing.

    3 votes
  3. Comment on Facebook bans Trump "indefinitely" with Mark Zuckerberg explaining that "the risks of allowing the President to continue to use our service... are simply too great" in ~tech

    Parameter
    Link Parent
    Another perspective; you can and that's exactly what has caused this to happen. I've observed that much of the support the president has receives seems to be related to a sense of indignation over...

    You cannot embarrass the cult members they have bought in.

    Another perspective; you can and that's exactly what has caused this to happen.

    I've observed that much of the support the president has receives seems to be related to a sense of indignation over lack of influence and embarrassment stemming from having to support the worst principals and behaviors represented by President Trump. This effect has been compounding for a while, clearly.

    The "rural" social experience and resulting perspective involve a deep respect for neighbors, family, and community. When any of those is "attacked" the instinctual response is to stand up for the group and reject the offending information.

    4 votes
  4. Comment on Need suggestions for server email tutorial in ~tech

    Parameter
    Link
    I've thought of doing something like this because it seems like it would be useful but I've never needed it alongside the fact that email server stuff seems slightly intimidating to me. But you're...

    I've thought of doing something like this because it seems like it would be useful but I've never needed it alongside the fact that email server stuff seems slightly intimidating to me. But you're causing me to take another look, I'll list what I'm seeing below...

    Can I ask what your requirements are for this server?

    • Does it need to communicate with other 3rd party services? Or is all the mail traffic local restricted to your server or local network?
    • Will the server be handling information that is sensitive in any way?
    • Is the primary use for actual email or for facilitating communication between technical components? (I suppose you'd probably just use REST-API then)

    List of open source mail servers for linux/unix

    Honestly, nothing here looked promising. But a link in the comments led me to a Github project called
    postal. Postal seems to be fully featured and the docs are the best I've found so far.

    2 votes
  5. Comment on <deleted topic> in ~news

    Parameter
    Link
    I decided to get a subscription after listening to the call for a minute. I saw a fantastic profile of different newsletters? that were either important, good for me, or just interesting. I'm...

    I decided to get a subscription after listening to the call for a minute. I saw a fantastic profile of different newsletters? that were either important, good for me, or just interesting. I'm excited to see what's there but as well to be able to rely on competent people to keep me informed in a broader sense.

    I can only hope that the institution is willing to protect the asset of a deeply informed readership at a cost to business objectives and other inconveniences when possible.

    5 votes
  6. Comment on Saturday Security Brief in ~comp

    Parameter
    Link Parent
    Well, that's disturbing. Home routers are such a headache. My TP Link router behaving oddly a few months ago, scans showed exposed ports relating to the remote management backdoor, a few features...

    Well, that's disturbing. Home routers are such a headache.

    My TP Link router behaving oddly a few months ago, scans showed exposed ports relating to the remote management backdoor, a few features were broken, timezone issues.

    I was hoping it was legitimate and didn't pose a risk to my home network so I contacted TP Link, got moved up to senior support, and asked them to see if my device had been compromised. They looked into it and completely resolved the issues but communicated vaguely about the specifics. So I don't know if they removed a bad actor or just improved the security of their backdoor. Good either way, I suppose.

    4 votes
  7. Comment on Saturday Security Brief in ~comp

    Parameter
    Link Parent
    Thanks for reaching out! That makes me happy. Feel free to do so again if anything occurs to about the format and your experience with it that you to share.

    Thanks for reaching out! That makes me happy.

    Feel free to do so again if anything occurs to about the format and your experience with it that you to share.

  8. Comment on Sunday Security Brief in ~comp

    Parameter
    Link
    Advisories Debian, DSA-4824-1 chromium security update. Source Arch, CVE-2020-25637 libvirt. Source CentOS, CESA-2020-5437, Important CentOS 7 kernel. Source RedHat, RHSA-2020:5665, Important:...

    Advisories

    • Debian, DSA-4824-1 chromium security update. Source

    • Arch, CVE-2020-25637 libvirt. Source

    • CentOS, CESA-2020-5437, Important CentOS 7 kernel. Source

    • RedHat, RHSA-2020:5665, Important: mariadb:10.3 security, bug fix, and enhancement update. Source

    • Windows, any suggestions?

    3 votes
  9. Comment on Sunday Security Brief in ~comp

  10. Comment on Sunday Security Brief in ~comp

  11. Comment on Sunday Security Brief in ~comp

  12. Sunday Security Brief

    Sunday Security Brief This brief covered a unique attack vector, information on a broad campaign using DNS attacks, a case relating to technology law, and a few advisories that either stuck me as...

    Sunday Security Brief

    This brief covered a unique attack vector, information on a broad campaign using DNS attacks, a case relating to technology law, and a few advisories that either stuck me as important or curious.

    What happened last night can happen again ~ fortune


    Topics:

    • IDN Homograph Attack
    • A Deep Dive on DNS Hijacking Attacks
    • Law enforcement has seized the domains and infrastructure of three VPN services being used for cybercrime
    • Advisories

    IDN Homograph Attack

    This particular exploit is interesting. It takes advantage of the fact that many different characters look alike to mislead people from their desired domain to a malicious one. I wonder what practices could help avoid this issue. The obvious step is to be concious of limiting the links that you click on from websites like Tildes, Hacker News, Reddit, or where anywhere can share a link with you via text. For example, if you see a Reddit thread about PayPal where someone includes a link to the PayPal Customer Service Center... Don't click it, just Google "PayPal Customer Service". This will be far safer in ensuring that you're going to the domain that you meant to!

    Another thing to note is the importance of realizing how your trust online and how that changes your behavior. I know that I have a general sense of trust for people here that removes a lot of doubt when it comes to clicking random stuff you all share here. That trust could potentially work against you.

    "The internationalized domain name (IDN) homograph attack is a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike"

    "The registration of homographic domain names is akin to typosquatting ~ Wikipedia, in that both forms of attacks use a similar-looking name to a more established domain to fool a user. The major difference is that in typosquatting the perpetrator attracts victims by relying on natural typographical errors commonly made when manually entering a URL, while in homograph spoofing the perpetrator deceives the victims by presenting visually indistinguishable hyperlinks."

    IDN homograph attack ~ Wikipedia


    A Deep Dive on DNS Hijacking Attacks

    The article covered is a few months old, but still relavant as ever. The U.S. government alongside private security personnel issued information of a complex system that allowed suspected Iranian hackers to obtain a huge amount of email credentials, sensitive government and corporate information. The specifics of how this attack occured are not publicly available but Cisco's Talos research has a write up of how DNS Attacks work, the relavant snippets are below.

    "Talos said the perpetrators of DNSpionage were able to steal email and other login credentials from a number of government and private sector entities in Lebanon and the United Arab Emirates by hijacking the DNS servers for these targets, so that all email and virtual private networking (VPN) traffic was redirected to an Internet address controlled by the attackers."

    "Talos reported that these DNS hijacks also paved the way for the attackers to obtain SSL encryption certificates for the targeted domains (e.g. webmail.finance.gov.lb), which allowed them to decrypt the intercepted email and VPN credentials and view them in plain text."

    "A Deep Dive on the Recent Widespread DNS Hijacking Attacks" ~ Krebs on Security


    Law enforcement has seized the domains and infrastructure of three VPN services being used for cybercrime

    The balance between allowing autonomy and protecting our collective interests comes to my mind. This seems like a worthy example of when stopping people from victimizing others overshadows the benefits of free action.

    "Law enforcement agencies from the US, Germany, France, Switzerland, and the Netherlands have seized this week the web domains and server infrastructure of three VPN services that provided a safe haven for cybercriminals to attack their victims."

    "... described the three as "bulletproof hosting services," a term typically used to describe web companies that don't take down criminal content, despite repeated requests."

    "According to the US Department of Justice and Europol, the three companies' servers were often used to mask the real identities of ransomware gangs, web skimmer (Magecart) groups, online phishers, and hackers involved in account takeovers, allowing them to operate from behind a proxy network up to five layers deep."

    Law enforcement take down three bulletproof VPN providers ~ Zdnet


    Advisories

    • Debian, DSA-4824-1 chromium security update. Source

    • Arch, CVE-2020-25637 libvirt. Source

    • CentOS, CESA-2020-5437, Important CentOS 7 kernel. Source

    • RedHat, RHSA-2020:5665, Important: mariadb:10.3 security, bug fix, and enhancement update. Source

    • Windows, If you know of a good tracker for Windows securities advisories, please let me know. I was considering just drawing from the Microsoft Security Response Center Blog.

    11 votes
  13. Comment on Saturday Security Brief in ~comp

  14. Comment on Saturday Security Brief in ~comp

  15. Comment on Saturday Security Brief in ~comp

  16. Saturday Security Brief

    Saturday Security Brief Topics: Attack Surface Management, Active iMessage exploit targetting journalists, Academic research on unique EM attack vectors for air-gapped systems. Any feedback or...

    Saturday Security Brief

    Topics: Attack Surface Management, Active iMessage exploit targetting journalists, Academic research on unique EM attack vectors for air-gapped systems.

    Any feedback or thoughts on the experience of receiving and discussing news through this brief or in general are welcome. I'm curious about this form of staying informed so I want to experiment. (Thanks again for the suggestion to post the topics as comments.)


    Attack Surface Management

    This concept is about ensuring that your network is equipped to handle the many issues that arise from accommodating various "Servers, IoT devices, old VPSs, forgotten environments, misconfigured services and unknown exposed assets" with an enterprise environment. Some of the wisdom here can be applied better think about protecting our personal networks as well. Outdated phones, computers, wifi extenders, and more can be a foothold for outside attackers to retain persistant access. Consider taking steps to migigate and avoid potential harm from untamed devices.

    Consider putting certain devices on the guest network if your router supports doing so and has extra rules for devices on that network so they can't cause damage to your other devices directly.

    "A report from 2016 predicted that 30% of all data breaches by 2020 will be the result of shadow IT resources: systems, devices, software, apps and services that aren’t approved, and in use without the organization’s security team’s knowledge. But shadow IT isn’t the only area where security and IT teams face issues with tracking and visibility."

    Attack Surface Management: You Can’t Secure What You Can’t See ~ Security Trails


    Multiple Journalists Hacked with ‘Zero-Click’ iMessage Exploit

    Mobile spyware is continuing to evolve and tend towards professional solutions. Recently this technology has been abused to conduct espionage on journalists of major networks. Where once these exploits typically required some mistaken click from the user, new developments are allowing their activities without any trace or requiring interaction from the target.

    "NSO Group’s Pegasus spyware is a mobile phone surveillance solution that enables customers to remotely exploit and monitor devices. The company is a prolific seller of surveillance technology to governments around the world, and its products have been regularly linked to surveillance abuses."

    "In July and August 2020, government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The personal phone of a journalist at London-based Al Araby TV was also hacked."

    "The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute to Saudi Arabia, and one operator SNEAKY KESTREL that we attribute to the United Arab Emirates."

    "More recently, NSO Group is shifting towards zero-click exploits and network-based attacks that allow its government clients to break into phones without any interaction from the target, and without leaving any visible traces."

    The Great iPwn Journalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit ~ Citizen Lab


    Security researchers exfiltrate data from air-gapped systems by measuring the vibrations made by PC fans.

    Besides this potential exploit the article mentions past research done by Guri and his team which is worth checking out, like:

    • LED-it-Go - exfiltrate data from air-gapped systems via an HDD's activity LED

    • AirHopper - use the local GPU card to emit electromagnetic signals to a nearby mobile phone, also used to steal data

    • MAGNETO & ODINI - steal data from Faraday cage-protected systems

    • PowerHammer - steal data from air-gapped systems using power lines

    • BRIGHTNESS - steal data from air-gapped systems using screen brightness variations

    "Academics from an Israeli university have proven the feasibility of using fans installed inside a computer to create controlled vibrations that can be used to steal data from air-gapped systems."

    Academics steal data from air-gapped systems using PC fan vibrations ~ Zdnet


    Good Practices

    "Hundreds of popular websites now offer some form of multi-factor authentication (MFA), which can help users safeguard access to accounts when their password is breached or stolen. But people who don’t take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control. Here’s the story of one such incident."

    Turn on MFA Before Crooks Do It For You ~ Krebs on Security

    16 votes
  17. Comment on Friday Security Brief in ~comp

    Parameter
    Link Parent
    I like that idea! Thanks! That would also help me to learn what stories are more relevant to people. I'm also curious if it would be most impactful to mix in news and guides related to personal...

    I like that idea! Thanks! That would also help me to learn what stories are more relevant to people. I'm also curious if it would be most impactful to mix in news and guides related to personal computing as well as enterprise + national security concerns.

    4 votes
  18. Comment on Friday Security Brief in ~comp

    Parameter
    Link Parent
    Personally, I don't think there is another path other than putting resources into developing better hardware and software. Unfortunately, for corporations at least, part of the issue is good...

    Personally, I don't think there is another path other than putting resources into developing better hardware and software. Unfortunately, for corporations at least, part of the issue is good security is expensive and a lot of the time it's probably cheaper to just let things slide.

    2 votes
  19. Comment on Do you carry a knife with with you? If so, what type/company? in ~hobbies

    Parameter
    Link
    One knife that I like to keep around is the Opinel Classic I think it looks, well, classic, the steel is high in carbon, and it's $17. The locking mechanism is really reliable too. I think it's a...

    One knife that I like to keep around is the Opinel Classic I think it looks, well, classic, the steel is high in carbon, and it's $17. The locking mechanism is really reliable too. I think it's a good design for both aesthetics (wanting to carry a knife that doesn't look like a Navy Seal might as well) and functional work due to the simple construction and decent blade size.

    2 votes
  20. Comment on Do you carry a knife with with you? If so, what type/company? in ~hobbies

    Parameter
    Link Parent
    I've enjoyed the Ontario RAT a lot as well, and I agree the knife feels very strong for the price point. The fact that it's sturdy but not expensive enough to baby makes it my go to for harder...

    I've enjoyed the Ontario RAT a lot as well, and I agree the knife feels very strong for the price point. The fact that it's sturdy but not expensive enough to baby makes it my go to for harder work.

    Very satisfying flick motion as well.

    3 votes