Hacking News
-
How bad can it be? Worse, of course.
-
-
This is brillant. Mr. Kim probably thought, if the US can tap Merkel's phone while Obama is jovially shaking her hand, why shouldn't we invite the Russian secretary of defense while our guys are hacking their top arms manufacturer?
https://www.reuters.com/technology/north-korean-hackers-breached-top-russian-missile-maker-2023-08-07/Hegel's team of security analysts at SentinelOne learned of the hack after discovering that an NPO Mash IT staffer accidentally leaked his company's internal communications while attempting to investigate the North Korean attack by uploading evidence to a private portal used by cybersecurity researchers worldwide.
I think Reuters missed a great opportunity to reflect on the dialectical nature of the Russia-NK relationship.
When contacted by Reuters, that IT staffer declined to comment.
-
Hackity hack hack hack ...
Chinese hackers hacked Japanese ministry of defense. Americans had to tell Japan that they were hacked. And several months later, Americans had to repeat that...
https://www.washingtonpost.com/national-security/2023/08/07/china-japan-hack-pentagon/You see: beyond incapabilities, there is also another contender for the frist prize in incapability:
-
@BernieTheBernie said in Hacking News:
How bad can it be? Worse, of course.
Bah, you little fart think you've found the wurst example of MS security, ha ha ha!
You haven't read MS Learning Center's chapter "Health Endpoint Monitoring pattern" yet:Use an obscure or hidden endpoint. For example, expose the endpoint on a different IP address than the one that the default application URL uses. Configure the endpoint on a nonstandard HTTP port. Also, consider using a complex path to your test page.
That's good ol'
Security by Obscurity
.
Could of been written by Kevin.
-
@BernieTheBernie said in Hacking News:
You see: beyond incapabilities, there is also another contender for the frist prize in incapability:
something about using fax machines
-
@BernieTheBernie said in Hacking News:
For example, expose the endpoint on a different IP address than the one that the default application URL uses.
Well, you can't do that. The Load Balancer that azure provides can only do health-checks on the IP addresses in the pool themselves.
Configure the endpoint on a nonstandard HTTP port.
This is where the bad interaction between said load balancer and the kubernetes service comes into play. Or if you choose application gateway (a reverse http proxy) instead, it has the same issue with slightly different limitations.
See, Kubernetes does have a mechanism for health-checks, and these are run in the virtualized environment (pod) of the service itself, so they are executed on the internal IP address, and possibly on a port that is not exposed at all.
But instead of properly integrating the load balancers and application gateways by having them ask the kubernetes control plane which nodes are currently available, they just sloppily convert the kubernetes health-checks to the load balancer or app gateway ones. But the load balancer and app gateway only see the specific IPs and ports they are supposed to load balance over, since only those are exposed by the kubernetes nodes. But that means if you have healthchecks on separate ports, things just won't work at all.
-
@Bulb
It’s webscale!
-
@BernieTheBernie said in Hacking News:
Bah, you little fart think you've found the wurst example of MS security, ha ha ha!
You haven't read MS Learning Center's chapter "Health Endpoint Monitoring pattern" yet:Having a health-check endpoint in the public API isn't really insecure though. Might make it a little easier to make a DOS attack, but there is enough other ways anyway.
More closely related to security is how the standard user roles are defined in Azure. There is Owner, who has all management permissions, and then there is Contributor, who has all management permissions except granting access. Well, these roles do not include data access. But for most resources there is are some API keys that allow full data access. Therefore
- Owners can't access the data, but can grant themselves the right to access the data.
- Contributors can access the data using the API keys, and can give anybody else the access by giving them the keys, with no audit trace or way to find who has the access, but they can't grant the access using proper access management.
- Since this includes granting access to other services (most services can get identity assigned to them), Contributor is the wrong role to grant anybody most of the time. But it's exactly what the documentation at least used to tell you to use.
- Oh, and I don't think there is a way to allow granting access, but only to specific set of roles (i.e. allow someone to grant access to the data—so they can set up other connected services—but not to the management, so they can't sneak in new admins).
-
@Bulb By the way, did you see where I cited that snippet from?
-
@BernieTheBernie Yes. Microsoft architectural guidelines. Microsoft and architecture go together like life and arsenic. And Azure is like a dinner made by too many chefs – utter mess.
-
Here we go again.
-
I discovered that the Gather instruction, meant to speed up accessing scattered data in memory, leaks the content of the internal vector register file during speculative execution.
Does Intel not know what the effects / side-effects of their instructions are? Or is this just a massive oversimplification?
-
@topspin isn’t that basically what Spectre was previously, though, that Intel doesn’t know what the side effects are?
-
@topspin said in Hacking News:
Does Intel not know what the effects / side-effects of their instructions are?
Modern processors are written in hardware description languages and then compiled to hardware, and are of similar complexity to a large doftware project. So it is quite possible that Intel don't know what the side effects of their own instructions are if you stick a spanner in the works at exactly the right moment.
-
@topspin I'm not sure I fully understand what's going on, but it seems to boil down to a side-channel/timing attack again? E.g., you use speculative execution to load a value that you want to know but can't see directly, then (still speculatively) load stuff based on that value. That'll put stuff into the cache, and you can later see which addresses = the original value were cached. It references a different paper for the last part (
scan_flush_reload
). The key reason for the gathering instruction is that it uses a special different cache that's shared with "sibling CPU threads".It's also "only" on 6th to 11th gen, so Intel may have learned the/a lesson, but it's just difficult to plug all the related holes on older architectures. Page mentions a microcode patch with a significant overhead. There are likely a lot of environments that don't really care and prefer the performance.
-
-
@Zecc said in Hacking News:
@dkf said in Hacking News:
doftware
daft software?
-
-
@Luhmann
Buy it, use it, break it, fix it
Load it, check it, quick – erase it
-
There are many chapters in Microsoft Suckurity. There is a nice analysis of the Windows Defender update process and how to make use of it:
-
@BernieTheBernie That's so bizarre. They validate that the updater is signed, and the base payload is hashed right, but the delta payload is just.... taken at face value?
-
@Tsaukpaetra because only the good guys can hash it correctly, right?
-
Swiss Police is another victim. Thanks to a security issue at Mobilelron, hackers received names and phone number of 2,800 police employess of Bern district.
I found many english articles on Mobilelron's security issues, but (according to Goggle's snipptes) none seems to be about this data theft. Heise article:
-
@BernieTheBernie said in Hacking News:
Thanks to a security issue at Mobilelron
They have employees who can't resist punching the monkey?
-
Astronomists are the next victims. Some observatories are offline since a couple of weeks already. Perhaps the hackers do not even kow that they hacked observatories, says Science.
and paywalled:
https://www.science.org/content/article/cyberattack-shutters-major-nsf-funded-telescopes-more-2-weeks
-
@BernieTheBernie said in Hacking News:
Astronomists are the next victims. Some observatories are offline since a couple of weeks already. Perhaps the hackers do not even kow that they hacked observatories, says Science.
and paywalled:
https://www.science.org/content/article/cyberattack-shutters-major-nsf-funded-telescopes-more-2-weeksNOIRLab has provided few further details about the matter, even to employees. The center declined to answer Science’s query on whether the incident was a ransomware attack, in which hackers demand money for the return of information or control of a facility.
Anyone who'd like to bet against it?
-
Also the weather may succesfully perform a denail of service attack. The computing center of a German agency for unemployment and family welfare services got a little wet last week, and some services are still not correctly working today.
-
@LaoC quoted in Hacking News:
NOIRLab has provided few further details about the matter, even to employees.
That's standard practice FWIW, as the response team are often not sure if the attacker has been fully ousted. Mind you, it's rare for the brightest and best to spend their time on being on a security response team; instead, it ends up with far too many pen pushers and people who love the sound of their own voice above all else.
-
@BernieTheBernie said in Hacking News:
Astronomists are the next victims. Some observatories are offline since a couple of weeks already. Perhaps the hackers do not even kow that they hacked observatories, says Science.
and paywalled:
https://www.science.org/content/article/cyberattack-shutters-major-nsf-funded-telescopes-more-2-weeksAliens!
-
@Zecc said in Hacking News:
@BernieTheBernie said in Hacking News:
Astronomists are the next victims. Some observatories are offline since a couple of weeks already. Perhaps the hackers do not even kow that they hacked observatories, says Science.
and paywalled:
https://www.science.org/content/article/cyberattack-shutters-major-nsf-funded-telescopes-more-2-weeksAliens!
Everything's aliens with you. That time we used an entire bogroll in a day: you said that was aliens.
-
@Watson it’ll be a garbage pod.
-
Always back up your data into the cloud. Because there it is safe.
Oh, wait, it's the other way round, too, of course: always back up your cloud data locally, otherwise you may experience a hacker going full viking against CloudNordic:
https://www.bleepingcomputer.com/news/security/hosting-firm-says-it-lost-all-customer-data-after-ransomware-attack/
-
@BernieTheBernie said in Hacking News:
Always back up your data into the cloud. Because there it is safe.
Oh, wait, it's the other way round, too, of course: always back up your cloud data locally, otherwise you may experience a hacker going full viking against CloudNordic:
https://www.bleepingcomputer.com/news/security/hosting-firm-says-it-lost-all-customer-data-after-ransomware-attack/Both public notices include instructions on recovering websites and services from local backups or Wayback Machine archives.
Wayback Machine, yeah right. Sure, I could recover my static pages if they didn't live in a local repo to begin with, but even WP contents?
The hosting company's statements revealed that some of the firm's servers had been infected by ransomware despite being protected by firewalls and antivirus.
Not our fault, see?!
-
@LaoC said in Hacking News:
Not our fault, see?!
"Lift the knuckles off the floor, guys! Yes, that means you as well, Sven. We are an inclusive workplace now."
-
-
@LaoC said in Hacking News:
WinRar zero-day vulnerability
... and that zero-day vulnerability was introduced in version 0.18 in year 1996, wasn't it?
-
This post is deleted!
-
A Stalkerware provider was hacked, and its customer database leaked.
That deserves them well.
-
The US drug enforcement administration was duped. They sent some 50,000 dollars to hackers instead of a different authority.
-
Windows, the best known source of vulnerabilities. Imagine you made it into a victim's machine, and now you need more privileges.
Windows Filtering Platform
is your friend to gainsystem
privileges.
https://www.bleepingcomputer.com/news/security/new-stealthy-techniques-let-hackers-gain-windows-system-privileges/
-
@BernieTheBernie said in Hacking News:
The US drug enforcement administration was duped. They sent some 50,000 dollars to hackers instead of a different authority.
The "a goddamn idiot and not-really-his not-really-money" thread is
-
@BernieTheBernie said in Hacking News:
Windows, the best known source of vulnerabilities. Imagine you made it into a victim's machine, and now you need more privileges.
Windows Filtering Platform
is your friend to gainsystem
privileges.
https://www.bleepingcomputer.com/news/security/new-stealthy-techniques-let-hackers-gain-windows-system-privileges/Almost-but-not-quite Turing complete network filters are a perennial favorite anyway. Wouldn't be the first awful bug in BPF either.
-
-
Have we heard here about the "cyber attack" on trains in Poland ? Well, really "cyber" it was. Just buy a conventioanl radio transmitter, and send some short analog signals. The trains will stop immediately.
Has long been known, and so we can expect for some repetitions.
-
@BernieTheBernie said in Hacking News:
Have we heard here about the "cyber attack" on trains in Poland ? Well, really "cyber" it was. Just buy a conventioanl radio transmitter, and send some short analog signals. The trains will stop immediately.
Has long been known, and so we can expect for some repetitions.
Please note that the system is designed correctly: messing it up results in bad, but safe state (ie trains standing with no damage done). It could have resulted in all trains running for a short period of time (ie before they collide).
And the ability to repeat... in its original design (70s?), this is supposed to be solved by the police. Which is not actually so bad expectation in a police state. After all, this is how the MITM hacking attacks against K.K. Post- und Telegraphenamt have been solved, more than 100 years ago!
-
@Kamil-Podlesak and likely in the safest possible way: absofückinglutely no Internet of Shit inbetween. Who is the hacker to know how to operate such equipment?
-
@BernieTheBernie said in Hacking News:
@Kamil-Podlesak and likely in the safest possible way: absofückinglutely no Internet of Shit inbetween. Who is the hacker to know how to operate such equipment?
It's explicitly mentioned in the article - in the first very sentence
apparent supporters of Russia
-
@Kamil-Podlesak said in Hacking News:
in its original design (70s?),
… and because the system can't be replaced all at once, it has to maintain compatibility with existing components at all times, and that makes it very hard to replace at all. Together with the fact it requires very thorough testing that it will reliably stop the trains when there is actual emergency. And any additional logic just makes that reliability harder to ensure.
this is supposed to be solved by the police. Which is not actually so bad expectation in a police state.
It is not a bad expectation in any working legal state. The legal system has the flexibility needed for dealing with people problems.
-
@Kamil-Podlesak said in Hacking News:
It's explicitly mentioned in the article - in the first very sentence
apparent supporters of Russia
's armed forces are a museum of technology.