Showing posts with label Information Security. Show all posts
Showing posts with label Information Security. Show all posts

Monday, December 14, 2020

SolarWinds, FireEye, and Russian Intelligence Compromise the entire damn world...

Ok folks, this one is the real deal... I believe that the SolarWinds global supply chain compromise incident disclosed yesterday, is now the most severe, and most widespread information security comprise incident ever publicly disclosed. 

I can only think of one other that is even close... the RSA compromise... and from what was actually publicly disclosed (vs. what many of us in the field know to have been compromised but cannot officially confirm or disclose)... honestly... this may be worse. From all appearances, and the implications thereof, it may be MUCH worse in fact. 

SolarWinds is a major component of the infrastructure that runs... everything really. 300,000 organizations may have been compromised by this... note, compromised not necessarily exploited... SolarWinds is used by a lot of major service providers, ISPs, ASPs, SaaS providers, Managed Service Providers in the networking, security, and every other space... It's everywhere, and when you look at the details of the compromise... yeah, this could be EXTREMELY bad. 

For information and review... The various official notices and responses to the SolarWinds global supply chain compromise incident:

The emergency CERT alert issued appx. 2200est last night:

https://us-cert.cisa.gov/ncas/current-activity/2020/12/13/active-exploitation-solarwinds-software

The DHS-CISA (Homeland Security Cybersecurity and Infrastructure Security Agency) Emergency Directive for the compromise.

https://cyber.dhs.gov/ed/21-01/

This is the solarwinds official advisory and recommendations:

https://www.solarwinds.com/securityadvisory

Here's the FireEye advisory and recommendations:

https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html

Here's the Microsoft Advisory and recommendations:

https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/

Here's the recommended detection and mitigation countermeasures, rulesets, and criteria... as published by FireEye and recommended by the CISA:

https://github.com/fireeye/sunburst_countermeasures

And the recommendations to detect persistence in a compromise event from MITRE-ATTACK

https://attack.mitre.org/tactics/TA0003/

Labels: , , , ,
Posted by at

Tuesday, June 02, 2020

Everything is Forever On The Internet

I had a personal data breach ping on my dark web monitoring... Some of my personal data including an old email and password, address, and phone number( the usual data they get when they breach a badly programmed totally insecure web site or storefront etc... that was storing passwords in an insecure format ) was exposed in the middle of March 2020.

That's not exactly an uncommon or unexpected thing. These things get exposed from old breaches, and then are collected and aggregated to build password cracking dictionaries and do datamining etc... and eventually they often get released into the wild.

What's amusing though, is that it's a 20 year old email, password, address and phone number, from when I lived in Fremont, CA.

I left Fremont and moved to Ireland in 2001.

Remember... Everything is forever on the internet.
Labels: , , ,
Posted by at

Saturday, March 09, 2019

Title 2 Regulation Isn't Net Neutrality... but it IS Warrantless Wiretapping...

Since it's coming around again...

...STOP SPREADING THE DELIBERATE FRAUD THAT TITLE 2 REGULATION IS NET NEUTRALITY...

It isn't. It has literally NOTHING to do with net neutrality.

Net neutrality is the SELF GOVERNING principle, that all network traffic between service providers and their customers, is the same. Traffic is traffic regardless of the content... except that certain types of latency sensitive traffic can be prioritized, and certain types of low priority non-sensitive traffic can be deprioritized, for network and bandwidth management purposes, and hostile or harmful traffic can be throttled or blocked, to prevent service degradation and the like.

This has, until recently, always been self enforced. Recently, some very large service providers have attempted to double dip, by trying to charge some very large content providers like Netflix, who use up LOT of bandwidth, but are not those ISPs direct customers for their primary data centers etc... That's double dipping, because those ISPs already charge peering interconnect fees, to the ISPs that Netflix already pays for their internet upload capacity.

Again, up until recently, if an ISP tried to treat any other ISP or organizations traffic worse than everyone else, the other ISPs would do the same for that ISPs traffic... thus nobody broke the rules for very long. That is still MOSTLY true MOST of the time... But a couple of the huge mega ISPs are SO big, that you cant do that anymore or you would slow down very large fractions of ALL internet traffic.

Title 2 regulation does ABSOLUTELY NOTHING to prevent that from happening.

Title 2 regulation allows for two main things... The FCC can set the rates large ISPs charge each other for interconnect peering, and it REQUIRES ALL TELECOMMUNICATION SERVICE COMPANIES (including email and VPN providers according to the Obama admin proposed regs) TO COMPLY WITH WARRANTLESS WIRETAPPING AND METADATA COLLECTION, which is the real reason the government wants it.

The FBI cooked up a plan to collude with other federal agencies, and an at the time cooperative and power grabbing democrat controlled FCC, to rebrand warrantless wiretapping, as net neutrality... which actually is, and always has been, something else entirely.

If you believe in phony net neutrality, its probably not your fault... you have been, and continue to be, deliberately defrauded about the issue.
Labels: , , , , , , , ,
Posted by at

Sunday, October 05, 2014

Information Security... Backwards, Broken, and Bigger.

I just did an entire two day class on information security issues (which could easily have been a two week class, or a two month class), where I spent 3/4... Hell, 7/8 of the class not actually directly dealing with the issues in question, or just using them as examples of the bigger issue.

The official title of the class (delivered at the ISC2 global security congress last weekend) was "Big Data and Information Security: opportunities, challenges, and changes in the way we all use and manage information".

I based the class on a nonconventional definition of "Big Data" as a set of information oriented capabilities (not data oriented, information oriented, and not any specific technologies etc..), and a high information model of information awareness, and information management.

I spent most of those two days teaching people how to break down the problem and reorient themselves to it; to actually have any real understanding of what the problem REALLY is, why its a problem, and how to deal with it...

...Because everything we have been doing in information security up to now fundamentally misunderstands all of those things, and is oriented incorrectly to properly address them, or more specifically the larger problem, and the greater mission.

This is not because we are incompetent or stupid... But because our tools for seeing and understanding the problem, and then addressing it, have been so limited.

We have literally been doing everything backwards for decades... And what success we have had is because those attacking us have had similarly limited tools and understanding.

Now, that's changing... And we have to do everything entirely differently...

Not just "more of the same, only harder, and smarter, and more efficiently"... We have to reorient entirely.

Our model is unfixably broken, so any success we have is limited, and cannot easily be applied to other problems. We just keep throwing more and more resources, more layers, more patches and Band-Aids...

16 hours with some of the smartest and most experienced people in my field in the room... And by the end, I think... I hope... I might have made a dent in helping them understand that the model we have is unfixably broken... And what we need to replace it with.

We can't fix it or extend it, or improve it... We have to replace it.

Once you replace the model and reorient yourself to it... Problems don't disappear... But they become much easier to understand, to break down, and to address the smaller elements that make up the larger problem, in the context of that larger problem, and in service to the larger mission.

What am I talking about?

It's all in the title(s).

Labels:
Posted by at
Subscribe to: Posts (Atom)