Thursday, January 14, 2021

Misuse of DoH protocols, a warning from NSA


NSA 2007

The NSA is warning companies not to use third-party DoH protocols in their DNS over HTTPS encryption, Zdnet story here

A DoH capable DNS resolver should be entirely under an installation’s control. 

Maybe this has something to do with the recent hack on major agencies.

Tuesday, January 05, 2021

The "big one" hack came from Russia, and may have gotten into Microsoft


outdoor museum in Dumfries VA

The massive hack of many US federal agencies and some contractors is now said officially to have been a Russian operation, NBC News reports 

Microsoft is admitting it was hacked, and that some of its proprietary source code has been viewed. 

The risk is largely to government agencies and some companies rather than individuals.  Yet it would be very disturbing if Microsoft’s monthly security updates (due probably a week from today) were breached.

In February of 2020, there were two updates that had to be rolled back because they caused blue screens for some users.

Thursday, December 31, 2020

How good would "2*256 bit security" be?


model railroad

3Blue1Brown has a computational video on how effective “2^256” bit security would be.This video is more of a brainteaser than one about a specific threat. 

It turns out to require many multiples of the age of the universe to try all the combinations.  How many tunes does the coronavirus get to reproduce in all of time?  

The video makes an interesting comparison to bitcoin mining and the use of dedicate integrated circuits.

Monday, December 28, 2020

Ransomware may pose a bigger threat now to cloud backups


Quantico inlet 

Danny Palmer of ZDnet writes that ransomware attacks have become even more dangerous than ever, at least to organizations, in a new article.     And the only motive seems to be financial, as the world gets even more unglued by the persistent coronavirus disruptions.

This outbreak also seems to pose a danger to cloud backups. 

That’s one reason I like to have my own usb drive backups.

Back in early 1997 when working on my first book, I did have a habit of making floppies of my work every day that I worked.  It was a good thing I did.  One night, the Word document for Chapter 3 went to garbage in the middle (on an Erols Windows 95 computer at the time).  Fortunately the backup was OK and I never had the problem again.  Except one time at Kinkos when I was printing out a master copy, I had a problem on their system, which did not recur at home.  I had taken three vacation days from work for finish the final draft (pun) of the work before printing.

Saturday, December 26, 2020

Odd YouTube and Twitter accounts apparently associated with Nashville incident could point out security risks posed by very low volume users


Nashville, 2014

Early Saturday, Ford Fischer, owner of News2Share, offered a Twitter thread identifying a few unusual YouTube accounts with names having the letter S, Mc, and G, and very low volume, connected to a showing of a video of the Nashville explosion early Christmas morning.

He also found an unusual new Twitter account with only one post, with a picture.

Later he was contacted by the poster, removed it and issued a new tweet

The point here is that very low volume accounts (and possibly low visitor count) on social media can sometimes be a warning of connection to suspicious activity. This could come to be viewed in the future as a steganographic threat issue.  This could further cause platforms to want to eliminate low volume accounts if Section 230 is eliminated or severely cut back.

Late news is that a person of interest, who may have died in the blast, has been identified. This is a rapidly changing story

Monday, December 14, 2020

Massive hack of US government agencies through "Solar Winds" and "Fire Eye"


Smallwood St Park MD

NBC News has a summary of the major hack on several US government agencies (Treasury, Commerce), mostly through a product called “SolarWinds”.   The hack went on for months. Apparently the company hired contractors that it did not know were spies. 

The cybersecurity company FireEye was also targeted.

I presume people who work from home for the government use issued laptops, not their own. 

US CERT (Pittsburgh, Carnegie) has a detailed fact sheet on the malware. 

Saturday, December 12, 2020

Patchman and Wordpress site security, it can get tricky


Smallwood St Park MD

Sitelock offers five tips on Wordpress security, if your website is indeed powered by Wordpress.

Most of these are easy to avoid if you don’t overdo things with fancy themes.

One oddity occurs with Patchman scans which Sitelock runs as part of its services, which may be purchased through webhosts or as supplements by site owners. If you have a multiple site account, and then if subsequently your host (like Bluehost) ever restores the tables after a crash (from a nightly backup) to one of the subordinate accounts, and “old” copy of the site is stored under the name of the top domain (which normally simply refers to how DNS navigation works, a pretty complicated mesh of A records) in the Wordpress files, although they will never be accessible normally. That will report  a “severe” CMS error in a Smart/Patch scan.  Sitelock says old images of sites should be removed.