https://www.tomshardware.com/tech-i...-stupidity-remarks-astute-government-official
Indonesia, suffering from a ransomware attack, discovers it has no backups — 'That's stupidity,' remarks astute government official
WTF, OMG, ...

I think this is in the wrong forum -- doesn't it belong in the Captain Obvious thread?

While the data center had the backup capacity to store the data, it wasn’t required. Many government agencies did not use the backup service because of budget constraints.

So... if the have the capacity to store the backup data, what are the costs of performing the backups that are so great that they can't afford it?

 

https://arstechnica.com/security/20...ear-old-protocol-used-in-networks-everywhere/
New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere
Ubiquitous RADIUS scheme uses homegrown authentication based on MD5. Yup, you heard right.

MD5 has been broken for decades and anything using it for security has been a ticking timebomb for that long.

From 2015
https://www.avira.com/en/blog/md5-the-broken-algorithm

As you probably know, MD5 has been compromised almost 20 years ago. So, nowadays it is actually possible to artificially produce MD5 collisions. All you need is time, hardware and the proper software.

 

https://arstechnica.com/security/20...ear-old-protocol-used-in-networks-everywhere/
New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere
Ubiquitous RADIUS scheme uses homegrown authentication based on MD5. Yup, you heard right.

MD5 has been broken for decades and anything using it for security has been a ticking timebomb for that long.

From 2015
https://www.avira.com/en/blog/md5-the-broken-algorithm

I assume this is a Microsoft thing? MD5 has been discouraged in *nix environments since 2005.

 

I assume this is a Microsoft thing? MD5 has been discouraged in *nix environments since 2005.

It's mainly a Window LDAP/Active Directory backend thing to use RADIUS (Remote Authentication Dial-In User Service).

 

https://www.cnbc.com/2024/07/19/cro...ge-affecting-businesses-around-the-world.html

CrowdStrike issue causes major outage affecting businesses around the world

"The glitch is due to a software update of CrowdStrike's EDR product. This is a product that runs with high privileges that protects endpoints. A malfunction in this can, as we are seeing in the current incident, cause the operating system to crash," he said in an emailed comment.

 

https://www.bbc.com/news/articles/cpwdyxx0v64o
How a single IT update caused global havoc

Blue Screen of Death reported worldwide. You probably don’t need me to tell you what that is. Microsoft was quick to say it was a “third-party issue” – in other words, not its fault. Apple and Linux users, unaffected, rejoiced.

Timing is also everything. “Never push an update on a Friday,” sighed one computer scientist I spoke to, head in hands.

 

You don't need open source attackers slipping in malware to destroy basic computer infrastructure and cause billions in damage. Closed source insiders crafting a totally buggy kernel driver are more than adequate for the job.

https://slate.com/technology/2024/07/tech-meltdown-glitch-crowdstrike-y2k.html

On the air, George Kurtz, the CEO of CrowdStrike, a cybersecurity firm, explained to Kotb that the issue had been resolved but things were still recovering. The firm’s software is in global use. “The system was sent an update,” said Kurtz on the Today Show, “and that update had a software bug in it.”

A little bug interrupted everything from lifesaving help to cups of coffee, shifting the fabric of the world around us. I don’t think it’s too dramatic to put it like that. It felt reminiscent of a time that many of us had been warned about—the first moments of the new millennium. “It is as though the Y2K apocalypse has finally arrived, 24 and a half years later than expected,” Matteo Wong at the Atlantic wrote, noting that today’s issue “was likely the largest IT failure in history.”

A comment from the video.

While this is technically what crashed machines it isn't the worst part.

CS Falcon has a way to control the staging of updates across your environment. businesses who don't want to go out of business have a N-1 or greater staging policy and only test systems get the latest updates immediately. My work for example has a test group at N staging, a small group of noncritical systems at N-1, and the rest of our computers at N-2.

This broken update IGNORED our staging policies and went to ALL machine at the same time. CS informed us after our business was brought down that this is by design and some updates bypass policies.

So in the end, CS caused untold millions of dollars in damages not just because they pushed a bad update, but because they pushed an update that ignored their customers' staging policies which would have prevented this type of widespread damage. Unbelievable.

Unsigned, unvalidated kernel code being updated dynamically by a single closed sourced vendor outside of the normal kernel driver quality control protocol. What could possibly go wrong?
Well, all computer systems didn't crash. The Linux infrastructure (and Mac) said 'hold my beer' Windows while I keep running the world.

 

https://www.theregister.com/2024/07/24/googles_recaptchav2_labor/
Forget security – Google's reCAPTCHA v2 is exploiting users for profit
Web puzzles don't protect against bots, but humans have spent 819 million unpaid hours solving them

 

https://techcrunch.com/2024/07/24/c...ft-card-to-say-sorry-for-outage/?guccounter=1

CrowdStrike, the cybersecurity firm that crashed millions of computers with a botched update all over the world last week, is offering its partners a $10 Uber Eats gift card as an apology, according to several people who say they received the gift card, as well as a source who also received one.

On Tuesday, a source told TechCrunch that they received an email from CrowdStrike offering them the gift card because the company recognizes “the additional work that the July 19 incident has caused.”

“And for that, we send our heartfelt thanks and apologies for the inconvenience,” the email read, according to a screenshot shared by the source. The same email was also posted on X by someone else. “To express our gratitude, your next cup of coffee or late night snack is on us!”

On Wednesday, some of the people who posted about the gift card said that when they went to redeem the offer, they got an error message saying the voucher had been canceled. When TechCrunch checked the voucher, the Uber Eats page provided an error message that said the gift card “has been canceled by the issuing party and is no longer valid.”

 

https://techcrunch.com/2024/07/24/c...ft-card-to-say-sorry-for-outage/?guccounter=1

Those guys need to get some serious counseling from public relations experts.

 

Test keys.

Has the whole world gone incompetent?

https://arstechnica.com/security/20...mised-on-200-models-from-5-big-device-makers/

 

Run, don't walk, to Linux (or anything else).

 

Run, don't walk, to Linux (or anything else).

Our Chinese friend is back. https://cloud.google.com/blog/topics/threat-intelligence/apt41-arisen-from-dust

APT41 is a prolific cyber threat group that carries out Chinese state-sponsored espionage activity in addition to financially motivated activity that may be outside of state control. The group's financially motivated intrusions have primarily targeted the video game industry, involving activities such as stealing source code and digital certificates, manipulating virtual currencies, and attempting to deploy ransomware. APT41 is unique among tracked China-based actors in that it utilizes non-public malware typically reserved for espionage operations in activities that appear to fall outside the scope of state-sponsored missions.

 

Our Chinese friend is back. https://cloud.google.com/blog/topics/threat-intelligence/apt41-arisen-from-dust

APT41 is a prolific cyber threat group that carries out Chinese state-sponsored espionage activity in addition to financially motivated activity that may be outside of state control. The group's financially motivated intrusions have primarily targeted the video game industry, involving activities such as stealing source code and digital certificates, manipulating virtual currencies, and attempting to deploy ransomware. APT41 is unique among tracked China-based actors in that it utilizes non-public malware typically reserved for espionage operations in activities that appear to fall outside the scope of state-sponsored missions.

I think from now on I'll just say that anyone who uses Windows is anti-American (or anti-Western-Civilization so as to not be so jingoistic).

Not that anyone will care. Linux is too hard, dontchya know.

 

Has the whole world gone incompetent?

https://instapundit.substack.com/p/our-crisis-of-institutional-competence

"Stay crunchy, my friends."

 

https://instapundit.substack.com/p/our-crisis-of-institutional-competence

"Stay crunchy, my friends."

If that's the case, I've been crunchy all my life... always taking big risks, and always at the border of a financial crisis ...

 

https://www.newsmax.com/finance/streettalk/data-breach-hackers-cybersecurity/2024/08/08/id/1175660/

 

​

 

View attachment 328857​

She's allowed.

 

https://www.wired.com/story/amd-chip-sinkclose-flaw/

‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections
Researchers warn that a bug in AMD’s chips would allow attackers to root into some of the most privileged portions of a computer—and that it has persisted in the company’s processors for decades.

In a statement shared with WIRED, AMD acknowledged IOActive's findings, thanked the researchers for their work, and noted that it has “released mitigation options for its AMD EPYC datacenter products and AMD Ryzen PC products, with mitigations for AMD embedded products coming soon.” (The term “embedded,” in this case, refers to AMD chips found in systems such as industrial devices and cars.) For its EPYC processors designed for use in data-center servers, specifically, the company noted that it released patches earlier this year. AMD declined to answer questions in advance about how it intends to fix the Sinkclose vulnerability, or for exactly which devices and when, but it pointed to a full list of affected products that can be found on its website's security bulletin page.

In a background statement to WIRED, AMD emphasized the difficulty of exploiting Sinkclose: To take advantage of the vulnerability, a hacker has to already possess access to a computer's kernel, the core of its operating system. AMD compares the Sinkhole technique to a method for accessing a bank's safe-deposit boxes after already bypassing its alarms, the guards, and vault door.

Nissim and Okupski respond that while exploiting Sinkclose requires kernel-level access to a machine, such vulnerabilities are exposed in Windows and Linux practically every month. They argue that sophisticated state-sponsored hackers of the kind who might take advantage of Sinkclose likely already possess techniques for exploiting those vulnerabilities, known or unknown. “People have kernel exploits right now for all these systems,” says Nissim. “They exist and they're available for attackers. This is the next step.”

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html
Guest Memory Vulnerabilities
AMD ID:  AMD-SB-7014
Potential Impact: Arbitrary Code Execution
Severity: High
Summary
Researchers from IOActive have reported that it may be possible for an attacker with ring 0 access to modify the configuration of System Management Mode (SMM) even when SMM Lock is enabled.