Little Pig, Little Pig! Let Me Admin! (Security Thread)

User avatar
Friday
Posts: 5251
Joined: Mon Jan 20, 2014 7:40 pm
Location: A user of Sosuns

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Friday » Thu Jul 08, 2021 7:24 am

Do I need this security update if I never have hooked my computer up to a printer and never will?
ImageImageImage

User avatar
Grath
Posts: 2149
Joined: Mon Jan 20, 2014 7:34 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Grath » Thu Jul 08, 2021 8:34 am

Friday wrote:Do I need this security update if I never have hooked my computer up to a printer and never will?

Yes. This is a hilariously bad bug that allows Windows to basically load any code whatsoever as though it's a printer driver and then run it as the System user, so it's automatically at elevated permissions.

User avatar
Mongrel
Posts: 18091
Joined: Mon Jan 20, 2014 6:28 pm
Location: There's winners and there's losers // And I'm south of that line

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Mongrel » Thu Jul 08, 2021 3:01 pm

Always a bit fascinating when a critical failure bug goes undetected for THIS LONG.

It's been what? 13 years since Win 7 was released?
Image

User avatar
Brentai
Woah Dangsaurus
Posts: 3504
Joined: Mon Jan 20, 2014 2:40 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Brentai » Thu Jul 08, 2021 5:58 pm

The fascinating thing to me is that it took 13 years for somebody to exploit it badly enough to warrant a patch. It's no secret to anybody who's ever touched an ink cartridge that the printer API is a rotting zombie that's been shambling around since the 90s; if I was inclined to ransom somebody's wares, I'd probably have put more effort into figuring out exactly how rotting at some point.
Image

User avatar
Thad
Posts: 10757
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Thu Jul 08, 2021 6:11 pm

Though accidental disclosure by security researchers who confused it with another print spooler vulnerability that had already been patched? That part's very, very easy to believe.

User avatar
Upthorn
Posts: 634
Joined: Wed Jan 22, 2014 5:41 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Upthorn » Tue Sep 07, 2021 8:28 pm

New Discord malware going around, in the form of an itch.io link that gains steals your discord account login cookie if opened in a browser that has your login saved.

Also, seems Discord has no safeguards against an account hacker spending money via a nitro account's saved credentials...


I absolutely hate that itch.io is being used as the vector for this. It would work on literally any website, and itch.io is both really important for indie game development, and small/obscure enough that people really don't need any reason to start avoiding links there.
How fleeting are all human passions compared with the massive continuity of ducks.

User avatar
Upthorn
Posts: 634
Joined: Wed Jan 22, 2014 5:41 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Upthorn » Wed Oct 06, 2021 2:01 pm

You may or may not have already heard, but Twitch got completely owned today.
Payment records, source code, with comments.
Probably reasonable to assume that they dumped all the user DBs, and somebody somewhere is at work cracking passwords right now.

If you use twitch: reset your password and stream key, consider adding 2FA to your account.
How fleeting are all human passions compared with the massive continuity of ducks.

User avatar
Thad
Posts: 10757
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Wed Oct 06, 2021 2:14 pm

...it would have been pretty weird if they got the source code *without* comments.

User avatar
Grath
Posts: 2149
Joined: Mon Jan 20, 2014 7:34 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Grath » Wed Oct 06, 2021 4:58 pm

Thad wrote:...it would have been pretty weird if they got the source code *without* comments.

I mean, you can decompile programs to get source code without comments, or if the devs are full of hubris you can find source code without comments.

(Sidebar: A coworker at IBM had a custom status message of

Code: Select all

/* Yuri made me put in a comment saying what I was doing. I was modifying the damn code. Figuring out how I did it is left as an exercise to the astute reader, you poor bastard */
and I didn't see that myself in the source code, but I do know we had a coworker named Yuri in the dev team.)

User avatar
Thad
Posts: 10757
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Wed Oct 06, 2021 5:27 pm

Grath wrote:I mean, you can decompile programs to get source code without comments


Yeah, but nobody would describe getting binaries and decompiling them as getting access to source code.

User avatar
Brentai
Woah Dangsaurus
Posts: 3504
Joined: Mon Jan 20, 2014 2:40 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Brentai » Wed Oct 06, 2021 10:18 pm

Somebody absolutely would and generally they're the kind of somebody who "own" websites.
Image

User avatar
Thad
Posts: 10757
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Thu Oct 07, 2021 12:13 am

Wil Wheaton?

User avatar
mharr
Posts: 1583
Joined: Tue Sep 27, 2016 11:54 am
Location: UK

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby mharr » Fri Oct 15, 2021 2:24 pm

Former Malware Distributor Kape Technologies Now Owns ExpressVPN, CyberGhost, Private Internet Access, Zenmate, and a Collection of VPN “Review” Websites

The main person behind Kape is Teddy Sagi, an Israeli billionaire who previously spent time in jail for insider trading. Sagi earned much of his wealth from a gambling company called Playtech. Sagi acquired Kape Technologies in 2012 and led it to be a major player in the malware and adware industry.

Interestingly, Sagi is also named in the Panama Papers that detail a “rogue offshore financial industry.”

The other key figure behind Kape is Koby Menachemi. Forbes wrote a good article on Menachemi, detailing his ties to Israeli intelligence and cyber espionage.

User avatar
Upthorn
Posts: 634
Joined: Wed Jan 22, 2014 5:41 pm

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Upthorn » Tue Jan 04, 2022 11:23 am

Missed in all the havoc of the past year, but apparently the Norton 360 subscription-based antivirus recently pivoted from software security to... etherium mining network.

What is not mentioned in the linked blog post is that there is no way to opt out except to uninstall, and the miner automatically connects to a Norton-run mining pool which takes a 15% fee. Nor is there any notification to users that Norton now automatically mines Etherium with your spare cycles, so unless they happened to check the blog 6 months ago, or thoroughly explore the updated UI to find where it tells them their payout numbers, they have no way to know it's happening...
How fleeting are all human passions compared with the massive continuity of ducks.

User avatar
Thad
Posts: 10757
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Tue Jan 04, 2022 11:58 am

Huh. And here I was thinking my opinion of Norton couldn't get lower.

User avatar
Thad
Posts: 10757
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Tue Jan 18, 2022 5:32 pm

Safari and iOS users: Your browsing activity is being leaked in real time

Since September’s release of Safari 15 and iOS and iPadOS 15, [same-origin] policy has been broken wide open, research published late last week found. As a demo site graphically reveals, it’s trivial for one site to learn the domains of sites open in other tabs or windows, as well as user IDs and other identifying information associated with the other sites.

User avatar
Thad
Posts: 10757
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Tue Mar 08, 2022 12:08 pm

High-severity bug in the Linux kernel; affects anything running kernel v5.8 or later. That includes Android, so if you've got any Android devices you may want to manually check if there's an update available.

The good news is it's probably not going to affect many production servers. If you're using Ubuntu LTS with a stock kernel, you're running Linux 5.4 at the latest. I haven't checked the current kernel version on RHEL but I'm guessing it's not using 5.8 either. And Debian stable is definitely going to be running an older kernel than Ubuntu LTS, because that's how Ubuntu works.

Now, if this had been discovered a month later, it would have...still probably not had much of an impact on production environments, because nobody in a production environment updates to a new Ubuntu LTS at launch. Hell, I'm still in the process of updating our servers to 20.04.

User avatar
Thad
Posts: 10757
Joined: Tue Jan 21, 2014 10:05 am
Location: 1611 Uranus Avenue
Contact:

Re: Little Pig, Little Pig! Let Me Admin! (Security Thread)

Postby Thad » Sat Apr 09, 2022 1:10 pm

WatchGuard failed to explicitly disclose critical flaw exploited by Russian hackers
Silently fixed authentication bypass remained a secret even after it was under attack.

I've always thought of WatchGuard as cheap trash your boss buys because he thinks Cisco is too expensive.

This, though, is a whole other level. Being informed by the FBI that your product has a vulnerability being actively exploited by Russian state actors, taking three months to patch said vulnerability, and then failing to disclose it until forced to in court, is completely disqualifying.

Don't use WatchGuard. Ever. If you're in a shop that does use it, point the people who make buying decisions at this story and explain how much more this kind of breach would cost the company compared to buying a better firewall.

Who is online

Users browsing this forum: No registered users and 4 guests