Personal note - greetings from Portland, Oregon
In a few days I'll be visiting the Monitorama conference with my awesome colleagues from Articulate. I flew in a little early to get rid of the jetlag and see a bit of Oregon. Holy crap is it beautiful here.
I'm not sure if I'll be able to do a full issue next week, but I did manage one this week :-) Enjoy!
Breaches and leaks
- First American Financial Corp: over 800 million mortgage documents, containing very sensitive information, were available to anyone to see by changing the ID in the URL. Ffs.
- Perceptics: a company that creates license plate readers used extensively by US border control. Was compromised, all stolen files are available for download on the dark web.
- Flipboard: hackers breached their databases, compromising user data. Tokens were revoked, and passwords were hashed with bcrypt. Although if you hadn't logged in for a few years, then your password was hashed with the easier to crack SHA-1.
- Canva: graphic design service. Was compromised with 139 million users impacted. They seem to have handled it relatively well though. The breach was quickly detected, and all passwords were hashed with bcrypt.
- Pyramid Hotel Group: service provider to large hotel chains like Marriot and Plaza. Had an unsecured server exposing 85GB in security logs, stemming from its intrusion detection system. Great that they had one, not so great that anyone could see the sensitive data it collected.
BlueKeep is the name of a security vulnerability in the Remote Desktop Protocol (RDP) in older Windows versions (Windows 7, XP, Server 2003 and Server 2008). Microsoft issued a patch two weeks ago, but almost a million devices can still be found that are unpatched. Since the vulnerability is "wormable", there are serious concerns that it's only a matter of time before we'll see a self-propagating attack like WannaCry. If you have older Windows systems running, make sure to patch up.
It's a big headline, but from what I can make out it's not all that horrible. If you have a malicious image, or an attacker compromises a running image, one can exploit the use of
docker cp to give an attacker access to files on the host. There's no real patch available yet, only mitigations in the form of AppArmor and the likes.
If an attacker gets you to open a malicious zip file, and controls a network share or external drive, they can run arbitrary code that bypasses Gatekeeper. Doesn't seem trivial to exploit, but it's an interesting vulnerability.
Emails can be made to expire, blocked from printing or forwarding, and/or require a text-message step for authentication. It can also 'work' with other e-mail providers by not sending the contents in the e-mail itself but rather using a link to the content. I'm not entirely sure how I feel about Snapchat-like e-mail, but there you go.
There seems to be a large-scale and pretty sophisticated attack underway targeting these servers. It the end the malware drops a crypto mining payload and installs a rootkit to maintain persistent. It's worth checking your servers if you run these.
From their point of view that seems like a very reasonable move, instead of running US-made OS's. Similarly, Russia is working to replace their (modified) Windows version with a Russian-made Linux distro called Astra Linux.
An overview of negative consequences of GDPR. I personally don't agree with the gloom and doom, but hey, this newsletter isn't called "Here's a list of things Dieter agrees with". Hackernews discussion here.
Seems like a fun way of educating employees :-)