Announcement

Collapse
No announcement yet.

Security warning for Sysadmins

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security warning for Sysadmins

    I know there are some sysadmins here. Due to recent breeches where the source code of products produced by Symantec, McAfee and Trend Micro was stolen, their products should be considered "compromised".

    AdvIntel reported on this a month ago. The three AV companies are down playing the claims. Although, I have not done any work for Defense contractors since moving in 2015, I still keep in touch with some of my contacts. I have viewed screenshots of chat logs on the Dark Web, where the hackers are discussing what they have, and how much they are selling it for, along with details of the actual hacking itself. I have not viewed the video, but my sources tell me the video shows "content from the hop server and transfer of gigabytes of data from the compromised antivirus company, with file timestamps, actor commentary, source code, and walkthrough of the actual code".

    Given that most companies, city, state & federal governments in the USA like to rely on "American" AV companies, imaging what is happening to Baltimore on a larger and more catastrophic scale and I am not meaning something as juvenile as ransom demands.

    If you are a Sysadmin, HARDEN your systems and keep them monitored. If you do not already do so, keep an eye on civilian intel agencies like AdvIntel. Yelisey Boguslavskiy is the guy to contact at AdvIntel. He is their director of security research.

    This is why my internet system is always just that -- an internet system. My production systems are never connected to the internet, and can never be compromised via the internet.
    I am legally blind. Please forgive any typos. I do try and catch as many as I can.

  • #2
    Thanks so much Brice
    Looks like we can't simply connect to Internet anymore

    Comment


    • #3
      Anyone who has their development software accessible by the internet is bonkers. Relying on internet security from outsiders is a really dangerous way to live. Secure your own server or your development box, never auto-open email, don't download garbage and don't experiment with unknown data. AV companies are at best suspect, they are dealing with dirty work. With servers turn off FTP, do your access with SSH, avoid any form of tunnelling and if you do need it, build a security system around it.

      There is always more but trusting outside sources can make you the ham in the sandwich.
      hutch at movsd dot com
      The MASM Forum

      www.masm32.com

      Comment


      • #4
        You are welcome, Anne.
        I am legally blind. Please forgive any typos. I do try and catch as many as I can.

        Comment


        • #5
          Brice, there is no announcement from these 3 AV suppliers. Are they waiting for hackers to break into their customers before they start announcing the bad news?
          Similar to what happen to ASUS computer which was infected with the Slowhammer malware since last year but did not do anything until Mar 2019.
          Neither did ASUS admit any wrong doing despite a million of its computers were infected worldwide.

          The SlowHammer malware uses a digitally signed ASUS updater software to infect these millions of computers. No AV could detect it as it was digitally
          signed by ASUS. It was created by China state sponsored hacking group!

          https://www.vice.com/en_us/article/p...s-of-computers



          Hackers are now attacking the top of the supply chain and their malware are infecting millions of customers' computers.

          Comment


          • #6
            Anne, here is a link of search results that has some interesting articles on the situation.

            https://www.bing.com/search?q=advint...mp;form=MOZSBR


            Brice, there is no announcement from these 3 AV suppliers.
            I would not expect any public press release, because if they can't protect their own systems, what rational person is going to buy their products to protect their systems? The companies have responded to various media outlets, but the average person is not going to read those sources. I have zero respect for the three companies in question, although I have even less respect for AVG/Avast/Avira.


            Similar to what happen to ASUS computer which was infected with the Slowhammer malware since last year but did not do anything until Mar 2019.
            I am glad the new Zenbook I bought last year is still sitting in the box and probably will be until I can get my new studio setup. That said, I do not install OS or Hardware updates.


            I do not use any of the AV programs in question, so my personal stuff is safe. I would be worried if I was a business using one of those products, though.

            Lets remember, that Linux is often considered the most secure OS and it is open source. ClamAV is a fairly decent AV program, and it is open source. Just because the "bad guys" have the source code to something, does not mean anything bad is going to happen. But, if they find any vulnerabilities in the source code, those can be exploited. In this case, I would also worry about counterfeit versions of the products being released. Possibly an update containing a trojan that is somehow spoofed and fed through an update channel.

            I used what is happening in Baltimore as an example, as it is something currently in the news which people can relate to. However, keep in mind that Iran hijacked one of our drones, safely landed it and have cloned it. Russia and China have very skilled hackers, and Iran is not far behind.

            I guess I am more worried about the vulnerability of our infrastructure, especially after the government's outcry over Kapersky and wanting it off the government systems. Irony is, the acceptable replacements are now the ones that have been compromised.
            I am legally blind. Please forgive any typos. I do try and catch as many as I can.

            Comment

            Working...
            X