with security there is no “done”

it can be clearly seen that:

  • the amounts of it-security problems is increasing
https://www.cvedetails.com/browse-by-date.php (data of 2020 is still missing... )

src: https://www.cvedetails.com/browse-by-date.php (data of 2020 is still missing… )

at the beginning: security was not a problem

  • C is still a great language, but unfortunately it was build (just as the mail) in times where it-security was not a problem
  • re-writing critical services in security-focused languages like RUST could be a good idea (some things will always stay C).

it-security means: constant iterations over those question:

  • is the system/network safe?
    • what can be improved?
    • what can be improved -> should be improved, no matter the costs, because loss of data & reputation & trust of customers by ransomware attack will always cost the company MORE and endanger even it’s existence & all jobs attached (lawsuits by customers)
    • software-minimalism is key: (KISS philosophy)
      • does the company really need this and that software installed? (more software = more problems, but yes, to work while listening to good music is important for well being of employees)
    • schedule a once-a-week or once-a-month update routine:
      • all systems (modems, (vpn/internet) routers, servers, switches) that have direct connection to the internet must be updated on a regular basis
      • automatic update servers are very very critical infrastructure (just as nuclear power plants)
        • automatic updates are a good idea and work well for systems that follow the UNIX KISS philosophy
        • updates for systems that are increasingly complex (bad) it is a better (but more effort) idea of “supervised updates”
          • make complete backup of system and data
          • update the system
          • test according to created test-function-case-document
            • are all needed functions still working? (yes -> great, no -> restore and contact software vendor/producer and support)
    • do users run unsafe programs/services that can receive messages from outside?
      • any program that scripting support (JavaScript and Makros are EVIL) (Office, Browser but also Adobe.PDF?) must be considered unsafe to use inside a company-net
      • anything that receives messages is potential vulnerable (mail-server, mail-client, chat-client, ms-teams) must be considered unsafe to use inside a company-net
      • all unsafe programs should be placed on physically separate machines which are placed on separate networks with no access to company-net-data or production-machines
    • is the backup and restore system sufficient?
      • test once a year
        • is restore possible? (to different (newer or older) server-hardware?)
        • how long does it take to restore? (USB 2.0 WAY TOO SLOW! (here eSATA connections are nice)
      • admin should ALWAYS have one complete data backup
        • off-site: physically separate place (in fire & emp (double metal casing) vault)
        • off-line: not physically connected to PC or internet
    • firewalls & routers:
      • what ports are internet-reachable on the router/firewall?
      • only white-listed clients and (update)servers with fixed IP-Adresses should be able to communicate, anything else needs to be blocked
      • maybe even update-servers need to be blocked and only unblocked prior to an update

Humans make mistakes and thus in Open Source just as in Closed Source concepts and software (and even hardware) there can will be bugs and flaws that can be exploited to allow malicious access to systems and data (mostly in order to exploit it for money or bitcoin mining or DDoS attacks on other hosts or sabotage (halt infrastructure, cause dataloss for quiet a significant amount of time (also hospitals can get virus infections… not funny!)).

Example: Microsoft’s File Sharing system “Server Message Block” (SMB), one version of which was also known as “Common Internet File System” (CIFS) had a (we hope not on purpose?) DESIGN-CONCEPT (!) flaw in  (SMBv1) of the protocol, which allowed the Ethernal Blue exploit to basically get into any Windows AND (!) LINUX system (samba) that was running it.

Let yourself be educated by security researches on a regular basis – to estimate – what is possible today – and maybe in the future – and do your best to stay safe.

Update your knowledge! Update your software (but before: Power down and backup,  or maybe on an identical non-production test-system to see what the update could fix but also break (yes updates do those things))

backup the backup! X-D

stay up-to-date on it-security: with RSS-Feeds

(rss feeds are usually automatically generated by Blogs, just try domain.com/rss (Newsletters/Mailing Lists are okay, imho RSS feeds are superior)

the user can subscribe and manage RSS feeds via Thunderbird! with ease (good Job Mozilla)

English:

https://blog.feedspot.com/information_security_rss_feeds/

https://googleprojectzero.blogspot.com/ (rss)

blog: https://krebsonsecurity.com/

newsletter: https://krebsonsecurity.com/subscribe/

https://blog.checkpoint.com/

https://onlinedegrees.sandiego.edu/top-cyber-security-blogs-websites/

Russian:

https://exploit.in/

https://threatpost.ru/

German:

blog: http://www.golem.de/specials/security/

Golem rss feed security: https://rss.golem.de/rss.php?tp=sec&feed=RSS2.0

blog: https://www.heise.de/security/

https://www.kuketz-blog.de/

newsletter: https://www.heise.de/newsletter/manage/heisec-summary

https://exploit.in/ (Russian)

Events to attend:

https://www.startpage.com/do/dsearch?query=2019+Cybersecurity+Innovation+Forum+&cat=web&pl=opensearch&language=english

https://csrc.nist.gov/Events/2019

https://csrc.nist.gov/Events/2018

Germany:

https://www.it-defense.de/it-defense-2019/programm

https://www.heise-events.de/konferenzen/konferenzen_security

https://hacktoberfest.digitalocean.com/

Very General:

very general: https://www.akamai.com/de/de/about/our-thinking/state-of-the-internet-report/

https://www.akamai.com/de/de/about/our-thinking/state-of-the-internet-report/web-attack-visualization.jsp

https://www.bsi.bund.de/EN/Publications/SecuritySituation/SecuritySituation_node.html

live map:

Databases of IT Vulnerabilities: CVE: Common Vulnerabilities Exposures

https://www.securityfocus.com/

https://www.exploit-db.com/

https://cve.mitre.org/

https://kb.cert.org/vuls/

https://kb.cert.org/vuls/bypublished/desc/

https://www.metasploit.com/

https://www.cvedetails.com/

by vendor: https://www.cvedetails.com/vendor.php

nice to look at: https://nvd.nist.gov/

search/browse by product: https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_product=cpe%3A%2F%3A%3Aandroid

https://nvd.nist.gov/ncp/repository

https://seclists.org/fulldisclosure/2018/Dec/

https://dwaves.de/category/hacking/

https://dwaves.de/category/sicherheit-security/

https://dwaves.de/category/cybercrime/

https://dwaves.de/category/cyberwar/

in German: https://www.cert-bund.de/overview/AdvisoryShort

list of ips of malicious hosts:

https://urlhaus.abuse.ch/browse/

reads like:

Dateadded (UTC) Malware URL Status Tags Reporter
2019-04-11 18:09:06 http://foodphotography.in/v1/WVjVi-P0rfOXzLcY29… Online emotet heodo @spamhaus
2019-04-11 18:08:03 http://frtirerecycle.com/images/RseCL-SM0s9HDmN… Online doc emotet epoch1 @Cryptolaemus1
2019-04-11 18:07:03 http://gamarepro.com/plugins/tBtiE-6gQWuklmcGqE… Online emotet heodo @spamhaus
2019-04-11 18:05:04 http://gamarepro.com/plugins/jfNl-GgsP8XQkIpaSt… Online emotet heodo @spamhaus
2019-04-11 18:03:11 http://fullwiz.com.br/jbmix/xhBK-NC3rOuUWFNZiG1… Online doc emotet epoch1 @Cryptolaemus1
2019-04-11 17:59:04 http://further.tv/trust.myaccount.docs.biz/KSUb… Online doc emotet epoch1 @Cryptolaemus1
2019-04-11 17:56:06 http://g-and-f.co.jp/photobox15/fCVjp-zBv0dB1D3… Online doc emotet epoch1 @Cryptolaemus1
2019-04-11 17:54:04 http://gccpharr.org/assets/JNHN-rSasBmJrxmcTol_… Online emotet heodo @spamhaus
2019-04-11 17:52:09 http://gemabrasil.com/mcassab/Mqdz-QwuZNxvQgLRo… Online emotet heodo @spamhaus
2019-04-11 17:51:11 http://gamvrellis.com/MEDIA/iKlUb-ZImFSwyWl1511… Online doc emotet epoch1 @Cryptolaemus1
2019-04-11 17:46:37 http://gaz.cl/FhXY-lQk2ZCuhx3kUnDT_CISswsvvk-p4b/ Offline doc emotet epoch1 @Cryptolaemus1

Tools:

let’s you check if the ip you are browsing with related to any cyber security problems

https://ip.team-cymru.com/

Linux specific news and updates:

https://lwn.net/

PenTesting Service providers:

so you think you did all you can do? have yourself tested!

https://www.cirosec.de/unternehmen/wir-ueber-uns

what if your SmartPhone gets hacked and dials expensive numbers?

also checkout: “StealthCalls

congratulations to Google: The made Android the Number #1 – much to the horror of Microsoft – that tries to counter with increased lobbying. The problem of a market leader: how to stay secure – you have just become a major target that is attractive to be attacked. Android with Linux Kernel… how long will you be save?

heise: “Google fixes critical security holes” – most of them reside in Closed-Source-components of Qualcomm – that’s why there is no further detail.

videos:

https://vizsec.dbvis.de/

https://vimeopro.com/vgtcommunity/vizsec2017

https://media.ccc.de

HP FIRMWARE HACK VIA FAX! ? HP YOU MUST BE KIDDING US ALL! https://mirror-1.server.selfnet.de/CCC/congress/2018/h264-hd/35c3-9462-eng-What_The_Fax.mp4

not sure if this is real or scam: https://www.simpliv.com/search/sub-category/cybersecurity

“GREAT” – thanks to all involved!

Qualcomm but also Cisco are all US based manufacturers known to implement backdoors ON PURPOSE probably for gov agencies to spy and collect data on you – the citizen – that they are so afraid of.

“We are also having tough times with GPS: all the GPS chips found in the Android phones we support implement a secret and non-documented protocol that we just cannot figure out.” (src)

it is called: is it a bug or a feature?

deliberate security holes – now also in the Intel Management Engine

src: http://gs.statcounter.com/os-market-share#monthly-201712-201811-bar

i thought it’s a thing of the past, but now, “expensive numbers” is back!

Google and FSB, CAN YOU FIX THIS HOLE? IT ANNOYS EUROPE! THANKS 🙂

Weihnachtsabzocke Christmas Scam Teure Nummer aus dem Ausland Kazachstan Russland 0079 +79 +79 40 76 9 30 53 – nicht bestellt und doch geliefert Amazon Pakete

tweets / twitter:

 

admin