Author Topic: Exploits And Mitigation  (Read 31501 times)

0 Members and 1 Guest are viewing this topic.

Whistler

  • Drone Pilot
  • *****
  • Posts: 593
  • We call ourselves the Nightstalkers...
Re: Exploits And Mitigation
« Reply #30 on: October 06, 2018, 04:47:16 PM »
as i stated in an earlier post, antennas (magnetic or not) need to be tuned to a specific frequency for transmit.
Correct - if you're listening on a specific frequency. Granted, out put will multiply exponentially if the system is resonant.  ;)
(I'll grant you that - it makes a hell of a difference.)
Quote

can we agree to disagree on this?
Most definitely.  I have considerable experience in the MW, and LW bands. most of the principals translate to to the upper bandwidths, but not all.
Hey, we both put some good information out there for those that might be interested.
I'm still going to hold to my point of view, because I've seen nothing to prove me wrong, but that doesn't mean I'm right. I don't have an oscilloscope  t o test whether it's putting out readable frequencies or not - or at what range they can be picked up at  - if it even is.
All I know is that the heat-pipe is right in the range for a 2.4 MHz broadcast antenna. That makes me nervous.  ;)
Oh yeah, this is a very old lappy that I'm using as an example. 
So yes, we can [respectfully] agree to disagree.
(BTW - I value your opinions. No one has the same experience as another person does. If we shut ourselves off from learning, what's the sense in living ?)    ;)
It may be that your sole purpose in life, is to serve as a warning to others.   :o

wr250

  • Elluminati
  • ******
  • Posts: 1352
  • tux the magic penguin
Re: Exploits And Mitigation
« Reply #31 on: October 06, 2018, 06:59:35 PM »
I'm following this one with interest WR.   Once upon a time I was in the server business - still miss it.   Fascinating that Apple got bit by this.
it should be noted that almost all of the companies effected are denying the claims. the rest are saying "no comment" . supermicro claims "they have no knowledge of this", the chinese govt is claiming to be "committed to supply chain security" and denies wrongdoing; also it claims to be a victim.
the US govt and the assorted 3 letter agencies all claim "no comment" .   
statistics can be used to prove anything. 14% of the people know this.
https://lptd.home.blog/

wr250

  • Elluminati
  • ******
  • Posts: 1352
  • tux the magic penguin
Re: Exploits And Mitigation
« Reply #32 on: October 07, 2018, 06:31:52 AM »
here is more on the supermicro server compromise:
https://www.extremetech.com/computing/278164-supermicro-servers-completely-compromised-by-chinese-hardware-backdoors
https://www.imore.com/did-china-hardware-hack-supermicro-servers-used-apple-and-amazon
https://www.sdxcentral.com/articles/news/china-hacked-supermicro-servers-to-spy-on-amazon-apple-report-says/2018/10/

there are several options:
1. bloomberg is totally wrong and just trying to gain notoriety or (paying) users
2. bloomberg is partially right and the rest of #1 applies
3. the companies in question have contained the news of the compromise to a few persons each (those that actually know), and those who know were forced to sign a NDA and/or a govt gag order is in place. this means that PR is unaware and wont be informed of such a hack, due to the NDA or govt gag order.
4. the "US national security officials"  cited have a beef against one or more of the companies named and want to defame them by  this "whistleblowing" .

putting on my tin foil hat, it would not surprise me that the US govt has done this, then directed said companies to respond as they have, under threats of things like :
IRS audits
raids by any of a number of 3 letter agencies for any reason they can dream up (and yes they have done this, even on foreign soil) seizing hardware and even data centers
removing large tax incentives that said companies have
and anything else the they (the govt) can do
any of the above could put said company out of business, even apple and amazon.
statistics can be used to prove anything. 14% of the people know this.
https://lptd.home.blog/

albrecht

  • Ellightened
  • ******
  • Posts: 2826
Re: Exploits And Mitigation
« Reply #33 on: October 07, 2018, 02:43:54 PM »
here is more on the supermicro server compromise:
https://www.extremetech.com/computing/278164-supermicro-servers-completely-compromised-by-chinese-hardware-backdoors
https://www.imore.com/did-china-hardware-hack-supermicro-servers-used-apple-and-amazon
https://www.sdxcentral.com/articles/news/china-hacked-supermicro-servers-to-spy-on-amazon-apple-report-says/2018/10/

there are several options:
1. bloomberg is totally wrong and just trying to gain notoriety or (paying) users
2. bloomberg is partially right and the rest of #1 applies
3. the companies in question have contained the news of the compromise to a few persons each (those that actually know), and those who know were forced to sign a NDA and/or a govt gag order is in place. this means that PR is unaware and wont be informed of such a hack, due to the NDA or govt gag order.
4. the "US national security officials"  cited have a beef against one or more of the companies named and want to defame them by  this "whistleblowing" .

putting on my tin foil hat, it would not surprise me that the US govt has done this, then directed said companies to respond as they have, under threats of things like :
IRS audits
raids by any of a number of 3 letter agencies for any reason they can dream up (and yes they have done this, even on foreign soil) seizing hardware and even data centers
removing large tax incentives that said companies have
and anything else the they (the govt) can do
any of the above could put said company out of business, even apple and amazon.
Weren't many systems already vulnerable? NSA etc has done similar for years, I've heard. I've always had a concerned about outsourcing critical components to China. Interesting that so much of the government (even CIA) is now outsourced to Amazon cloud storage. If compromised China got a lot of stuff, then again considering our history I would've thought that some in government or tech industry would be aware of threat and/or problems, so disinformation could also be used. A few years back it was said how many spies and assets we've lost in China under Obama rendering our spying capacity very low now. I wonder if it wasn't a person that compromised all those agents (leading to their torture and death) but these hacks?

wr250

  • Elluminati
  • ******
  • Posts: 1352
  • tux the magic penguin
Re: Exploits And Mitigation
« Reply #34 on: October 07, 2018, 07:39:21 PM »
Weren't many systems already vulnerable? NSA etc has done similar for years, I've heard. I've always had a concerned about outsourcing critical components to China. Interesting that so much of the government (even CIA) is now outsourced to Amazon cloud storage. If compromised China got a lot of stuff, then again considering our history I would've thought that some in government or tech industry would be aware of threat and/or problems, so disinformation could also be used. A few years back it was said how many spies and assets we've lost in China under Obama rendering our spying capacity very low now. I wonder if it wasn't a person that compromised all those agents (leading to their torture and death) but these hacks?
[tin foil hat]
the US govt has been planting chips like this into servers (for other countries) for years. it would not surprise me if the US govt was the one behind this compromise (mimicking chinese design). the US govt has done this with software for many many years (engineering software to hack a specific resource, and coding the hack to look as if it were russian or chinese in design).
the US govt has extreme interest in apple, amazon, google and other large companies, and is therefore motivated to do something like this.
[/tin foil hat]
statistics can be used to prove anything. 14% of the people know this.
https://lptd.home.blog/

Walks_At_Night

  • Hall Of Famer, Morg!
  • Ellevated
  • *****
  • Posts: 16086
  • Morg!
Re: Exploits And Mitigation
« Reply #35 on: October 07, 2018, 08:10:52 PM »
here is more on the supermicro server compromise:
https://www.extremetech.com/computing/278164-supermicro-servers-completely-compromised-by-chinese-hardware-backdoors
https://www.imore.com/did-china-hardware-hack-supermicro-servers-used-apple-and-amazon
https://www.sdxcentral.com/articles/news/china-hacked-supermicro-servers-to-spy-on-amazon-apple-report-says/2018/10/

there are several options:
1. bloomberg is totally wrong and just trying to gain notoriety or (paying) users
2. bloomberg is partially right and the rest of #1 applies
3. the companies in question have contained the news of the compromise to a few persons each (those that actually know), and those who know were forced to sign a NDA and/or a govt gag order is in place. this means that PR is unaware and wont be informed of such a hack, due to the NDA or govt gag order.
4. the "US national security officials"  cited have a beef against one or more of the companies named and want to defame them by  this "whistleblowing" .

putting on my tin foil hat, it would not surprise me that the US govt has done this, then directed said companies to respond as they have, under threats of things like :
IRS audits
raids by any of a number of 3 letter agencies for any reason they can dream up (and yes they have done this, even on foreign soil) seizing hardware and even data centers
removing large tax incentives that said companies have
and anything else the they (the govt) can do
any of the above could put said company out of business, even apple and amazon.

Bloomberg might be mistaken but what if it's worse?  It's seems to me that you would need some operatives on the inside to really make it a slick operation.
Just thinking out loud.  So ServerDesign Corp does a board design and they put a BMC on the board - because that's what you do [IPMI/BMC has enough problems  as it is but that's a different subject].  They send the design off to China and the early engineering boards that come back look pretty good.  They have a few QA issues so there is a tweak here and there and then it's time to ship.       

So Acme Corp places an order for 4,000 units.  The Chinese MSS has placed an agent in ServerDesign Corp's business operations and they note the order and pass it on to the MSS.  The MSS has a particular interest in Acme Corp so they instruct the board manufacturer to introduce the board change - on say every 10th board.   They place something between the SPI and the BMC that lets them dork around with the BMC when some sort of magic packet hits it.  Boards get built, systems get built off they go.  Some of the compromised units end up at Acme Corp where the MSS has an operative in the data center. Acme Corp installs the units and they start running Cloud stuff.   KVM, VM's, Docker, the whole lot.  Acne Corp have their systems mgmt network isolated off from everything else and it is tightly controlled.   However the operative has access and has a way to send the magic packet and take over the BMC. Somehow whatever they did allows the I2C bus to pull data out of the VM's or they simply just grab what they can with an eye of grunting through it.  Somehow there is a way that the operative can get at the data where it wouldn't be easily detected.  When the coast is clear the operative gets the  data out of the building and ships it off to the MSS.  They dig around maybe they pull a VM running Ellbag and maybe they pull something juicy on occasion. A glimmer here and flash there might lead to something big.   The US Navy used a glimmer and a glammer to prepare an ambush for the Battle of Midway when they broke the IJN25b code during the war.

If they used a little moxie and only compromised some boards it might be a cast iron bitch to detect.  The story gets out and the new President has taken a much different approach to immigration and also is clearly no friend to Acme Corp.  Not wanting to give the President any more ammunition, instead of issuing some wishy washy  PR statement, they go all in on a categorical denial rather than to admit that they have hired MSS operatives from overseas into sensitive positions and have purchased compromised units to boot.  How is that for tin foil hat @wr250 ?     

Clearly *something* happened with this - Apple apparently ripped out every SuperMicro system they had and cancelled a big order and Amazon
ditched their whole Beijing DataCenter.   Like I said just thinking out loud and riffing a little bit. 



wr250

  • Elluminati
  • ******
  • Posts: 1352
  • tux the magic penguin
Re: Exploits And Mitigation
« Reply #36 on: October 07, 2018, 08:18:50 PM »
Bloomberg might be mistaken but what if it's worse?  It's seems to me that you would need some operatives on the inside to really make it a slick operation.
Just thinking out loud.  So ServerDesign Corp does a board design and they put a BMC on the board - because that's what you do [IPMI/BMC has enough problems  as it is but that's a different subject].  They send the design off to China and the early engineering boards that come back look pretty good.  They have a few QA issues so there is a tweak here and there and then it's time to ship.       

So Acme Corp places an order for 4,000 units.  The Chinese MSS has placed an agent in ServerDesign Corp's business operations and they note the order and pass it on to the MSS.  The MSS has a particular interest in Acme Corp so they instruct the board manufacturer to introduce the board change - on say every 10th board.   They place something between the SPI and the BMC that lets them dork around with the BMC when some sort of magic packet hits it.  Boards get built, systems get built off they go.  Some of the compromised units end up at Acme Corp where the MSS has an operative in the data center. Acme Corp installs the units and they start running Cloud stuff.   KVM, VM's, Docker, the whole lot.  Acne Corp have their systems mgmt network isolated off from everything else and it is tightly controlled.   However the operative has access and has a way to send the magic packet and take over the BMC. Somehow whatever they did allows the I2C bus to pull data out of the VM's or they simply just grab what they can with an eye of grunting through it.  Somehow there is a way that the operative can get at the data where it wouldn't be easily detected.  When the coast is clear the operative gets the  data out of the building and ships it off to the MSS.  They dig around maybe they pull a VM running Ellbag and maybe they pull something juicy on occasion. A glimmer here and flash there might lead to something big.   The US Navy used a glimmer and a glammer to prepare an ambush for the Battle of Midway when they broke the IJN25b code during the war.

If they used a little moxie and only compromised some boards it might be a cast iron bitch to detect.  The story gets out and the new President has taken a much different approach to immigration and also is clearly no friend to Acme Corp.  Not wanting to give the President any more ammunition, instead of issuing some wishy washy  PR statement, they go all in on a categorical denial rather than to admit that they have hired MSS operatives from overseas into sensitive positions and have purchased compromised units to boot.  How is that for tin foil hat @wr250 ?     

Clearly *something* happened with this - Apple apparently ripped out every SuperMicro system they had and cancelled a big order and Amazon
ditched their whole Beijing DataCenter.   Like I said just thinking out loud and riffing a little bit. 



thats basically where i was going with it, substituting the US govt for the chinese govt. ie the us govt intercepts the shipment, places the chips, then send the shipment on its way with no one the wiser.
none of the affected companies would dare or are told not to disclose such things.

BTW, Acme only sells things like earthquake machines, batman suits, rocket roller skates and the like to super geniuses like Wile E. Coyote. 
statistics can be used to prove anything. 14% of the people know this.
https://lptd.home.blog/

Walks_At_Night

  • Hall Of Famer, Morg!
  • Ellevated
  • *****
  • Posts: 16086
  • Morg!
Re: Exploits And Mitigation
« Reply #37 on: October 07, 2018, 08:28:05 PM »
thats basically where i was going with it, substituting the US govt for the chinese govt. ie the us govt intercepts the shipment, places the chips, then send the shipment on its way with no one the wiser.
none of the affected companies would dare or are told not to disclose such things.

BTW, Acme only sells things like earthquake machines, batman suits, rocket roller skates and the like to super geniuses like Wile E. Coyote.

So with your scenario, Uncle Sam stops the units at Customs. Defeats the tamper seal, unboxes the unit and replaces the boards with
"special" boards that have the same S/N as the originals. Everything else stays the same.  Possible.  You just need the S/N's or it would stick out
like a sore thumb if any one bothered to look at the records.

Walks_At_Night

  • Hall Of Famer, Morg!
  • Ellevated
  • *****
  • Posts: 16086
  • Morg!
Re: Exploits And Mitigation
« Reply #38 on: October 07, 2018, 08:34:12 PM »
FYI.  Interest write up on the MSS and how little is known about it:  https://nationalinterest.org/feature/everything-we-know-about-chinas-secretive-state-security-21459

wr250

  • Elluminati
  • ******
  • Posts: 1352
  • tux the magic penguin
Re: Exploits And Mitigation
« Reply #39 on: October 08, 2018, 05:26:37 AM »
So with your scenario, Uncle Sam stops the units at Customs. Defeats the tamper seal, unboxes the unit and replaces the boards with
"special" boards that have the same S/N as the originals. Everything else stays the same.  Possible.  You just need the S/N's or it would stick out
like a sore thumb if any one bothered to look at the records.
or has a agent at the manufacturing plant in china do it (it being add the part to the motherboard before boxing the motherboard up), so there is no record of the stop in shipping. then blame the chinese as needed, otherwise its "no comment" . then i has the original serial number, the anti-tamper seal is in place, no need to produce (for replacement) or alter boards after they are boxed up and so on.
statistics can be used to prove anything. 14% of the people know this.
https://lptd.home.blog/

GrumpyOldMan

  • KMST
  • **
  • Posts: 90
Re: Exploits And Mitigation
« Reply #40 on: October 08, 2018, 08:56:43 AM »
https://www.techpowerup.com/248301/microsoft-pulls-windows-10-october-2018-update

For those that haven't seen this news, Microsoft if fighting the contents of your documents folder getting deleted via malware by deleting them for you via update.  No, this is not from The Onion.


wr250

  • Elluminati
  • ******
  • Posts: 1352
  • tux the magic penguin
Re: Exploits And Mitigation
« Reply #42 on: October 09, 2018, 04:21:41 PM »
a youtube video that looks into the supermicro issue, starts at 1:46.

statistics can be used to prove anything. 14% of the people know this.
https://lptd.home.blog/

Whistler

  • Drone Pilot
  • *****
  • Posts: 593
  • We call ourselves the Nightstalkers...
Re: Exploits And Mitigation
« Reply #43 on: June 28, 2019, 12:18:31 AM »
BlueKeep is set to Wreak Havoc, but may not be as bad as first deemed.
It is serious enough for M$ to push patches all the way back to XP & Server 2003, though.

May threat updates.
https://securityboulevard.com/2019/06/cyber-security-roundup-for-may-2019/

Independent threat assessment test:
https://blog.erratasec.com/2019/05/almost-one-million-vulnerable-to.html

Fortune 500's that are vulnerable.
http://core.intrigue.io/2019/06/03/bluekeep-cve-2019-0708-fortune-500-external-exposure/

Turn off the RDP service in the first place, and this is not a problem - unless an update re-activates it.
(Not many people actually use it, and if you do use it, patch it.)
This has been a problem w/ M$ from 3.5. Just like the C: drive is by default, shared - although this might be changed now in Win-10. (Doubt it.)
It may be that your sole purpose in life, is to serve as a warning to others.   :o

Whistler

  • Drone Pilot
  • *****
  • Posts: 593
  • We call ourselves the Nightstalkers...
Re: Exploits And Mitigation
« Reply #44 on: June 28, 2019, 01:07:06 AM »
https://healthitsecurity.com/news/5-more-healthcare-providers-fall-victim-to-ransomware-attacks

All health-care providers should be required by law to store their records on OPEN BSD or Whonix systems.   >:(
That would mitigate these problems
 If an attacker is smart enough to break those systems, then there is nothing you can reasonably do to stop them anyway.


It may be that your sole purpose in life, is to serve as a warning to others.   :o