Cybersecurity Not High Priority for Public

Mr. Goldberg on Bloomberg West was interviewed (video):

http://www.bloomberg.com/news/videos/2015-02-04/why-are-americans-less-concerned-about-cybersecurity-

bloomberggoldbergsurveymonkeyinterview

 

We put on our Pinterest page as well : https://www.pinterest.com/pin/420875527652271210/

This is a strange phenomena, getting used to it, and less concerned

This survey was done a “week ago”

“This is an annoyance”

 

Something really bad has to happen for the public to pay attention” – this is not a good philosophy.

Yesterday Anthem has said 80 million accounts were hacked from their database   http://t.co/sotX1oxQWD

anthemhacked

When will businesses pay attention?

After you get hacked?

we have to test – test – test.

No more risk management philosophy as in our post yesterday: http://oversitesentry.com/risk-management-does-not-work/

 

The  (A – Σ – Ω) Solution  Scan(A ), vulnerability analysis ( Σ ) , and more (Ω)

Contact Us to test your environment with our suite of services:

 

How much Cyber Risk Can I Take?

2014 was the “Year of the Breach” they say with the usual credit card breaches: Home Depot, Target and more…

The clincher was the ultimate attack with Sony corp that brought the network down completely. It was an unusual attack, since the attackers actually stole data and then deleted it. Thus the network became unusable. the Sony attack was more insidious and methodical. The attackers are suspected to be part of the 3000+ cyber hacker division of the North Korean army.

fromInterviewmovie

The FBI attributes the attack to North Korea, although some cyber specialists(Bruce Schneier) think it was an inside job because the event was too methodical and the hackers seemed to have too much knowledge of he inside network.

 

If it takes over 200 days to find out if there is a breach on average… Dark Reading article explains how about a breach where the attackers are  plentiful with state-sponsored attacks? I saw the movie “The Interview” and I am an immigrant myself, so I understand the potential linguistic and cultural misunderstanding that can happen. I would not put the attack out of bounds of North Korean militaristic methods (attack and destroy) instead of the usual criminal (steal money and resources).

The attack proved beyond a shadow of a doubt what can happen with a determined attacker against weak defenses (as has been reported Sony had previous breaches and a porous defense).

So is this you(from Dark reading article):

One security leader, Mike Parrella, director of operations for managed services at Verdasys, was more blunt about why he believes organizations have not worked to improve visibility on their networks.

‘The main reason is because businesses and government alike are filled with idiots and ostriches,” he says. “People are simply not looking for a leak — they would rather not look, not be bothered, not spend to solve the problem, and so they are not finding. They prefer to outrun their risk.’ “

There is at least a misunderstanding of what is going on the Internet by the Public at large versus the cyber security professionals who are at the front lines and see the attacks.

The cyber security professional sees the attacks coming, keeps up on the latest vulnerabilities, knows how easy it is to break into a misconfigured machine. All it takes is one mistake.  That is why one sets up testing of your network and website environments.

There can be no mistakes.

 

The executive sees cyber security as a must do, a line item of costs, almost like an annoyance. A “risk management” philosophy where there are small mistakes and large mistakes, where the mistakes are measured. But that is not how criminals see this environment:

fbi-russianexpansionintocrimehttp://bcove.me/vchfpcni Is the link to the FBI agent who discusses the Russian Organized crime rings fromthe early 90’s.

The Russians and other criminals see us as Fish in a barrel, they put their hands in the barrel and “fish”. I.e. it is easy and plentiful. They consider it their patriotic duty to attack and steal money from us.

COA-map_of_Russia

I believe the risk management philosophy has not fared well in this higher risk environment since we could allow some mistakes before, but any mistake will cause a breach now.

fbi-criminalsThese are the guys who you hope to allow a couple of mistakes.

Contact Us to review your options so you can improve cyber security and find any mistakes.

 

Asus RT series routers vulnerable

Security Week has the story:

Discussion of researcher Longenecker posting the CVE-2014-2718 and CVE-2014-2719 shows flaws for the Asus RT series routers, either with the admin password being revealed or that the firmware update process does not use https (port 443), a secured/encrypted method.

a man-in-middle(MitM) attack can occur, since a http session can be  intercepted.

Sure a MitM attack is not the easiest attack to carry out, as some other attack had to have occurred in the network vicinity.  But as we know in the security field, it is always about escalation of privileges, and a toehold becomes a foothold, and then a truck drives through.

 

Longenecker also uncovered the following method of update on the Asus router:

Webs_update.sh next uses wget (a simple non-GUI web browser) to download the lookup file

so the router is also using wget (I wonder if the wget vulnerability hits this router as well?)

I dont have an Asus router to review it for the wget vulnerability?  Maybe this router can be hacked quicker/easier than a MitM attack.

Firmware_upgrade_pageAsus-RT image also from Longenecker website

 

But Asus has a solution for most of the routers

http://www.asus.com/microsite/2014/networks/routerfirmware_update/

They also recommend to change the default Admin password(in case you have not done so already?):

How to change default firmware password:

​Go to ASUSWRT>”Administration”>”System“, enter the new login name and password and click the “Apply” on the bottom.

 

As per CVE-2013-5948  site shellcode injection can cause remote authenticated users to inject arbitrary commands  So please update firmware beyond the 3.0.0.4.374.5047 and later  and change your admin password.

 

@CraigTweets   has SOHO wireless router (in)Security page at Tripwire
This site discusses ping shellcode injection among others, poor SOHO router security 

It looks like Tripwire Patch Priority index is a month behind (Still in September)


contact Us to perform a Ψ Wifi security assessment.