Netgear Router Private Keys Insecure System

It turns out that 2 researchers found a problem in Netgear routers. Tom Pohl and Nick Starke found a private key in firmware which can be used to fool the router.

Here is their github link and a screenshot:

The problem seems to be how the router is configured, as you see from a settings page of one of the WiFi-enabled routers:

The issue is due to allowing the usage of routerlogin.net to be trusted by browsers the router has to use a private key which is stored in an unsecured firmware.  So anyone who is ingenious enough can download the private key. And with some cleverness can create an attack on the netgear routers.

I am not going to point out how this can be done – but suffice it to say the criminal underworld in the Internet will find a way to monetize this issue.

 

So several issues arise out of this problem. Why did Tom Pohl and Nick Starke disclose this issue to the general public before a fix was issued?  Because there wasn’t enough communication by Netgear.

This is another cybersecurity complexity that occurs which does not make much sense to many people.

Contact Us to discuss this subject and if it affects you.

Can Cybersecurity Crowdfunding Fix Psychology of Security?

Crowdfunding is the practice of funding a project/venture by raising small amounts of money from a large amount of people.

What I propose to do to solve the phenomenon of Psychology of Security is to create a ‘CrowdCyber’ situation!

We need to set up a peer pressure situation –

If you shop at your local small business and hope to have it there 1 year from now then we need to know that they are performing proper IT techniques.  How would you know they are doing the right things?

If the small business has the following sticker then you know they are doing what is needed to survive even if a catastrophe occurs (major drive failure or ransomware)

 


 

Contact Us to discuss your favorite business that should get the Oversitesentry Seal

Timeline of Ransomware as 2019 closes

So as we review the last year and really the last few years – what has changed in the last 10 years in the decade of the 2010’s.

 

There are many ransomware timelines – like at TCDI.com

But what is the meaning of the ransomware review as we look at the last 15 years? They started out slow the criminals, the first ones were clunky and not very good. In fact they didn’t even work, but year after year there were improvements and soon enough a breakthrough:

2014 with Cryptowall produced a large amount of revenue for the criminals (325$ million is the estimate). Other things happened, but this was the major event because now there is a “criminal business” with a budget and employees and more. The underworld also has ways to hide in the shadows, and other things that happened of note is the reduction of needing to be a master hacker specialist to attack people. Some criminal enterprises created online marketplaces to sell their ‘wares’ and ‘services’

for example cardingworld.cc (as discussed in KrebsonSecurity.comKrebsonSecurity.com:

So in 2014 there was a perfect storm of criminal elements and once $325 million were received, the next year and the next has to be more right?

 

So now we have a very sophisticated attacker set on making more money using sophisticated ransomware that will likely change every year.  And the entry into “new business” of making money with ransomware is easier than ever. Since now one can buy a ransomware technology, the support infrastructure, and then all one has to do is find the ‘suckers’ that will have to pay up. Well here is where one either sends out spam or other ways of hacking people. If more people would do what is good for defense this would be hard, but since we have a significant amount of people not paying attention there are plenty of targets out there.

The ROI on ransomware is 1425% as per Darkreading article.

Think about this now  what happens if there are plenty of targets and 1425% return on investment(ROI).  There are going to be lots and lots of competitors.  And that is exactly what has happened in the last few years.

You must have your act in gear and at least have the 12 PCI compliance pieces  in place to defend yourself. https://oversitesentry.com/small-company-cybersecurity-basics-pci-compliance/

 

Contact Us to discuss your situation

 

“Cybersecurity News” and what to do with it

So what has happened that I want to make another post about “Cybersecurity News”?

  1. Microsoft states they will implement the new CCPA (California Consumer Privacy Act) across the nation by January 1, 2020 https://blogs.microsoft.com/on-the-issues/2019/11/11/microsoft-california-privacy-rights/  November 11)
  2. 68000 patients of Methodist hospital impacted by Phishing attack  (By HIPAA Journal) (October 17)   https://www.hipaajournal.com/68000-patients-of-methodist-hospitals-impacted-by-phishing-attack/
  3. Domain Registrar Network Solutions discloses breach – although no credit card information was accessed there was account information from their data. https://www.bleepingcomputer.com/news/security/worlds-first-domain-registrar-network-solutions-discloses-breach/   (October 30)
  4. DoorDash confirmed a data breach with a third party vendor exposing 4.9 mil customers, workers or merchants.  (September 26) https://techcrunch.com/2019/09/26/doordash-data-breach/
  5. Zynga was breached, a mobile game maker claimed a hacker accessed 218 million user records. (September 30, 2019)
  6. Facebook database users’ phone numbers found online. https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/   (September 4)

What does it mean to the regular Internet user, when large breaches happen?

First of all if you are affected then you will be notified (or should be) within a certain amount of time (depends on state – could be a few weeks). What about if one is not affected? I.e. there was no direct user under the breaches noted now one is affected because the general nature of the criminals is that they try and sell the data to other attackers. Here is where even a remote user or infrequent access user of the service may have data in the criminal database. And there is also another ‘affect’. the Darknet now has all of these databases of the breaches.  So the criminal empire has just enriched themselves with some more datapoints to send out yet more spam and phishing attempts.

So my contention is when breaches occur the criminal empire grows and our life gets harder. We have to continually evolve to keep up defenses with the new attacks generated by the criminal hacker.

What does it really mean when 218million accounts are accessed by hackers?

Or 4.9 million customers/workers/merchants?

68000 patients data was accessed by a hacker!

And to top it all off Microsoft wants to help us implement CCPA across the nation.

Contact me to discuss