Left to my own devices I probably would, so goes the song. After a 5 month hiatus, I couldn’t leave you alone any more and am well and truly back with a new weekly blog.
Initially (as in this version) titled ‘Threat Thursday’ (things you need to know before Friday), the aim is to inform, bring some serious security issues to life and have a laugh, complete with cheesy music and other references. As before in the other world, in which I didn’t stay this blog will hereafter be written in the third person.
Unfortunately for all of you grammar enthusiasts, this is not because of some overhyped sense of self-importance. It is because my blogs have always been supported by a small but incredibly well informed bunch of anonymous friends, ex-colleagues for the most part, whose opinion, advice and assistance I usually take. They know who they are.
What has happened since the middle of November in the Information Security world, other than the usual raft of unpatched flaws in open source code and Microsoft shizzle such as SMB (v3, see below)?
Accenture purchasing Symantec’s Security Services in January (which had, surely, in the traditional Symantec world just dug itself a trench and was kneeling on the edge) was both interesting and baffling to the seasoned old pro. This week’s announcement of the purchase of the extremely capable, professional and all round good guys Context IS must surely pose a massive integration headache (and we have been there ourselves), fetch the service revolver.
Back in December, Citrix dropped an enormous clanger exposing any customers running the former Netscaler (Application Delivery Controller) . Now that we are independent we can say that we never, ever liked that product, it was as to F5 products as batteries sourced from AliBaba are to Duracell. Destined to fail you when you least want.
Obviously there has been loads of Nation State crossfire, not least the CIA being called out for a lengthy programme of activity against the Chines (honestly, would you believe that?) Fake news for sure.
We really do not want to bring up bugs of the past (especially Seth Brundlefly, video not included, or Itsy Bitsy spider <— that is very, very weird), however bugs of the present are fair game.
Shortly after this Patch Tuesday (yes we can still remember the day, the month and occasionally the year) , Microsoft announced a bug in SMB3. If one was of the hacking persuasion this would mean that lateral recon of an infected network, perhaps using (as a way in, 'vector' the pros call it) the MS Word bug announced (and patched this week), or any of the others in this horror show, would be a breeze for a sophisticated threat actor.
If you would like a script to check your environment for this, very serious, as in really serious vulnerability, you could do worse than contact email@example.com which has a script you can test against your stuff. Otherwise implement the ‘disable compression’ workaround and cross your fingers and yourselves. In fact cross everything, except The Management, this is fraught with risk as some of us round here have discovered!
As it happens, Microsoft has stepped in very quickly and released a patch, you know what to do. Start with uncrossing everything and get patching.
Nothing published this week, last week and presumably for weeks to come would be complete without a mention of the Global Pandemic that is Corona virus. We see a lot of businesses hastily implementing old, or fresh out of the box business continuity plans and sending people home to work.
Whilst there may be boring old issues to resolve, like the number of licences available, deployment of VPN clients, the size of links and terminating equipment, you know the sort of stuff that gets done by magic by the underpaid, overworked and massively unappreciated IT staff, it is important to be very aware of the fact that disruption for some presents opportunity for others and is an environment in which mistakes can easily be made, from leaving data on public transport to catching a nasty cold (sorry) from a family member’s horrible sticky gaming laptop and even highly targeted attacks taking advantage of the chaos.
There are already a load of people reporting broadband performance issues on all networks in the London area, be prepared. Please be careful out there and try to stay healthy.
Thanks for reading, it is good to be back.