Just when you thought I had gone and left you.....

Category: Geek News (Page 1 of 3)

All things geeky and nerdy.

Dell hit hard..Urgent Security risks…HUNDREDS OF MILLIONS systems affected

It’s been awhile since I’ve posted anything from my line of work – but this one is pretty large and I just wanted to give my friends a heads up. Dell has a driver that can be used by anyone that has access to your laptop, workstation, server etc…to gain admin rights to your system from a simple standard user account. They are working on and just released a new firmware update utility to mitigate this risk.

I urge anyone to make sure you apply updates – I would start by reading and following the Dell announcment:

https://www.dell.com/support/kbdoc/en-in/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability

Want to geek out and see who found it and more – follow:

and:

https://thehackernews.com/2021/05/bios-privesc-bug-affects-hundreds-of.html

Geo-Fencing and Remote Security amidst the COVID-19 Pandemic

As I’m watching more and more of my co-workers send out WFH (Work from Home) emails…as I see more and more users of Webex and other forms of remote connectivity and sharing … my spidey senses start tingling.

Most companies have some form of remote management software deployed for their traveling brethren – but many of them haven’t prepared for full out war and suddenly having thousands of workers coming in remote. This will certainly challenger the network and security teams globally! What about those BYOD guys…no company offered laptops so they are surfing on in from their 2003 bought IBM laptop running XP with no support and protection. Do you have a plan for them? Maybe spinning up remote workstations so the work is done locally and not from their old XP or Windows 7 computers?

What about Geo-Fencing? Do you see all those hundreds of thousands connections looking for a handshake!? Now they are increasingly important to the vital success (or failure) to your business!? Do you know if you do business in Brazil? Do you have people there? Russia? Do you allow remote connections from Geo-Locations that you do not have offices? Maybe it’s time to tighten your defenses and start looking from the outside in again!? Everyone gave up on the boarder…everyone went to the cloud cause they thought it was safer. Was it? Can you see who’s trying to connect to your cloud? Are they your actual remote workers that are forced home or just some generic Taiwan hacker sitting under the radar of 50,000 connection attempts.. because you are overwhelmed at desktop support calls from vpn users that can’t connect? Do you allow remote resources to connect from public Wi-Fi networks? Did you think your help-desk would collapse? *frightening*

How about general physical security – where are your workers really working from? Can someone else see what they are doing? Have you had a proper security education program so your people know about shoulder surfing? Maybe they walked up to the Starbucks counter leaving that laptop behind – unlocked – while remoted into a customer site and updating a dat file for some ancient anti-virus client. Do they know to lock their screen? padlock their laptops? Do you have hard drive full encryption for your mobile workforce? Who’s DNS servers are they using…yours or unknown? Breath..not going to panic…well, maybe a lil?

Phishing attacks have increased for sure – even offering a cure for the virus! We are seeing no release or suspensions of compliance rules so you can bet there will be fines for mishandled sensitive information leaving your networks – are you sure you’re watching your Data Loss tools now? Everyone is connecting from home…you know what they are reading or editing? Did they move it to USB yet? Print out that form of HR birthdays and payroll entries to create happy birthday emails for employees while working from home?

Sure feels like a good time to remember how well a zero-trust network works. If you’ve been doing it all along, you know what you’re looking at. You know what you’ve allowed and only that is what is getting in. You can handle the one off’s that come in because they had to travel to X country and need to VPN in…Create that small group on a time scale of allowed access. etc etc..

My mind just started spinning and I didn’t have a place to vent it so I used this page randomly. Facebook friends just see me as paranoid security guy – Linked in people think I’m trying to get a job or impress odd views. Honestly I’m most likely just thinking outside about all the thoughts in my own head and making sure I, myself, have cross all my T’s and dotted all my i’s…. 🙂

Happy hunting!

January 14, 2019…WIN7 – ONE YEAR TO GO..

Windows 7 – The Final shutdown…

Mainstream support for Windows 7 stopped in January 2015, but users have continued to receive security fixes and patches for known issues as part of Microsoft’s extended support, which runs for five years. However, that’s due to come to an end on January 14 2020, exactly one year from today.

So honestly – I’m still a Windows 7 user and have fought the push to Win 10 for a good long time but the battle is about over. We all have to give in or move to another OS (MacOS, Linux, *BSD, etc)…and everyone knows Windows will win that again.

What’s more scary is the number of Corporate entities that still run this O/S – I’m typing this right now from a major corporate laptop that’s Win7. IF they want to keep this machine thru it’s lease, they can pay for EXTENDED support – and it will probably cost my company up to $1,000,000.00 PER YEAR to continue using it. A MILLION DOLLARS? And they funny part is…MANY will opt for that option rather than migrate.

Anyhow – this is your friendly reminder from your Security guy – Just make the jump…any direction but none. Have fun!

Palo-Alto searching for Arps…

Logging traffic for global counters

If you need GUI Tutorial goto Palo Alto page:
https://live.paloaltonetworks.com/docs/DOC-3199

1. Lets look for a drop or error counter that currently counts bad packets

This is an example with arp protocol. we are looking for some arp issues. Thats a tipical problem on networks…

> show counter global filter value non-zero delta yes | match arp

flow_fwd_l3_noarp                          5        0 drop      flow      forward   Packets dropped: no ARP  ----- HERE 5 bad packets!!! Look for it.
flow_arp_pkt_rcv                         468       47 info      flow      arp       ARP packets received
flow_arp_pkt_xmt                           2        0 info      flow      arp       ARP packets transmitted
flow_arp_pkt_replied                     175       17 info      flow      arp       ARP requests replied
flow_arp_pkt_learned                       2        0 info      flow      arp       ARP entry learned
flow_arp_rcv_gratuitous                   10        1 info      flow      arp       Gratuitous ARP packets received
flow_arp_resolve_xmt                       2        0 info      flow      arp       ARP resolution packets transmitted

2. Activate the log for that specific counter

Continue reading

More Palo-Alto Firewall info I need – Status of incomplete vs insufficient etc…

  • incomplete
    • SYN or SYN-SYNACK-ACK is seen but no data packets are seen. In other words, the traffic you are seeing is not really an application.

EX: if a client sends a sever a SYN and the firewall creates a session for that SYN, but the server never sends a SYNACK in response back to the client, then that session would be incomplete.

  • insufficient-data
    • The firewall didn’t see the complete TCP 3-way handshake, OR
    • There were no data packets exchanged after the handshake

Continue reading

Palo-Alto basic troubleshooting

When troubleshooting network and security issues on many different devices I always miss some command options to do exactly what I want to do on the device I am currently working with. Therefore, I list a few commands for the Palo Alto Networks firewalls to have a short reference for myself. Maybe some other network professionals will find it useful.

However, since I am almost always using the GUI this short reference only lists commands that are useful for the console while not present in the GUI.

This blog post will be a living document. Whenever I use some “new” commands for troubleshooting issues, I will update it. If there are any useful commands missing, please send me a comment!

For a complete list of all CLI commands, use the CLI Reference Guides from PAN. Or use the official Quick Reference Guide: Helpful Commands PDF.

Standard Show Commands

The following commands are really the basics and need no further description. I list them just as a reference:

  Continue reading

MS Word…yup, patch it again.

Microsoft Word Memory Corruption Remote Code Execution Vulnerability

A vulnerability exists in Microsoft Word due to a memory corruption error when processing crafted RTF files. A remote attacker could exploit this vulnerability to execute arbitrary code on vulnerable systems.

Technical Analysis

Microsoft Word is a word processing application included as a part of the Microsoft Office suite. A vulnerability exists in Microsoft Word 2003, 2007, 2010, 2013, and 2013 RT; Microsoft Word Viewer; the Microsoft Office Compatibility Pack; Microsoft Office for Mac 2011; Microsoft SharePoint Server 2010 and 2013; and Microsoft Office Web Apps 2010 and Office Web Apps Server 2013 due to improper handling of objects in memory when parsing RTF files. Parsing a specially crafted RTF file may allow remote attackers to corrupt memory and execute arbitrary code on vulnerable systems with the privileges of the logged on user. Successful exploitation may lead to a system compromise if the user operates with administrative privileges.

Solution

The vendor has released an update to address this vulnerability. Users of Microsoft Word should apply Microsoft Fix it 51010, which can be downloaded from https://support.microsoft.com/kb/2953095.

References

  1. http://office.microsoft.com/en-us/word/
  2. http://support.microsoft.com/kb/2953095
  3. http://technet.microsoft.com/en-us/security/advisory/2953095

Android got 99 problems…

Ok…well, maybe not 99 – But I told my wife I’d send these to her and I forgot too…so I’m posting them here so y’all can be aware of them too.

Android Hole Allows Data Capture
http://www.isssource.com/android-hole-allows-data-capture/

Android.HeHe: Malware Now Disconnects Phone Calls
http://www.fireeye.com/blog/technical/2014/01/android-hehe-malware-now-disconnects-phone-calls.html

Windows Malware Attempts to Infect Android Devices
http://www.symantec.com/connect/blogs/windows-malware-attempts-infect-android-devices

So there are a few others that are in the works and I can’t fully disclose just yet, but as soon as I figure them out or someone else posts them in public – I’ll update this thread and let ya know…I’ll give you a hint:

Multiple vulnerabilities exist in Google Chrome for Android due to unspecified security flaws. A remote attacker could exploit these vulnerabilities to cause an unknown impact on vulnerable systems. 

« Older posts

© 2025 My Echo Requests

Theme by Anders NorenUp ↑