Microsoft Worm Exploit Danger and Huawei Unintended Consequences

NSA Advisory

From the article titled: Warnings of world-wide worm attacks are the real deal, new exploit shows

It was posted Tuesday by Sean Dillon, a senior security researcher and RiskSense. A play-by-play helps to underscore the significance of the feat.

https://twitter.com/zerosum0x0 and reinforced by the NSA:

Source: https://arstechnica.com/information-technology/2019/06/new-bluekeep-exploit-shows-the-wormable-danger-is-very-very-real/

“It’s these last six seconds (of the video) that underscore the danger posed by the vulnerability, which according to Internet scan results posted eight days ago remains unpatched on almost 1 million computers. The flaw, which is indexed as CVE-2019-0708 but is better known by the name BlueKeep, resides in earlier versions of the Remote Desktop Services, which help provide a graphical interface for connecting to Windows computers over the Internet. A much more detailed blow-by-blow is here.”

(It) Only takes one unpatched system to spread

Last Friday, members of the Microsoft Security Response Team practically begged organizations that hadn’t patched vulnerable machines to do so without delay, lest another WannaCry scenario play out. “It only takes one vulnerable computer connected to the internet to provide a potential gateway into these corporate networks, where advanced malware could spread… officials with the National Security Agency on Tuesday echoed Microsoft’s warning. The video posted by Dillon, particularly in the last six seconds, demonstrates that the danger is in no way exaggerated.

If the intermingling of Mimikatz and a critical Windows vulnerability to devastating effect sounds familiar, it’s probably because that’s how another paralyzing worm, dubbed NotPetya, managed to wipe out entire networks. According to an analysis from Kaspersky, NotPetya, which is regarded as the most expensive malware attack in history, used the Eternal Blue exploit developed by and later stolen from the NSA to exploit one or more vulnerable machines. NotPetya,

and

In the NotPetya analysis, Kaspersky researchers wrote, “IMPORTANT: A single infected system on the network possessing administrative credentials is capable of spreading this infection to all the other computers through WMI or PSEXEC.”

Source: https://arstechnica.com/information-technology/2019/06/new-bluekeep-exploit-shows-the-wormable-danger-is-very-very-real/

My Thoughts on EternalBlue, BlueKeep and Why These Are Human Problems

Closing thoughts: NOT all countries can realistically afford the cost of the Windows Operating System in their schools. But without that experience they can’t compete, so they use hacked versions. If you lived in Indonesia or Mongolia, what would you do?

Those companies, with employees using hacked system in countries of different economic status, are possible subcontractors for international global leaders (like Maersk for example). They are the weak leak, because a hacked Windows system can’t be patched.

To be clear: I do *NOT* agree with software theft. But I also don’t agree with sloppy work on the part of our security agencies that have the resources to secure the nuclear weapons of the cyberwar that are being unleashed against not just the US, but the world.

We all need to stop and think about the overall situation. I believe the existential threat of EternalBlue, a gift that keeps on giving, is that it was an American agency funded by the US tax payers that did not report the vulnerabilities to an American software company. For years.

Unintended Consequences of Huawei and Google Android Patch Ban (possible)

Bonus Round: What if nobody can patch their Android phones, or at least half of them? That would be awesome. Or not. And that looks like a definite possibility in the near future if Google cuts Huawei off from Android patches per US restrictions.

When the dollar’s primacy dwindles the US hegemony ends

From the article, (and I believe we are already there):

“A major blunder would be pushing too hard with financial punishments, and incentivizing Moscow and Beijing to bypass the U.S. trade and monetary order.

When the dollar’s primacy materially dwindles, that will be game over in the balance of power with the East.”

Source: https://www.axios.com/russia-china-security-threat-69567dd1-b618-4ef4-8852-4f09bb432327.html

If people don’t realize cryptocurrency “payment channels” (basically like a purchase order between merchants – settled up later but pre-approved) is a threat to the petrodollar, they are mistaken. The USD is nothing more than what we would call “proof of stake” in the crypto world. The Fed is the issuer, the stake.

Energy traded based on a proof of stake crypto currency pinned to the future value of a fiat currency in, say 30 days, via a smart contract could replace the influence of the US at a global level – I believe you are mistaken.

smugmug CEO just doesn’t “get it” (re: Flickr)

A programmer starts a company in Houston, because why not? Expanded to Mountain View maybe 2011 ish? Along the way took up photography in 2006. I know the exact photo. It’s on flickr. I’m on flickr because it was talked about at Etech. That’s the backstory.

Economics of Data (including Photos)

Let’s forget ethics, the value of community, the historical role of a site, the role of O’Reilly and Etech growing their brand, and let’s just talk about PROFIT. Smugmug’s CEO is currently making a HUGE error by blocking new uploads to flickr for long time users. I know this because not only am I holding out, despite having been a Pro paying user for many of the last 13 years.

As a long time flickr user I can point out the fact that many of my photos are on wikipedia, despite the fact I have NEVER uploaded a photo to wikipedia. How? Because I frequently share my photos creative commons attribution. Other people can legally use them and upload them with attribution (e.g. “Photo by Ed Schipul”) and nothing more. They found these photos on Flickr because the taxonomy allowed us to specify the CC license.

But first, the email I received today looks this:

the generous flickr option to pay them to host my photos and monetize them. smugmug doesn’t get social

Text from their email:

We’ve made some big changes to free Flickr accounts over the past year, and our community has made it clear that they’d like more time to decide on a home for their photos. 

Because we know how important that decision is, we’re giving free Flickr accounts with 1,000+ photos and videos another month to make a decision, whether it means upgrading to Flickr Pro (with unlimited storage) or downloading your photos onto a computer.
On March 12, 2019, any photos and videos over 1,000 on free Flickr accounts will be at risk for deletion.

https://www.flickr.com

Having spent years traveling, and one year living full time in San Francisco, I can say with the advent of AI and machine learning, there are startups that offer FREE security cameras. Why? Because of the value of the XIF data and to feed into algorithms.

And on the Internet there are numerous currencies; attention, cash, link-backs are three primary currencies.

Riddle me this. Why would you block someone from uploading high value content to your site that creates attention and links back to your site? It’s not like they bought any of my cameras or paid me. But I’m blocked from uploading and the smugmug CEO is sending out emails pointing out that their “storage” is cheaper than “other people’s storage.” Baroo? Did you seriously just call my photography “storage”? WTF?

As I type this, this is what flickr looks like so I can’t “link you” to any of the ridiculously rich content and photos I have uploaded over the last 13 years.

Because flickr is down. Me thinks they are in over their heads.

I’ll end on a positive note. Flickr/Smugmug’s CEO may not understand their actions, that they are killing photography on the Internet, because they weren’t there back in the day. Naive, yet at least they did provide a download link. The community is being destroyed, and we will rebuild. Ethically I have to say THANK YOU for providing our data.

Any other open source developers out there who want to provide a Python/Django based gallery option that includes OG community? Because we are apparently on our own folks.

#peace

Why does the Internet seem broken lately? Because the Government is shut down and let the foxes in the hen house.

Why does the Internet seem broken lately? Let’s start with the obvious – the government shut down is a horrific occurrence far beyond what people realize.

Why is the Internet slow right “now”? Because DNS is under attack and the government is shut down and incapable of responding. Seriously. We, the InfoSec community, are flying blind. For the average person – you are kind of hosed. (kidding, not kidding….)

What is DNS? “DNS” means “domain name resolution.” and it tells your computer how to find a web site. The thing is, *most* sites pull content from numerous places (think twitter feeds on your page, or a FB badge, or a font, etc.) If *ANY* of these items are slowed down, so is your site.

Not surprisingly, criminals look for opportunities and our politicians gave them a big giant gift by shutting down the government.

The DNS attacks, among others, haven’t made the news because the government has been shut down.

Recovery from one month of nobody managing CyberSecurity for the US Government will take months if not years. Some damage is permanent. (I’m just the messenger.)

https://arstechnica.com/information-technology/2019/01/multiple-us-gov-domains-hit-in-serious-dns-hijacking-wave-dhs-warns/

If the Internet and cybersecurity are put in the category of “non-essential” then we have a serious problem. And we have a serious problem far larger than the drop in home buying. Hackers are patient. Very patient. Recon conducted over the last month will be used far into 2020. The RATs will persist in silence and nobody will know until they are activated.

Image from: https://www.deteque.com/live-threat-map/

Additional resources:

Fox News on the impact of the government shut down on cybersecurity

https://video.foxnews.com/v/5990953428001/#sp=show-clips

Krebs on Security’s take:

https://krebsonsecurity.com/2019/01/how-the-u-s-govt-shutdown-harms-security/

One federal agent with more than 20 years on the job told KrebsOnSecurity the shutdown “is crushing our ability to take the fight to cyber criminals.”
“The talent drain after this is finally resolved will cost us five years,” said the source, who asked to remain anonymous because he was not authorized to speak to the news media. “Literally everyone I know who is able to retire or can find work in the private sector is actively looking, and the smart private companies are aware and actively recruiting. As a nation, we are much less safe from a cyber security posture than we were a month ago.”
The source said his agency can’t even get agents and analysts the higher clearances needed for sensitive cases because everyone who does the clearance processing is furloughed.

More Productive Things

From the article: https://www.nytimes.com/2018/12/31/business/boss-cleavage-coworker-revenge.html

… as much as I would also enjoy devoting my silver years to long, “John Wick”-ian episodes of bloodthirsty revenge, there are crueler and yet more productive things we can do.

Take your passion and invest it in undermining the values of your enemies.

Were they racists? Go tutor immigrants in English.

Did they mock your faith? Volunteer at Sunday school.

Were they prigs? Go out and overtip exotic dancers.

Find the one thing that would make them cry into their pillows and do it with glee.

Choire Sicha is the Styles editor of The Times. Write to him at workfriend@nytimes.com.


Featured image from screen capture from: https://www.washingtonpost.com/news/worldviews/wp/2016/03/25/children-of-the-same-god-pope-francis-washes-the-feet-of-muslim-migrants/

Russian Propaganda and Hacks Targeting Associations

Russia (and others) meddling in US politics via propaganda, and winning, is being discussed. It’s a start.

Associations, via hacking, phishing, social engineering, and investment, were (probably) targeted as early as …. well, first the report:

Reported: https://www.washingtonpost.com/technology/2018/12/16/new-report-russian-disinformation-prepared-senate-shows-operations-scale-sweep/

New report on Russian disinformation, prepared for the Senate, shows the operation’s scale and sweep

December 16 at 4:29 PM – A report prepared for the Senate that provides the most sweeping analysis yet of Russia’s disinformation campaign around the 2016 election found the operation used every major social media platform to deliver words, images and videos tailored to voters’ interests to help elect President Trump — and worked even harder to support him while in office.

And…

The research — by Oxford University’sComputational Propaganda ProjectandGraphika, a network analysis firm — offers new details of how Russians working at theInternet Research Agency, which U.S. officials have charged withcriminal offensesfor interfering in the 2016 campaign, sliced Americans into key interest groups for targeted messaging. These efforts shifted over time, peaking at key political moments, such as presidential debates or party conventions, the report found.

IMHO – Our security community as well as the media unfortunately are not using common sense and logic. They still underestimate the scope and significance of ongoing issues and attacks AMS vendors must defend against.

Associations were targeted as early as 2010 according to our logs. If memory serves me correctly. (It’s expensive to do computer forensics.)

Attacks on associations, non-profits, NGOs/NPOs skyrocketed, I’d say, in 2014.

Former FBI Director Comey testified that the FBI became aware of it in 2015.

The involvement and influence campaigns, and attacks, have not decreased as I write this in December 2018.

you reap what you saw

International trade wars are difficult. I get it. Yes it is complicated. Then there is data:

American farmers are titans of international commerce. From 2000 to 2017 the value of agricultural exports nearly tripled. Exports comprise more than a fifth of farm output. Grain gushes abroad in the highest volumes. As the world eats more meat, livestock producers need more animal feed, raising demand for soyabeans. Exports last year reached $21.6bn, more than double the value of corn, the next largest export.

These successes are due in part to government subsidies that incentivise production, such as farm payments that rise when commodity prices fall. These mainly support big operations: farms with incomes of $167,000 or more received nearly 70% of commodity payments in 2016, according to the Heritage Foundation, a think-tank.

Productivity-boosting measures have helped, too. Mr Sims, for instance, now uses data on yields to fine-tune the application of fertiliser. He flies drones to inspect crops for insect damage.

Farmers often coat seeds before planting to fend off rot and pests. Environmentalists worry about the impact on water and biodiversity. But production has boomed.

This has helped depress prices for corn and soyabeans in recent years, even as land, fertiliser and seed have remained relatively expensive.

So a trade war is particularly ill-timed.

Mr Trump announced tariffs on steel and aluminium imports in March, and extended them to Mexico, Canada and Europe in May. In retaliation Mexico, the second-largest importer of American pork by value, raised tariffs to 20%. China’s tariffs of up to 70% on pork, and 25% on soyabeans, hurt even more.

Mr Trump is due to meet Xi Jinping, China’s president, at the G20 summit later this month, 

X

To John McCain – a humble tribute to a warrior, a statesman, a real American Hero

When you see the “real deal”, the person who can withstand damn near anything, and still do the “right thing” under fire.

It is humbling. Thank you Sir.

Under the wide and starry sky, Dig the grave and let me lie. Glad did I live and gladly die, And I laid me down with a will. This be the verse you grave for me: Here he lies where he longed to be; Home is the sailor, home from sea, And the hunter home from the hill.

– Requiem by Robert Louis Stevenson.

Peaceful, non-violent protests are as American as Apple Pie

I have not served. I am from a family of Veterans, grew up on Army bases all over as an Army Brat. My Dad was a Marine, then joined the Army and served as a Sgt and Medic in action Vietnam.

This view of the importance of non-violent protest is mine and I’m speaking for myself only. But as for me? Ya, I’d much rather see a player respectfully take a knee to draw attention to a great injustice, than become radicalized and violent against our brave men and women in uniform.

I’m an economic conservative in many ways, but maybe more progressive on social issues. That whole “equality” thing. I don’t know Beto’s stance on economic policy but it can’t be worse than the massive increase in the deficit we just observed.

This video by Beto, who is running against Cruz in Texas, where every major city voted democrat in the last Presidential election, is persuasive.

https://www.independent.co.uk/news/world/americas/ted-cruz-beto-orourke-nfl-players-texas-funding-kneeling-hollywood-fundraising-a8506961.html

It’s worth a read.

I’ve volunteered with the Republican Party, voted in primaries in both parties, done web sites and supported candidates in both parties as well as independents.

You, dear candidates and public servants, are elected to serve and represent. You didn’t join a cult. You can’t just ignore us!

As for my long time friend and former client, Rep-R John Culberson. You did great getting I-10 moving.

However John, as for your Hurricane Harvey response – it was a fail. No action, no push for more Federal Response, no fast and immediate solutions. Campaign flyers won’t change this.

Remember, I still live in 77079. We have been forgotten and the brain drain is REAL. Where is our third Reservoir? Why hasn’t the south side of Buffalo Bayou been expanded. The water has to retain SOMEWHERE with every overpass functioning as a bottleneck.

Why haven’t Kikkerilo’s McMansions been removed through eminent domain and action taken aligned with the numerous (even the original) flood plans.

Senator Cruz did nothing either that we can SEE. He’s busy with the NYC businessman’s drama as far as I can tell.

Paul Ryan, PAUL RYAN!, is stepping down. That’s how bad it is.

Co-Living

If part of your life and work require travel, co-living is a great trend.

https://www.politico.com/magazine/story/2018/08/23/co-living-millennials-san-jose-what-works-219378?cid=apn

Ask anyone who travels for work. Most will say being alone and away from family and their support network is the hardest part. (Besides really uncomfortable airplane seats.)

From the article on co-living:

What Cannon had stumbled upon was actually a burgeoning trend in rental housing that had begun to shake up cities most popular with millennials. It’s called “co-living,” and it’s attempting to rewrite the exasperating and paycheck-crushing hassle of finding a decent place to live near the place where you work.

Bitcoin Lightning Network – Off Book Blockchain Trusted Transactions

lightning network for bitcoin

Short version: Lightning Network for Bitcoin is a good thing that makes it more economically viable as a real currency for merchants. But it does not come without consequences.

Long version: In programming, simple is good. To understand the Bitcoin Lightning network you first need to get a grasp of cryptocurrencies. I like simple so here goes:

  1. You are working at a retail store selling engagement rings.
  2. As a jeweler you “check” out a diamond from the store safe to show to a customer.
  3. Your customer will either buy it, or give it back.
    1. If they give it back, you return it to the safe. You write “returned to safe” on a clipboard next to the vault.
    2. If they buy it you write “sold” on that clipboard.

BOOM, now you understand cryptocurrency!

You’ve got a diamond and a clipboard. That’s it.

So how does something so simple become so complex? Well, because us geeks can’t use normal words. So let’s focus on human-speak.

Accountability – In crypto, there is something called a blockchain. The blockchain is just a ledger. That’s it. It’s a clipboard saying who has the diamond.

Value – Scarcity. Diamonds are rare. Or, with crypto, it’s a big math puzzle that limits how fast those objects can be created.

Cypto Analogy: Diamonds and Clip-Boards

Mining for diamonds. They are scarce. People like them.

is the same as

Calculating the next value of PI, a really big math problem that takes time. Scarcity. **

As Crypto Currency is to Diamonds, BlockChain is to Clip-Boards.

That’s really it. That’s the whole thing. Any value in that object is purely in the mind of humans. So why so much ado about nothing?

Well, Bitcoin comes along and provides both scarcity (big difficult math problem) and tracking (blockchain ledger) and allows them to be done anonymously.

Then bitcoin got popular. We found a funny thing happened on the way to mass adoption. (musical rendition). IT IS SLOW!

Yup, to be blunt – transactions are slow as heck. And the user interface is full of jargon from people like me who speak in some other language. And to be fair it does get technical. Ignore that for now.

Possible Solutions to Cryptocurrency Transaction Bottlenecks

The Bitcoin Lightning Network release. It’s kind of a big deal. It might just make BTC “do-able” for micro-payments again.

Example: You can’t buy your “$7-super-misto-double-shot-of-espresso” from Starbucks with bitcoin if you have to pay coinbase a usurious $30 transaction fee.

Thus, the BTC Lightning Network matters. Innovation is incremental. First the Internet, then the web.

to sow chaos and divide Americans

From the article on Putin winning /over/ Trump: https://www.politico.com/magazine/story/2018/08/01/russia-recruit-americans-mariia-butina-spy-intelligence-219079?cid=apn

“And here was the bonus for Russia: So what if Butina did get caught? The ultimate aim of the entire operation was to sow chaos and divide Americans in order to weaken the West, thus allowing Russia to pursue its agenda on the world stage. Now, half the country yells that the Republican Party was infiltrated by Russia, while the other half yells that it’s fake news and hyperbole. The payoff for Russia is still great, and they can now use Butina’s incarceration to continue to push their agenda of dividing the nation. There was no downside for Russia.”

We are being played. And we, so far, haven’t shown the ability to respond to a queens pawn opening. Never mind the abandonment of teamwork with our allies.

This is frustrating. I trust our political system will self correct. That’s what it designed to do.

Stay peaceful. Stay vocal. Celebrate the positive outcomes regardless of your party.***

*** I’m an independent. A POLS BS from TAMU. I have voted in primaries for both parties at different times. I have volunteered for candidates in both parties. Because that’s Houston y’all. We ain’t got no time for stupid or bigots – we have work to do. Help, be fair, or get the hell out the way while we actually build stuff.

to live in a world where tech companies get to decide what they publish

Just read Mark Zuckerburg’s comments on Holocaust Deniers. A direct quote:

I also don’t want to live in a world where tech companies get to decide who has the right to speech and get to police content in a way that is different from what our legal system dictates.

You ALREADY DO CENSOR***  RESTRICT WHAT WE CAN POST. YOU ALREADY RESTRICT OUR SPEECH based on your terms of service. And that is within your purview. The point of this post is that given only a government can “censor”, the capricious nature of what is allowed does not, in this author’s opinion, measure up the values of our country. ***

An obvious example would be #freethenipple. Because what is natural is bad according to FB and they have to put X’s over their nipples, the very ones that give us life?

Yet moronic thoughts of holocaust denial, a denial that ignores history, ignores evidence, and promotes hate, a denial that is factually untrue and is based on blatant falsehood – that is somehow OK? No. No those pages are not OK. And YES you can do something about it. 

Mark – as a leader, if you chose your path or not, it is your DUTY to approach it with respect for the power you have. Every hate speech site, especially including “deniers” and “supremacists” can and should be shut down. That is YOUR decision.

I run a tiny software company. TINY. And I make ethical decisions every day that aren’t profit motivated. I bring this up because it is beyond ridiculous that women’s rights are blocked by facebook but hate speech and idiot speech is not blocked. The dissonance is stunning. THINK ABOUT IT.

And yes, I do want to live in a world where companies act with dignity and that includes standing up against hate speech. Oh wait, I already do. You are just making poor decisions currently.

Think of it this way – company leaders get to dictate our health care. And they are ZERO knowledge of your needs. I know this. Because, as a CEO, I promise you, and you know this, there is no class we get sent to on how to pick a healthcare plan for people. In other words – we are absolutely UNQUALIFIED to make that decision.

Consider: I have personally made the decision that our company will not represent big tobacco. I’ve lost relatives and friends to lung cancer and I choose not to host sites that promote it.  Meanwhile I *absolutely* support an individual’s right to smoke. And I have smoked myself many times. I’m a hypocrite in that regard. I just know smoking tobacco is addicting and I choose to not host those sites. I choose. Because choice is part of being a leader.

Tendenci is open source so if someone else hosts a tobacco site using our software, well, that’s fine. I’m in NO WAY denying them access to our technology in any way. I’m in favor of OPEN.

Hell, I might have even made that decision while smoking a Lucky Strike debating Edward Bernays’. But ya, I made the call.

Zuck – do the right thing. Don’t hide behind the second amendment and allow people to spread hate, and in this case, completely ignorant speech. Then after that, tell Jack and Ev to do the same thing. It doesn’t matter if it’s the President of any country, we must not allow or tolerate utter bullshit.

PS – Zuck – I’ve never spoken to you directly, although also a speaker at SXSW back in the day I seem to recall my room was a bit smaller than the main stage.  I have spoken to Randi years ago on a joint proposal, and I understand you are playing at a different level (by far). Just if you see this post, consider my words or call me to discuss if you wish.

PPS – yes, I made the #freethenipple photo the featured image on this post, because I am choosing to censor OUT people who don’t know facts and history like deniers. That is my choice. I get to do that. I get to focus on the positive. You do to. So damnit man, exercise your own freedom of speech Zuck.  Do it.  

Edit: https://abcnews.go.com/Lifestyle/wireStory/rubens-facebook-fight-artistic-nudity-56889860

*** This text was edited on Friday August 10, 2018 based on reasonable and logical discourse in a thread on facebook. You can view that thread here. But the bottom line is only a government can technically “censor” and I agree with that point. Therefore there is an even lower bar for companies to make the decision to kick scumbags off of their sites.