Hacking – Gingercatsoftware

October 5, 2024October 5, 2024

AI Quantum and BGP

So there is going to be a day – (it may have already arrived) when AI is given a quantum computer to play with. Lets call this “day one”…. Once that happens it’s probable that all standard security on existing networks will be compromised.

There is also the matter of a network protocol called BGP (Border Gateway Protocol). The problem with that protocol is that unless your monitoring it continually and applying a degree of secure network management, huge amounts of data can be siphoned off on it’s way to it’s legitimate destination.

There are a number of examples and instances where large amounts of data have been hijacked. Now currently that data may not be able to be deciphered. But if you record and store it then throw a Quantum AI at the task, all of that historic data may be accessible.

So think about the implications of this, all banking transactions become vulnerable, all military and government communications. We are talking a very deep rabbit hole.

But let’s also open this up for further speculation – during world war two after the Allies had cracked the German Enigma machine, the fact that they had access to all communications was kept top secret.

While the Germans never found out the Allies could solve their codes, they suspected it as their ability to sink Allied shipping slipped dramatically in 1942.

So if and when this “day one” happens we probably won’t know about it.

For me the recent Crowdstrike adventure was a wake up call on a personal level. It made me aware that cash (even just an emergency fifty or a hundred bucks) is probably a good idea. I’m not heading for the woods quite yet. But a digitally insecure world? It is something to contemplate!

August 8, 2023

Python3 and http!

Python, a versatile and widely-used programming language, has proven its worth across various domains, from web development and data analysis to artificial intelligence and automation.

The command

python3 -m http.server

is an interesting one I’ve been thinking about and using of late.

This one little cli command can make all files accessible in the directory that the command is executed in… I checked it as an admin and standard user and sure enough you can share any data in any directory you have access to!

This opens up some significant security vulnerabilities. Since the server allows public access to the files in the directory where it is executed, there is a risk of exposing sensitive information inadvertently. Attackers can exploit this vulnerability to gain unauthorised access to confidential data or sensitive configuration files. This should never be used on a production server!

With great power also comes great responsibility…. I think all young programmers and developers should watch the Oppenheimer movie!

June 21, 2023June 21, 2023

One ring – not a good idea!

There was a fairly famous post once about how Sys Admins are lazy by nature and that automating things is a good habit to have – thus supporting the lazy label. But have we got too lazy, and is that laziness creating environments that are vulnerable?

The reason for this post is that over the last few years I’ve been reading about systems that are designed to “Run the whole network”, “Manage all users and applications”. The problem is, when these systems go wrong you have a huge clean up job – lets look at a couple of examples.

SolarWinds Hack
This was what is know as a “supply chain breach” it is effectively where the software is hacked at the the source level “in other words at the SolarWinds development space” and that compramised software is distributed in good faith buy the company. This created a situation where one piece of software, which gave some users “God” access to the network and all the machines, and all the users. Was compromised (More than 30,000 public and private organisations)! You can read about it in detail on this page.

One of the problems is this attitude of “Single sign on”, one place to do everything. It’s a lovely concept isn’t it? It means that one machine can control all the services and all the users and all the groups and all the network and… well you get the picture. It means that you can have less staff, less skill sets to train and you know just be lazy.

But lets look at the NotPetya attack. If you want to have a few nightmares read up about what happened to the international company that had 150 domain controllers compromised, and the insane amount of money it took to clear this up. It’s one of the few times where slow internet probably saved a multinational company billions.

As someone who is interested in IT security and sysadmin, I keep coming back to the responsibility of an inquisitive person who knows the network, the machines and what they are all up to.

Ai, automation, constant monitoring, automated alerts etc are all importnat and on one level mind blowing. But we still need human intelligence and awareness. How much space is on that server? What is the network throughput on a day to day basis? Has there been a change? If so – go investigate it! NOW

Related links

Notpetya
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/

SolarWinds

https://www.techtarget.com/whatis/feature/SolarWinds-hack-explained-Everything-you-need-to-know

March 14, 2023March 19, 2023

Did Sundar Pichai lie to Congress, or just use weasel words?

So I’ve been thinking about this for a while now. Operation Aurora was an attack on Google and a number of other companies and it is believed that it was a Chinese state sponsored attack. This was publicly disclosed by Google on January 12, 2010.

If we look at a basic time line
Sundar Pichai started at Google in 2004.

Listen to Sundar Pichai’s comment when asked by Congress (around or on, July 30 2020).

“Do you believe that the Chinese government steals technology from US companies”?

His response…
“I have no first hand knowledge of information stolen from Google”.

That blog post with the disclosure was written on January 12, 2010. As a tech person I remember hearing about it – it was all over the place, surely he read this as well?

If we look at the original disclosure from Google we find the words
“we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google” (bold text by me).

On a personal level I’m sort of amazed that he got away with this answer (you know CEO of Google and all that) but may be the politicians should have been more specific, better informed, or may be Mr Pichai … {feel free to fill in this blank}?

So there you have it – what do you think
Did Sundar Pichai lie to Congress, or just use weasel words?

Related links
Wikipedia article
Sundar Pichai https://en.wikipedia.org/wiki/Sundar_Pichai

Original Google Disclouser
https://googleblog.blogspot.com/2010/01/new-approach-to-china.html

Operation Aurora
https://en.wikipedia.org/wiki/Operation_Aurora

Tech giants face grilling by Congress | ABC News
https://googleblog.blogspot.com/2010/01/new-approach-to-china.html