Dear George!

So I’ve been waiting for this insane sort of a situation to happen for about 20 years now. That is, a major part / piece of international IT infrastructure failing. I’m of course talking about the recent crowdstrike failure.

With regards Cyber Security, large companies like to pay someone else to take care of the problem for them. It means they can avoid accountability and pass the buck to someone else. Strange how the crowdstrike stock price is tanking!

https://www.google.com/search?q=crowdstrike+stock+price

The crowdstrike issue was / is an example of humans loving the fact that they can pass the buck. It’s also about environments that lack diversity and this creates or leaves open a single point of failure. Many many machines are going to have to be physically restarted and modified to sort this problem, and the answer to all this is something IT tends to shy away from – that being an environment of variation can be a lot more robust.

What do I mean by this? The answer is a variety of operating systems (ie Mac, Linux, Bsd even Android or ChromeOS) both at the server and user level. Not to mention a variety of routers and switches all carefully constructed to operate together. It’s an interesting thought experiment that few people want to consider because, we are all about the bottom dollar! We want things to be as easy as possible!

The crowdstrike insanity is a huge home goal event, an embarrassing hiccup for a number of companies and even your humble author (I had to go and find cash to try to pay for my weekend vino! By the time I came back the store had closed, because even their cash draws no longer could function)!

It will be interesting to see if we learn anything from this large hiccup that took out about 8.5 million machines. Many of which were parts of important infrastructure including including airlines, banks and hospitals.

A few interesting observations. George Kurtz, the CEO of Crowdstrike has gone thru something similar before – In 2010 while he was working for McAffe a similar problem, that caused a global IT meltdown due to a faulty update. CTO at this time was George Kurtz! Who would have thought!

In a number of companies I have worked for we had a rule. Never, ever run out a major update on a Friday! Unless the client is willing to pay for out of hours weekend support. Guess George is still working on that lesson.

Now I want you to put your thinking caps on and go read about what notpetya did. Think about what you might do if we ever have total Cyber warfare!

Battling Digital Onslaught

A couple of times on this site I’ve mentioned some of the garbage that some ip address spit at my wee server. It’s interesting and frustrating especially when you think about how much people do or do not care.

Admittedly the people at AWS on occasion have constructively addressed the odd concern (but they do require lots of information inducing your time zone preferred type of porridge etc) But on the whole if you make a complaint to an ISP about the scanning or bs coming from an IP address you often never get a response.

So one approach is to just set up firewall rules and hope that the Aholes don’t come back via another address, but this does become a vexatious game of Whac-A-Mole.

I made this project public in 2018
https://github.com/nevetsanderson/sshfail

It is useful in that it on a day to day level can bring awareness to how much junk is rattling at your front doors. I remember telling a manager once about the number daily number attacks and he went rather pale in the face.

I hope that someone can find sshfail as a useful tool, even if it does turn managers pale.

Sarah Jamie Lewis and “The Dark Web”!

I have spent the afternoon researching the work of Sarah Jamie Lewis. A very interesting person and among other things she used to work for GCHQ! The irony is that she is now an independent security researcher who is pro anonymity and privacy advocate.

She is also the author of an interesting product called onionscan, which is a tool that can be used for mapping the dark web.

This particular talk I found rather interesting

Sarah Jamie Lewis: OnionScan: Practical Deanonymization of Hidden Services
https://www.youtube.com/watch?v=r8hr0nlfJRc

Among other things it gives rise to the fact that if you want security you should find your self a great Sys admin! Put simply a lot of sites on the “Dark Web” are not well configured and if you use such services you could be at risk.

She covers such topics as why you should be careful if you use apache as a dark web server. Why not to use a google analytics id (don’t use the same id for all your sites) and be aware that if your using it in the real world as well as the dark web this is a rather incriminating vector!

Other things discussed are exif metadata (from photographs for instance) that give away your geolocation, phone type etc!!

Most importantly though she mentions a lot of the good things that the dark web can be used for including, that a lot of the dark web is blog sites, forums that help drug users with regards catching addiction before it happens and harm reduction. Also that the dark web is used to monitor human rights abuses, and censorship data gathering.

She sums up buy proposing that peer to peer may be the future of creating secure communications due to the fact that the client server model is rather difficult to secure and anonymise. Some very interesting, important and thought provoking work. Her twitter feed is also an interesting read and rather humorous but probably NSFW!

Related links
Source for onionscan
https://github.com/s-rah/onionscan

The argument for System Administration 0.1

Ganesha is widely revered as the remover of obstacles

 

So from what I can work out your humble Sys Admin is a bit like a dentist! You know it’s good for you but no one likes pain, let alone paying for that pain.

But lets just hold it there for a minute can we? Lets just stop and think about this.

John Podesta recently had his email account hacked. Of that we have evidence, have a look at this.

https://wikileaks.org/podesta-emails/

There is some discussion that his account password was, or may have been “password”, or something simple and easy to hack. What ever his password was, it probably was not that difficult to hack see this information.

But guess what? If a System administrator had been looking after that email server properly this shouldn’t have happened.

So we now have a major question over the outcome of the political leadership of arguably the most powerful country on earth. Just so you know sysadmin appreciation day this year falls on  Friday, 28 July.

Think about that! Especially if you have a good Sys admin who is looking after you and your network, and your email, and stays up late re booting the server doing stuff you never have to worry about, often stuff you don’t even care about until – whoops! Where did the election go?