thewayne: (Default)
Sadly lacking in details, this developer, "Nyan Satan" (his YouTube channel name) convinced an Apple $50 Lightning to HDMI adapter cable to run Doom! But at least he made a video demo of it running.

The adaptation of the Lightning protocol to the HDMI protocol requires more than a bit of work. The cable contains a microprocessor with a very scaled-down version of Apple's iPhone operating system, iOS. And Nyan got into the CPU and convinced it to dance to his tune!

Now, here's the interesting bit: that cable adapter's CPU has more processing power than most of the PC's that we were running back in the '90s when Doom released!



https://it.slashdot.org/story/25/02/05/1314221/developer-runs-doom-on-50-apple-lightning-to-hdmi-adapter
thewayne: (Default)
Well. This is a bit involved.

Last year it was detected that the Chinese had infiltrated at least nine major American telecommunications companies, including Verizon and AT&T. It was so bad that the FBI was telling government workers to not use secure messaging apps and phones and email and talk to people face to face.

The root cause of the problem goes back to the 1990s.

You may remember some controversy back then regarding something called the Clipper Chip. Basically the government wanted to require this chip to be installed in every piece of secure communications equipment as it provided a key escrow system. You could do secure communications between yourself and other people, but because the government held a middle key, that key could be deployed to intercept your communications without your knowledge.

There was an immediate uproar that any backdoor installed inside secure communications devices would ultimately be compromised by either nation state actors or by criminals, and security would be lost. Not to mention no guarantees that the government itself would respect our privacy.

The Clipper Chip was revealed in 1993 and was pretty much dead by '96. When the escrow algorithms were released later, they were found to be significantly flawed.

Well, that didn't stop the government from requiring key escrow, only this time it wasn't in hardware, and it was at the telcom provider level.

And it was hacked by the Chinese. And we don't know for how long.

The Department of Homeland Security created an advisory board to investigate these events, consisting of internal DHS employees and also external industry experts. Their job was to find out how the Chinese got in, how to stop them, how to harden our systems to prevent re-infiltration.

And care to guess what happened today?

The new administration fired all the external industry experts and effectively ended the investigation.

And by the way, there's plenty of evidence that the Chinese are still inside all of our major telcom providers, running amok. They accessed call log metadata from both the Harris and Republican Presidential campaigns.

So apparently not only are we likely to launch a tariff war against China, we're going to let them trash our IT infrastructure while we're doing it? Makes sense to me!

https://arstechnica.com/tech-policy/2025/01/trump-admin-fires-homeland-security-advisory-boards-blaming-agendas/
thewayne: (Default)
The game was released 32 years ago, and inspired by someone figuring out how to play Tetris in a PDF, someone known only by their Github alias worked out how to make Doom playable in said PDF! It has a refresh rate of 32 ms and is in glorious 6-bit monochrome, but you can actually play Knee-Deep In The Dead in a PDF!

While completely silly, this is quite awesome! People have figured out how to hack refrigerators, washing machines, coffee makers, and all sorts of things to play Doom. If it has an LCD screen of some sort, it either has Doom running on it somewhere, or someone is working on it.

https://www.theregister.com/2025/01/14/doom_delivered_in_a_pdf/
thewayne: (Default)
The attack was launched by ALPHV, a gang that was hit in December by the FBI and other government agencies in Europe and around the world. They thought they had clobbered them good, seizing servers, shutting down chat rooms, etc. Arrests were made. But they popped up again later and clearly are still effective. They also told their affiliates to hit as much American infrastructure as they wanted in retaliation for the FBI take-down.

This particular hit, two weeks ago, nailed Change Health, part of United HealthCare. They route pharmacy billing to various insurance carriers when you pick up meds. Take out Change, and it's hard to pay for your meds! Some pharmacies can switch to alternatives, others find that a lot harder to do. Some pharmacies offered customers the cash price for meds, others told people they'd have to pay the full price and seek reimbursement from their insurance on their own. And Change Health also handles coupon processing, that also was a no-go.

A great big mess that was ultimately fixed, but a good demonstration of how sensitive our infrastructure is to cyberattack.

https://www.msn.com/en-us/news/us/us-prescription-drug-market-in-disarray-as-ransomware-gang-attacks/ar-BB1jaAe9
thewayne: (Default)
Citrix is a major player in the computer networking equipment market. And they had a major, sorry, MAJOR software flaw back in October that was exploited bigly. They patched it and announced the patch as fast as they could, and their customers patched as fast as they could.

Which brings us to Xfinity.

From the article: "Citrix disclosed the vulnerability and issued a patch on October 10. Eight days later, researchers reported that the vulnerability, tracked as CVE-2023-4966 and by the name Citrix Bleed, had been under active exploitation since August. Comcast didn’t patch its network until October 23, 13 days after a patch became available and five days after the report of the in-the-wild attacks exploiting it."

Ruh-roh!

Two weeks is far too long for a vulnerability that big to go unpatched. Care to guess what happened? Oh, I forgot. It was in this post's subject line.

To continue the article: "“However, we subsequently discovered that prior to mitigation, between October 16 and October 19, 2023, there was unauthorized access to some of our internal systems that we concluded was a result of this vulnerability,” an accompanying notice stated. “We notified federal law enforcement and conducted an investigation into the nature and scope of the incident. On November 16, 2023, it was determined that information was likely acquired.”

Comcast is still investigating precisely what data the attackers obtained. So far, Monday’s disclosure said, information known to have been taken includes usernames and hashed passwords, names, contact information, the last four digits of social security numbers, dates of birth, and/or secret questions and answers. Xfinity is Comcast’s cable television and Internet division."


Yeah. Free credit monitoring? Thoughts and prayers? There needs to be some executive job loss and demotions. But as this is Comcast, nothing will change.

Completely inexcusable.

Back in the '90s, when the I Love You email virus hit, I learned about it at about 7:15 or so in the morning. We literally unplugged our firewall from the internet as there was no patch for it at the moment. And we had no problems. You can't let shit like this go unchecked, or things like this happen.

https://arstechnica.com/security/2023/12/hack-of-unpatched-comcast-servers-results-in-stolen-personal-data-including-passwords/
thewayne: (Default)
This is very bad.

SSH is one of the fundamental underpinnings that makes the internet and world wide web fundamentally secure. Well, we now know that it has some serious weaknesses.

What it boils down to is compatibility. There's lots of ways to implement SSH. Think of them as a whole bunch of switches, and each switch is a different implementation. Some are strong, some are not. They're all out there so that if I use Switch A and you use Switch B, we can still talk. Very convenient, but also a bit problematic. What happens if Switch C has some weaknesses to it?

The problem is that in lots of SSH implementations, Switch C is left turned on for ease of compatibility. And unless people know and specifically turn Switch C off, and all the other known weak switches off, then there are exploitable weaknesses.

The bad news? LOTS of systems are vulnerable. From the article: "A scan performed by the researchers found that 77 percent of SSH servers exposed to the Internet support at least one of the vulnerable encryption modes, while 57 percent of them list a vulnerable encryption mode as the preferred choice."

77% support the vulnerable mode and 57% PREFERRED IT? YIKES!

The good news is that it requires a Man In The Middle attack (MITMs), and those are not easy to carry out - but they can be done. The even better news is that the security researchers have released a scanner to let server administrators know if they are vulnerable. Some SSH packages have been patched to fix this issue, others I'm sure are in process. But there is also a likelihood that some implementations are not, or that some servers are not being updated for various reasons and will continue to be vulnerable.

I don't think this represents much of a problem for users, so much as for network administrators. Unless you're a very valuable person and likely to be targeted by hackers or world powers, you're not likely to have the resources to pull this off moved against you. As I said, MITMs are not easy to pull off, and if you're not Pentagon R&D level sort of stuff, you're probably safe. But I expect Apple and Microsoft and the various Linux distros will be patching their SSH bundles to make sure everything is good in the very near future, just to make sure.

Warning about the article: it gets REALLY deep into the SSH weeds, so don't bother with it if you're not already wise into the subject.

https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
thewayne: (Default)
In October, the gene testing company got hacked. The information on 7,000,000 customers was compromised. From the article, the information compromised includes: "photos, full names, geographical location, information related to ancestry trees, and even names of related family members. The company said that no genetic material or DNA records were exposed. Days after that attack, the hackers put up profiles of hundreds of thousands of Ashkenazi Jews and Chinese people for sale on the internet."

Of course, law suits started popping up immediately. Back to the article: "multiple class action claims” have already been against the company in both federal and state court in California and state court in Illinois, as well as in Canadian courts." No surprise there.

Here's the surprise.

23 sent out an update to its terms of service to all customers. Okay, that's not new, companies do it all the time and usually we ignore them. These were a bit different. Just a wee bit.

First off, unless you notified them in writing within 30 days, you automatically agreed to them.

Second, by agreeing to them, you relinquished your right to participate in class action claims.

GEE, ISN'T THAT SPECIAL?! Company gets hacked, then screws over their customers to try to prevent them from suing the company. Pretty clever. One law professor said that the change in the user agreement would not be enough to prevent claims, but the article did not go into any detail of the reasoning behind the statement. Perhaps some ex post facto going on there?

Myself, while I have had genetic testing performed, it was purely in a medical context and theoretically my genes have never been shared with companies like this. They are far too liberal with sharing their information and with letting law enforcement stroll through their data.

https://www.engadget.com/23andme-frantically-changed-its-terms-of-service-to-prevent-hacked-customers-from-suing-152434306.html
thewayne: (Default)
The intruders, most likely the Chinese government considering the targets and sophistication, did quite an amazing job.

They did a very clever thing. As they were undetected for quite some time, they embedded a persistent re-entry code. They slid some auto-executing malware into a configuration backup, so that when the sysadmins of a site backed up their Barracuda configuration in the event of a future restore, they backed up the code that hacked them! Then when it was reported that their email firewalls had been compromised, they wiped them out or replaced them, then restored their backups, thus - in some cases - reinfecting them!

It wasn't an across the board reinfection, since the intruders knew where they 'were', they were able to target the highest value targets to return to, and those were the ones they launched this scheme with.

As a retired system administrator and former Cisco certified geek, let me explain this a little more. I have experience configuring routers and firewalls, and whenever you configure one of these or make a change, you back up or export the configuration from the device to your network somewhere. This way, if that device crashes or resets hard or goes up in flames or is stolen, you've got a fallback point. And in this case, if you were at one of these high-value targets, you just backed up the malware package that restores the compromise. It's pretty easy to restore that config file and get your router or firewall back and running. The thing is, these configurations can get scary complicated, especially on a border router (the border between your internal network and the external internet). You don't want to have to recreate that from scratch. And while I've never worked with an email security device like a Barracuda, I can easily imagine its configuration is far from trivial. The smart thing to do would be to have a printout of the configuration and to be able to key it in manually or verify that your restore recreated what that hardcopy reads as, but I'll bet 99%+ of installations don't do that. The main reason being, that you'd have two people trying to double-check probably thousands of lines of code, making sure they line up. Assuming they can find the latest copy. Tireless, thankless, and possibly impossible task. And that device is down while they're doing it.

https://arstechnica.com/security/2023/08/barracuda-thought-it-drove-0-day-hackers-out-of-customers-networks-it-was-wrong/
thewayne: (Default)
Polish spyware maker LetMeSpy made Android spyware that gave the installer pretty much a full copy of what was going on with the target phone: copies of text messages, call logs, real-time location data. It did require password access to the phone, and the software was almost impossible to detect and remove because there was no visible home screen icon.

They were hacked a couple of months ago, and the hackers - after removing the database containing the data the company had stolen - trashed their servers. LetMeSpy has thrown in the towel and is ceasing operations as of the end of the month.

Another interesting bit from the article: "A copy of the database was obtained by nonprofit transparency collective DDoSecrets, which indexes leaked datasets in the public interest, and shared with TechCrunch for analysis. The data showed that LetMeSpy, until recently, had been used to steal data from more than 13,000 compromised Android devices worldwide, though LetMeSpy’s website claimed prior to the breach that it controlled more than 236,000 devices."

I'm guessing either they did not have good backups of their operational and development data, or the PR light is too bright for them. Regardless, good riddance to bad rubbish.

This is the second spyware company that has shut down after reporting by Tech Crunch!

https://techcrunch.com/2023/08/05/letmespy-spyware-shuts-down-wiped-server/

https://it.slashdot.org/story/23/08/07/2036229/spyware-maker-letmespy-shuts-down-after-hacker-deletes-server-data


I prefer iPhones over Android, and this is one reason. While they are not impervious to spyware, it's much harder for such software to take root. Not that I'm terribly concerned about being a target for such.
thewayne: (Default)
Tesla is a sponsor this year and gamely threw their hat/car into the ring. And were hacked twice by the same team of security researchers.

The first hack involved the charging system, and enabled them to open the doors and the frunk (front trunk). They were awarded the car for this particular hack. The second hack was through the infotainment system. Either hack was enough to render the car unsafe.

One of the key elements of this competition is the teams reveal all their hacking techniques for this attack to the system owners so they can improve the security of their systems. And the teams are pretty well compensated for their work.

This is nothing new with Tesla, their cars have been hacked before, and I just posted the article about the two guys parking side by side and driving away with each other's cars.

https://gizmodo.com/tesla-hack-hackers-model-3-elon-musk-hackathon-1850263319
thewayne: (Default)
Remember that Violence As A Service article that I posted a while back? This is a direct offshoot of that. One of these stains is a "L337 hax0r" who stole over $300,000 in crypto currency via cell phone sim swapping. These twits would hack Yahoo Mail accounts, then see if that same password would unlock a Ring account. If it did, they were gold - goes to show that it's important to use different passwords for different accounts, especially important ones, and critical when privacy issues are at stake!

Then these stains would SWAT the victims, recording and live-streaming the victims. Fortunately no physical injuries were reported from the incidents, though emotional trauma I'm sure was received.

Have fun in prison, ass-wipes!

https://krebsonsecurity.com/2022/12/hacked-ring-cams-used-to-record-swatting-victims/
thewayne: (Default)
Packt Publishing is running a sale - their ENTIRE inventory of ebooks and videos is $5 per item! Books ranging from $20 on up, only $5! I don't know how long the sale will be running, but it is one heck of a deal.

Packt also has a Book of the Day. Sign up for their mailing list, check the web site daily, and you can bind it to your library and read it anytime you like online. Good way to expand your library in subjects that may be on the periphery of your field but not really core to what you're doing that you might want to dig in to sometime.

https://subscription.packtpub.com/search?utm_source=all%20updates&utm_campaign=2a15eb6572-dollar_5_bestseller_programming_15_12_22


In other CS book news, Humble Bundle has several programming-related books up.

An O'Reilly bundle went up, launched a day or two ago, on "Gift for the technically inclined". 17 days remaining.
https://www.humblebundle.com/books/gifts-for-technically-inclined-oreilly-2022-books

A Wiley Cybersecurity bundle, lots of stuff on pen testing, crypto - both currencies and graphy, etc. 15 days left.
https://www.humblebundle.com/books/holiday-encore-become-cybersecurity-expert-wiley-books

Functional Programming by the Pragmatic Programmers: stuff for Scala, Kotlin, Elm, Elixer, etc. 10 days remaining.
https://www.humblebundle.com/books/functional-programming-pragmatic-programmers-books

And three days left on a No Starch Press bundle on Hacking. I do like No Starch, good people.
https://www.humblebundle.com/books/hacking-no-starch-press-books-2022
thewayne: (Default)
The group, Cyber Partisans, made the following demands on Twitter:

We have encryption keys, and we are ready to return Belarusian Railroad's systems to normal mode. Our conditions:
🔺 Release of the 50 political prisoners who are most in need of medical assistance.
🔺Preventing the presence of Russian troops on the territory of #Belarus.


Belarus borders Ukraine and is "undergoing joint military exercises with Russia", i.e. Russian troops are swarming through its country, staging and ready to invade Ukraine at a moment's notice. The Cyber Partisans have thrown quite a monkey wrench into those plans by completely disabling the rail network!

In addition to encrypting the system's servers, they destroyed all the backups, which I guess were stored in a SAN online. Bad design there, fellas! The Partisans said that the network had many entry points and was poorly isolated from the internet.

Sometimes hactivists do a good job! I hope these people practices amazingly good operational security (OpSec), because if Putin or Lukeshenko find them, they are dead.

https://arstechnica.com/information-technology/2022/01/hactivists-say-they-hacked-belarus-rail-system-to-stop-russian-military-buildup/
thewayne: (Default)
Normally the rule is that as long as you're based in Russia and you don't attack Russian and most Eastern European countries, that you're good. So what exactly happened here?

The Russian Federal Security Service (FSB) said today that it has raided and shut down the operations of the REvil ransomware gang. Raids were conducted today at 25 residents owned by 14 members suspected to be part of the REvil team across Moscow, St. Petersburg, Leningrad, and the Lipetsk regions. Authorities said they seized more than 426 million rubles, $600,000, and 500,000 euro in cash, along with cryptocurrency wallets, computers, and 20 expensive cars. The REvil gang is responsible for ransomware attacks against Apple supplier Quanta, Kaseya, and JBS Foods.

Apparently American and other country's pressure on Russia produced some results, at last! If this were a movie, Jason Bourne (or equivalent) would be sneaking into Russian hacker farms and wiping them out with a silenced pistol, but we don't do things like that. It will be interesting to see how these prosecutions and prison sentences play out.

https://therecord.media/fsb-raids-revil-ransomware-gang-members/

https://it.slashdot.org/story/22/01/14/154259/fsb-arrests-14-members-of-revil-ransomware-gang
thewayne: (Default)
The U.S. government are offering up to a $10,000,000 reward for info leading to the arrest of key members of the group! $5mil for affiliate members!

Recently a member was arrested in Poland and $6mil of cryptocurrency was recovered. He's in prison awaiting extradition to the USA!

The wheels of justice may grind slowly, but they grind exceedingly fine.

Krebs is learning that it seems any organization that is ten years old starts getting really lax about their internal cybersecurity. These guys were brought down because they didn't compartmentalize their hacker identities from their social media identities. People linked them, reported them to the authorities, and now they're behind bars!

https://krebsonsecurity.com/2021/11/revil-ransom-arrest-6m-seizure-and-10m-reward/
thewayne: (Default)
Amazing stuff. The Bahrain gov't bought a hack that allows them to send a text message to an iPhone owned by a journalist, anti-government protester, cheating mistress, whoever, and the phone is compromised. You don't have to click on a link, open a document, play a video. No interaction whatsoever. Receive the message, and your phone is rooted.

They probably paid a few million bucks for it, but they're the Bahrain government - what do they care for such a tool?

Apple has been fighting these zero-click attacks and instituted a good defense, but this latest one blasts right through it. The problem is that "we" (not me) want emojis, embedded videos, photos, etc. and that requires access deeper into the phone's infrastructure, and that all by definition makes things more vulnerable. If the app only allowed messages without any frills to be sent back and forth, and you had to use emails to attach the fun stuff, then the Messages app could be completely secure. But where would be the fun in that?!

So Apple gets to play an on-going game of whack-a-mole.

They're releasing a new version of IOS, 15, probably in October, which should increase security, but that security will certainly be broken at some point and the whack-a-mole will resume.

Myself, Apple occasionally ticks me off with changes to IOS. For example, I think it was when 11 was released, they broke their podcast player, and I foolishly updated my phone literally the day I was to drive to Phoenix, a nice long 500 mile drive. The break? Let's say you want to listen to four or five Wait Wait Don't Tell Me episode. You play the oldest and the next one automatically starts. Except the program broke and it wouldn't start the next, so you're zipping down the interstate at 75 MPH and have to fumble with your phone to start it. How the hell did this not turn up in testing?

So on occasion I think about buying a flip phone that has a 4G hotspot, plus an iPod Touch to hold all my apps, music and podcasts, and data stores and go back to something resembling the late '90s.

https://www.wired.com/story/apple-imessage-zero-click-hacks/
thewayne: (Default)
There is a critical security bug that was discovered late yesterday called PrintNightmare in Windows' print spooler. It affects ALL versions of Windows!

Let me repeat that.

EVERY. FREAKING. VERSION. OF. WINDOWS.

Not just Windows 10.

Server.

7.

Vista.

And on down the line.

It allows the remote creation of privileged accounts, so even if you're not running as an admin user, the villains can create an admin account on your system.

If you're running Windows 10, there's a patch, and you should apply it toot sweet. If you're running an older version of Windows, there will be a patch soon, they're working on them. There is a stop-gap measure: disable the Print Spooler. You won't be able to print remotely, but you also won't be able to be compromised.

Read the comments on Krebs' post, since the patch was rushed out, it may be buggy. You might want to just disable the Print Spooler for now until a better patch can be created.

https://krebsonsecurity.com/2021/07/microsoft-issues-emergency-patch-for-windows-flaw/

https://gizmodo.com/printnightmare-windows-users-need-to-install-this-emer-1847243126
thewayne: (Default)
Interesting stuff. It might have been hack squad versus hack squad warfare!

There were two flaws present in the code on the WD drives. Now, keep in mind that the drive must have a CPU and an operating system to serve up files on the internet: it has to be an intelligent device. And what does this mean for hack squads? BOTNET! As I said, there were two exploits in the OS on the wiped drives, either one was sufficient to compromise the drive and make it a slave for the botnet, which means drives were probably subservient for several years.

Now, here's the sad bit. One of the flaws in the code was particularly tragic: it had the code to enforce a strong password, and for reasons unknown - it was commented out. Completely nullified. So if you were able to get in and study this code, it was trivial to access full admin privileges on the drive. And all you needed to do was network map to find these drives as they had to be publicly accessible to fulfill their role as storage available across the internet.

It turns out you only need one of these exploits to seize control of the drive, not both.

So why would you need access to both?

Back to the second flaw. There is a rumor going 'round that another gang wanted a piece of this WD drive botnet army. They couldn't get access to it, but they could screw over the first gang. So they launched an attack via the second flaw and did a reset on all the drives to deny the first gang access to their botnet army.

It is a theory that has popped up, a possible explanation for why the second hole was exploited by different IP addresses than the first hole.


There's some deeper bad news.

There's a White Hat hacking contest called Pawn2Own, where good guy hackers try to crack the latest in hardware and software, and if they are the first among the competing groups to succeed, they get the hardware and a cash prize. As part of the contest terms, they turn over their exploits to the companies involved so they can toughen their systems. A group was going to go to Japan a couple of years ago with a great hack against Western Digital's Cloud OS 3, and right before the contest WD released their OS 5 against which their hack didn't work. Bad luck for them. Still, they sent their documentation and code to WD for them to fix OS 3.

Care to guess whether or not OS 3 was ever patched?

There's an unknown number of Cloud OS 3 installations out there with weak and exploitable operating systems, that cannot or will not be updated. And WD's answer is 'they should update to 5'. So odds are that we're going to hear the exact same story in the not too distant future.


And believe it or not, there's some amazingly good news.

For people whose drives have been wiped, and this is truly amazing, Western Digital has retained a data recovery service and is providing that service for people with wiped drives FOR FREE!

Data recovery is a VERY expensive service, we explored it when we had a RAID array break at a place I once worked at: they charged a ton and recovered nothing worthwhile, but this was about 20 years ago, hopefully things have improved since then. I have read that in many cases that after the wipe, people's directory trees were intact, which leaves a little hope that the files are there, that just the directory information was clobbered. So people might get lucky.

We shall see.

https://arstechnica.com/gadgets/2021/06/hackers-exploited-0-day-not-2018-bug-to-mass-wipe-my-book-live-devices/

https://krebsonsecurity.com/2021/07/another-0-day-looms-for-many-western-digital-users/
thewayne: (Default)
Turns out it was reported to Western Digital in 2018. But since the devices were end-of-lifed in '15, they decided not to push an update that would have prevented this happening to their customers.

Nice company.

Here's the even better part.

It's possible the bug lives on in another of their products: "Wizcase [the security researcher who found the flaw] said the flaw it found in MyBook devices also may be present in certain models of WD MyCloud network attached storage (NAS) devices, although Western Digital’s advisory makes no mention of its MyCloud line being affected."

https://krebsonsecurity.com/2021/06/mybook-users-urged-to-unplug-devices-from-internet/


And now for my rant.

This is why I am fundamentally opposed to Internet of Things devices and needlessly connecting things to the internet. Almost all of the companies that make these devices do not do a good job of supporting them and providing security updates because there's no continuing revenue stream: you buy them, or more precisely, once Best Buy or Amazon buys them, there's no continuing money going back to Western Digital or whoever to pay for their programmers to continue updating the software.

Also, these devices use an older, stripped-down version of Linux as their operating system so that it will run on low-powered CPUs. It simplifies programming and lets it run on lower-end CPUs which saves cost. And is more vulnerable to exploits. In this case, the vulnerability was discovered THREE YEARS AGO, and Western Digital was "*MEH*, not our problem. It's the customer's problem if they get stomped on, because they shouldn't be using hardware past its end of life connected to the internet."

How many people buying these devices and connecting them to the internet are security experts?

I'm not raising my hand, because I'm not a security expert. I know more than most non-experts, but I'm not a trained and certified expert. I do know enough not to trust things connected to the internet because they're inherently not trustworthy. The makers have no profit motive to keep them secure, and when it comes to devices like Alexa and such, while they are convenient, they are there to suck marketing information from your life. If you don't mind that, fine. I have no problem turning on lights and my stereo and selecting my own music by myself and I can look at the weather app on my phone to know if it might rain. Yes, I'm a bit of a luddite. I prefer to avoid my devices potentially being compromised.

The mistake people made with these Western Digital devices to access files across the internet was already a solved problem. It's known as SFTP. Western Digital is known for one thing - making hard drives. That's it. People shouldn't rely on them for anything beyond that. If you have a real need to access files remotely, then get a hosting account and/or set up an SFTP server and get your files that way.

A friend of mine did that exact thing when he did remote file installs for a software company, he traveled around the country doing these setups and kept software packages, updates, help scripts, etc on a server in his house that only he could access. Nowdays he could probably carry everything on a bunch of USB flash drives, but not back then.

I think the big question is, do you really need to access all that data remotely, or do you just think it would be cool to be able to? And do you really need two terabytes worth, or could you pare it down to the point that it could fit in Dropbox/OneDrive/iCloud/Googlewhatever? Do you really need instant access to a letter that you wrote twelve years ago cancelling a credit card?


One last thing about backups and the value therein. There are three basic purposes to backups. One is catastrophic recovery: computer theft, hard drive crash, something like that. One is accidental file overwrite, another is file deletion. In the case of deletion, usually you can get it back from the recycle bin, but not always. In the case of overwrite, your only recourse is from backups, those are true OMG! moments. I've done that before. Recovery from backup is only as good as your most recent backup.

But here's the problem: system administrators have a rule of thumb that you don't have a backup until you've tested it by restoring a file from it. And you don't have a safe backup system unless you have at least one copy stored away from your home or business, i.e. off-site. If you're retired, this becomes a little tricky. Me, I have two sets of backup disks. At the start of the month, I take the disk that my iMac currently backs up to into work with me, and it goes into my desk. The disk that's there comes home, and gets plugged in. There's a second disk there that I use to back up our laptops, we currently have three. I refresh those monthly and that disk gets stored in a fire-resistant lockbox that we have here at the house, swapped with its partner at work.

I can inspect those disks with my laptop at work and test them when I have time. And I misspoke, we have four laptops: I also have a Windows laptop that has a slightly different backup routine, but that's another story. I'll talk about Windows backups another time.
thewayne: (Default)
Disconnect it from any internet-side connections, including your computer, RIGHT NOW!

There is a bug, most likely a bad actor hack, that is WIPING ALL CONTENT FROM THESE DRIVES!

And if your drive is encrypted, this data loss is likely permanent! Lots of people have already lost years worth of data to whatever it is that's happening. Part of the problem is these drives are accessed via a cloud infrastructure, I'm guessing someone is figuring out how to map local IP addresses in this cloud system, found a weakness in their management software, but hasn't yet written a bot to wipe them en masse and is doing them pretty slowly - for now.

So eject the drive from your Windows Explorer or Mac Finder and and disconnect the ethernet cable to it, optionally just power it down until Western Digital figures out just what is going on and gets a fix released. These drives received their last update in 2015, which means they'd be long-past dead where I live, but probably working fine for lots of people at lower altitudes.

And PLEASE, copy this and post it publicly on your blog if you have a lot of computer people who are likely to have infrastructure like this on their systems! This needs to be spread far and wide, hopefully faster than people's external drives are getting wiped!

https://arstechnica.com/gadgets/2021/06/mass-data-wipe-in-my-book-devices-prompts-warning-from-western-digital/

August 2025

S M T W T F S
     12
34 56789
10111213141516
17181920212223
24252627282930
31      

Syndicate

RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Aug. 9th, 2025 06:09 pm
Powered by Dreamwidth Studios