SSH Backdoors

This is just crazy, how long was it that Cisco had a similar issue? 2014
And when will Checkpoint join this list?

The IT community was shaken a few weeks ago when Juniper Networks firewalls were found to contain “unauthorized code” that seemed to enable a backdoor. Now, Fortinet firewalls have been found to contain an apparent SSH backdoor as well. “According to the exploit code, the undisclosed authentication works on versions 4.3 up to 5.0.7. If correct, the surreptitious access method was active in FortiOS versions current in the 2013 and 2014 time frame and possibly earlier, based on this rough release history. The weakness was eventually patched, but so far, researchers have been unable to locate a security advisory that disclosed the alternative authentication method or the hard-coded password.” A spokesperson for Fortinet told El Reg, “This was not a ‘backdoor’ vulnerability issue but rather a management authentication issue.”

Source: SSH Backdoor Found In Fortinet Firewalls – Slashdot

Advertisements

The Internet of Things that Talks About You Behind Your Back – Schneier on Security

This is seriously  creepy stuff.

SilverPush is an Indian startup that’s trying to figure out all the different computing devices you own. It embeds inaudible sounds into the webpages you read and the television commercials you watch. Software secretly embedded in your computers, tablets, and smartphones pick up the signals, and then use cookies to transmit that information back to SilverPush. The result is that the company can track you across your different devices. It can correlate the television commercials you watch with the web searches you make. It can link the things you do on your tablet with the things you do on your work computer.

https://www.schneier.com/blog/archives/2016/01/the_internet_of.html

QR Code Scams

There’s a rise in QR codes that point to fraudulent sites. One of the warning signs seems to be a sticker with the code, rather than a code embedded in an advertising poster.

This brings up another question: does anyone actually use these things?

via QR Code Scams.

I don’t know anyone that uses these other then for some local promotion.

Tor Operations Security

I thought this article was an interesting read. I am short on time, so comments will have to come at a later date from me.

Tor Operations Security

Date: Tue, 13 Dec 2011 18:39:22 -0500

From: wakeupneo555[at]Safe-mail.net

To: tor-talk[at]lists.torproject.org

Subject: [tor-talk] Tor OPSEC – Operational Security – Great Resource of Information!

What began as a simple reply to a Tor user on the subject of downloading PDF files through Tor, turned into a wealth of information on Tor OPSEC. I am adding this post to the list because others might find it as useful as I have. Cheers.

Origin of discussion:

http://ubuntuforums.org/showthread.php?t=1890619

via Tor Operations Security.

via Tor Operations Security.