nation state hackers caught exploiting cisco firewalls

That first hook is worming the Host for greater parasitism. Ensuring all analytics terminate is the sign of a more evolved Host that stays based in its original objective. Performance comes first, not safety nor other promiscuity posing as nicety.

I still have an old Linksys router with a simple backdoor on port 32764, it was fun to play with this.
I remember also playing with some D-Link routers, we could access their admin panel by changing your user-agent of your browser to "xmlset_roodkcableoj28840ybtide". ("backdoor/roodkcab lol")

Someone here remember "xmlset_roodkcableoj..." or the port 32764 ?
Edit: I got confused by the title, I thought these routers were sold like this...

WEF cyber pandemic

Reminds me of SC1. I dig… I read ya, siiiir.

*psst, Hey Kid, want a list of uncompromised systems?*

If you find one, let us know

The list:
🤔

TempleOS, probably has bugs but definitely not made with glowies influence in trying to compromise it.

TempleOS ftw 😂

I've been in a cybersecurity-adjacent field for awhile now, and this feels more like the plot from the (2nd?) pacific rim movie where the kaiju end up coming with less and less time between events until they get more than one kaiju in a single 'breach'. I feel like we were bound to hit a cve-tipping point where instead of having one a big one every month or two in the past, we get several a month, several a week, etc.
The source of the problem isn't shrinking, its growing. The increase in the rate of security vulnerabilities feels inevitable.

The wider geopolitical situation is driving this. Nation-states have been keeping their powder dry for higher priority engagement opportunities. We're into higher priority engagements than "ordinary" objectives. It's also a bit of a panic that other nation-states will use the exploit that they have before they can use it, so we have a situation where there are high priority operations AND "use it or lose it" fear.

@@quantumuninstall feels like the cyberpunk future where the Internet as it was got destroyed by a virus that was unstoppable and infected all systems... I think the solution in cyberpunk was the creation of completely physically isolated networks.

The west is busy with Ukraine and Israel, Taiwan looks very juicy. Nation states are lining up their ducks to be sure to have ways of knowing and redirecting attention.
Source: trust me bro

​@@lawrencemanning Is there such a thing as true digital privacy in this day and age?

evidence that babe exists

Loool ❤❤😂

Oh faxk off with this nonsense

Actual babe: “that guy talks too much” 😂

Reminds me of an internal google meme:
"That's my secret, Cap. I'm always under attack."

Especially in the energy sector. Everyone knows there is espionage.

Yeah. I also like “There are people that know how to build a house, and those that don’t.”
“There are things that exist, and things that don’t.”
“There are that that they have been , and that don’t.”
Such a meaningful quote.

@@o0Donuts0o r/whoosh.
It means everyone has been hacked, but some know it and some don't.

@@superneenjaa718 oooh got me with a Reddit reference. 🙄. That quote is as stupid as the person who wrote it and the people who quote it.
That’s my feel of ITSec in general. Do nothing all day and suddenly enlightened when the pen testers come along. You know, the actual knowledgeable ones. This quote just embodies them in general. Say a lot of nothing.

But is Israel involved?

Any company that relies on a vendor that outsources their own TAC is a back door .

Well, they are targeted more simply due to their sheer numbers out there in backbone routing. Same with OS's, Windows being targeted more due to it's market market share.

​@@BillAntfor clients yes, for servers no

They're living rent free in your head that's insane ​@@DudeSoWin

Well he is a security researcher after all 🤔

@@lawrencemanning I could keep watching vuluns forever. They're all different and unique.

Yeah well that's fine and good. he didn't remind me to watch till the end and I wandered off

Not an almost vulnerability. Whatever group put it in, they had around two weeks to abuse it. Assuming their target was running Debian or Fedora their target was probs compromised.

​@@universallyepicnarwhal9102Linux cultists will always try their best to downplay their Ls

@@universallyepicnarwhal9102 it was never released in a release version of debian. No one would have been using that version in production.

@@ImNotActuallyChristian True, but it hit unstable debian. I know of some people (unfortunately) who use that in production. And they did successfully hit fedora

​@@universallyepicnarwhal9102lol. Using unstable in production is idiotic.

Even if you print your own chips, can you ensure that no malicious actor along the way put a backdoor into the design that you yourself missed.

ken thompson hack reference

x-ray every chip you produce before adding to the motherboard which you x-rayed as well :D

@@todorkolev7565 don't forget to xray the xray machine to make sure the xray machine isn't compromised

AI will make it very hard to hide hardware backdoors in the future. It will be able to take an image of a circuit and point out suspicious things.

Its not only that, more people work on security every year, more programs and services being created and more people using them every year. Everything is ramping up, the reporting as well

@@dracula7779 I am absolutely agree with you. Security vulnerabilities we can sort in two major groups:
1. Accidental
2. Intentional
This one belongs to the second group, with a purpose of collecting some data for some reasons..

They don't compromise things to be Tor relays... There are enough Tor relays run by volunteers.

A hack is not as traceable as running your own relay or proxy or vpn or whatever, a hacker could certainly do this to try and put their egress location at arms length

@@thewhitefalcon8539 I could imagine the Tor relay was a malicious Tor relay attempting to expose its users. In that case, it would make sense they are compromising things sense the more Tor relays you have access to the more control you have over the Tor network. It's always possible this commenter is lying, but this is entirely a realistic and possible scenario.

​@@thewhitefalcon8539 exit nodes are uncommon for volunteers just because of the heat you get from it.

@@thewhitefalcon8539 not true. alot of the relays are run by the government and somewhat unsafe.

This is a real thing. Sometimes a device needs to be powered off to completely reset. A "reboot" doesn't always clear everything.

them:H-HOW are keep getting hacked by another nations and steal our secrets!! cyber security: they used your backdoor you placed into it. stop adding backdoors? them:nahhh, that ain't the problem at all.

@@Sunrise-d819i2 But i mean, if they didnt backdoor all our devices, how would they rape the undesirables??????????

We need Edward Snowden more than ever

Just make your own silicone

@@Rudxain its not the us

twenty course meal

Ah yes, Chili Vinegar Eggs, my favorite meal

Just because it's an open-secret doesn't mean it's not a very bad idea to have a backdoor any nation-state can get access to.

The US intelligence community has done a great job painting anyone who's vaguely aware of their operations, even in ways that are openly known, as the exact same as cooky anti-government nutjobs.
I will remind you that mass-scale digital surveillance featuring collaboration from essentially every multinational tech giant was completely real. We're a decade post Snowden and it feels like everything he leaked has been completely swept under the rug.

Your dad.

Nice

"It's *_reeeeal!_* I can _see_ it... _in my mind."_ - Sisko, Deep Space Nine

Yup

If you have the hardware then you have the software. You can trace and reverse engineer. And you can run tooling that hunts for exploits against the binary.

@@mrpocock sure, but much easier with the source. Just need one bent software engineer on the inside.

@@UnCoolDad and doing that is harder than just reverse engineering. it's a lot more expesnive and diffult going that route. you have the company and gov to worry about. you've nothing to worry about just using the hardware.

@@mycelia_ow Or cisco just gives the NSA the hardware on source code.

no, even if it would prevent this attack, you search for another way to implement a backdoor. and if you can control the code, you can do it

If (as is presumably the case) the initial vector was a memory safety issue, then yes, a memory safe language is extremely likely to have prevented it (extremely likely here meaning at least 90%+ chance, and only that low because you have to hit unsafe code eventually and people like to think they're clever)
Could they find *other* issues? Sure, but the reason it's often memory safety is that they're the majority of security issues in the first place. Why make things easier for the bad guy?

😂

​@@SimonBuchanNzLLVM

@@rusi6219 what about it?

Next level plan: Use blurring, but replace that section of text (before blurring) to random nonsense, just to waste the time of potential attackers. (but yeah, speaking seriously, I had the same annoyance/complaint)

Not in software. Everywhere. You are not safe.

Security is a _practice._
Being secure, is the illusion.

Exactly, and that's precisely why I've stopped caring about security completely. Much less paranoia, more relaxed and efficient life. And probably no difference in effective security outcome.

Pretty secure when it’s turned off. The trick is keeping it that way when it’s running.

@@greggoog7559 It's not that security practices are pointless; they're more vital than ever, actually. The problem is that doing anything while maintaining best practices, has become so onerous that the best approach is often to just not do things.
Security isn't just about privacy, it's also about safety... & we are not safe, when relying on these type of shoddy systems.

Everyone saw what they did there, they just didn't feel the need to comment about it due to how basic it is.

Yup.
Trust ≠ security

It's technology, security is impossible. No OEMs are going to be invincible to vuluns.

Yeah, trust ≠ security.
In fact, the more trust we rely on, the less secure.

There's legitimate reasons for a system to not be reporting logs. For example, many customers would want to avoid reporting them for privacy, security, or legal reasons. Correct me if I'm wrong, but I'm pretty sure Cisco provides official mechanisms to turn off syslogs, which is probably what the backdoor emulated.

Not so much "monitoring systems". I don't know of any such technology that has any logic to detect a system being abnormally silent. Yes, syslogd has had a "mark" target for eons, but (a) no one turns it on, and (b) even fewer setup systems to look for it. In my world, I ("The Human") am the only thing that would ever notice "I haven't seen anything from XXX for a while." Depending on the system, there may not be anything to be logged.

@@mollthecoder There is, and the default is local only. If an admin has configured logging, and there aren't any logs coming from it... it's something to be checked. I would expect this level of attack to have disabled syslog in the executable, not just removing the logging commands. (one can see the commands aren't there and put them back.)

it's probably nsa

If they want to uniquely identify each org with that token then they can't destroy it

given the light dark pattern they probably replaced it with words first.

I think there may be confusion between a 32-bit and 32-byte token. The number of unmasked characters is insufficient for 32 bytes.

@@Marc16180 OP is saying that even with blurring text can still be identified

Then recover it and tell the world what it is.

Media license holders _are_ allowed to... Seems weird to have made an exception specifically for IP, but all socially enforced copyright restriction seems weird to me.

in memory backdoor installed via an exploit, not in all the code

​@@LowLevelLearning So the backdoor is planted using some existing vulnerable code on the device, which is why shutting down the device requires reinitialization of backdoor, that makes more sense, thanks!

Nah. Covering your tracks is a standard practice. (not that many a would be hacker gets it wrong)