IT BS thread

Just curious why this can't be done remotely if VMs?

 

Law firm... looking for local.

 

I have never individually contracted before, so not even sure this is an option. We can call or text details if needed, but I am headed to VA in the very near future.

 

Whats up nerds?!

 

I just won an argument with an idiot that didn't want to let us add a wireless connection to our secure network for the COVID testing and vaccination team working out in a parking lot because the antenna itself wasn't FIPS-140 compliant. I asked them in a large call "do you even know how FIPS works?"

Silence.

"The antenna is just hardware. As soon as we add it to the secure network, the certificates installed to it are those generated by our root CA and those ARE compliant. Plus we restrict connection rights to only authorized computers, and only authorized users can access that. It's behind the firewall and IDS/IPS, and all traffic through it is scanned. What's the goddamn problem?"

More silence.

The senior exec closed the call with "well, I think we're agreed that we can more forward with this..."

 

Give an idiot an acronym and he can slow things down for a lifetime. When I worked in big pharma and there was a group that would grab onto some part of the CFR-21 and I swear purposely misinterpret it. Read it one way and it said use common sense, read it another and it said spend endless hours in meetings talking in circles.

 

When I was doing cyber weapons development, rule #1 was to keep all SCADA systems off the Internet. Rule. Number. One.



Remote Hacker Caught Poisoning Florida City Water Supply

Hacker Remotely Increased Sodium Hydroxide Levels in Florida City’s Water from 100 Parts Per Million to 11,100 Parts Per Million.

U.S. law enforcement agencies are investigating a remote compromise of a Florida city's water plant, warning that the hackers tried to poison the water supply serving approximately 15,000 residents.

The hack was spotted on February 5th -- and neutralized -- in real time by staff at the plant that supplies water to Oldsmar, a small city close to Tampa, Florida.

Local Sheriff Bob Gualtieri said an unknown adversary hacked into the plant remotely and attempted to elevate levels of levels of sodium hydroxide by a factor of more than 100.

Sodium hydroxide, also known as lye, controls the acidity in potable water but elevated levels maliciously added to water supply can cause physical harm to the public.

Details of the compromise are scarce but local officials made it clear the city's water supply was never affected.

During an explanation on Monday, Sheriff Gualtieri said the hack was first spotted in real time earlier in the morning by a staffer who noticed the remote connection to the plant. The remote attacker reportedly used TeamViewer, a legitimate application used for remote access, to take control of the terminal.

The Sheriff said the remote access itself wasn't unusual but just after lunch on the same day Sheriff Gualtieri said the attacker returned and the plant operators watched as the hackers took control of the mouse and started operating the computer system.

The attacker spent about three to five minutes in the control software and jacked up the amount of lye from 100 parts per million to 11,100 parts per million.

Once the attacker left, the plant operators immediately reverted the change. “At no time was there a significant adverse effect on the water being treated. The public was never in danger,” he claimed.

Cybersecurity experts have long warned that hackers could cause serious damage to organizations by targeting exposed human-machine interfaces (HMIs), and the incident in Oldsmar is another reminder of how vulnerable such systems across the nation's critical infrastructure can be.

"This was not the first attack on water or utilities, and lucky there was a human in the loop to prevent disaster," Ron Brash, Director of Cyber Security Insights at Verve Industrial, told SecurityWeek. "The warning bell should be sounded, but CISOs (or those in charge) are lucky because they are in a very defensible position. In fact, I believe this is a call for organization’s to double down on the cybersecurity basics, assess their asset & infrastructure, and validate controls on their 'crown' jewels."

While this incident may be rare, Brash reminds there are countless other municipalities that are likely in a similar situation. "Remote access has great operational benefits, but it also a great risk (think high likelihood of being attacked). In this case, its very likely that adequate controls preventing non-authorized users from gaining access were absent, or misconfigured. Regardless, this municipality was very lucky."

In early 2020, the Israeli government issued an alert to organizations in the water sector following a series of cyberattacks aimed at water facilities, and advised water and energy firms to immediately change the passwords of internet-accessible control systems, reduce internet exposure, and ensure that all control system software is up to date. Just weeks later, a group of Iranian hackers posted a video showing how they managed to access an industrial control system at a water facility in Israel.

SecurityWeek will be update this article as more information becomes available.

 

So one of the the interesting things about the rail industry is that the devices we use out in the field have a local presence button on them that has to be pressed in order to do make any important changes. You can log in from anywhere (via a private network, of course) to pull logs and stuff, but you have to be physically standing in front of the box to make a configuration change. I'm surprised we don't see that concept applied elsewhere.

 

When I worked for the local power company, I lost my mind when I learned their control system was riding the local university network. I spoke to the security manager and explained to him how easy it would be to drop our management system simply by attacking the university's core routers. He looked at me like I was speaking Klingon with a Romulan accent.

I left after 6 months. Couldn't take it.

 

Oof. People think about security all wrong.

 

I spent some time in the semiconductor industry and got used to separating networks. Our equipment had its own network that we would not mix with the factory network, and the factory networks we connected with were always separated from the rest of the company networks. Then I went to another well-known Austin company that had a completely flat network. I was appalled that I could get into a factory control system from my desk without going through some kind of gateway. I thought they were kidding at first. They recognized that it might be a risk, but the cost of changing it just wasn't worth it to them, and they had made a conscious decision to make it flat. We never had an incident that I knew of, but I'm sure it was only a matter of time.

 

Our production network is physically separated from all lower environments. Each lower environment is logically separated from each other, and each application's development enclave is logically separated from every other enclave. Nothing gets to the Internet without approval, and it's secure tunneled. No servers can directly access the Internet. Admin right usage on any system (*nix, Windows, mainframe, etc) disables all web browsers' abilities to exit the external firewall. Local login disables network access (can't even hit shared drives).

From there we get really strict. I've fired developers for creating service accounts that they then granted interactive login to. Nothing, and I mean NOTHING, happens that we can't have a full audit trail on it.

 

https://arstechnica.com/information...the-same-teamviewer-password-and-no-firewall/

 

This surprises me in no way what so ever. I've be a thorn in the businesse's side more times than I can remember. "wHaT dO yOu meAn I HaVe TO uPgraDE My ComPUterS?!?!?" Me, "I know DOS, Windows 3, 95, 98, XP, Vista, 7 were good in their day, but their day is past. And, I understand that the vendor has gone out of business and we'll have to upgrade the entire system for a lot of money. But, do you want the hack of your system to be why we are in the news?"

 

Fucking dipshits GOT WHAT THEY DESERVED.

 

im doing a subconscious experiment on my boss by setting his application background to a calming light blue.

 

I used to use admin tools to adjust cursor speeds. Mondays were slow, and Wednesdays were zippy.

 

I now understand why anytime there's an issue with Windows at my work, they just replace the whole damn machine.

The touchpad on my kid's laptop stopped working. Windows (10) reports "the device is working properly", but, there's no response from input at all. Not even a mouse pointer. I boot up Linux, the device works fine. Back to Windows, comb through as many settings related to input, everything appears fine and activated. The touchscreen works. External mice work. F it, I'll reinstall the driver. I've been staring at the "Getting Windows ready" screen for 20 minutes and counting...

Also, on my network, I have many devices including Linux, Android, Win 7, Win 10 and occasionally iOS. Only Win 10 seems to randomly disconnect from WiFi.