Is it bye bye for Mirai?

 In ITC's Threat of the Week

Exciting news yesterday that the chap suspected of creating the Mirai botnet, or at least the guy who (allegedly) used it to compromise 900,000 Deutsche Telekom routers, has been nicked trying to enter the UK at Luton Airport – even hackers are coming over here now to steal our jobs, whatever next?

So the German Feds want him back and will be extraditing the chap presently, we can’t wait to see the details of the case. Did he write it or mod someone else’s code, why did he do it (showing off or money, has to be one or the other)?

It’s not all good news though since the code is now so widely spread and further modified globally that exploitation of misconfigured, not configured, out of the box home devices will continue to be ‘a thing’; a right pain in the backside for years to come.

We think that the industry should self regulate this matter and have some sort of quality control which only lets these devices work correctly once the default settings have been updated etc. etc. but then as you all know by now, we believe in Fairies, Unicorns, Leprechauns (especially as we approach March), so may well be deluded to think this might ever happen.

Please get your friends, family, people you meet down the pub, anybody informed and beg them to change their default settings!

You can read about the feeling of the collar here.

Some of you may have noticed that Microsoft pulled the scheduled Patch Tuesday last week and that as reported by all security bloggers and agencies, Google’s Project Zero has published details of one or a number of vulnerabilities which it discovered and notified Microsoft of more than 90 days before the scheduled patching.

Project Zero are pretty hard-core in this attitude, they discover a vulnerability, they tell you and 90 days later they tell the world. Is this a good or a bad thing? What do you think?

The good news is that the vulnerability was pretty hard to exploit (you can read about it here) and furthermore Microsoft has released patches for some of the vulnerabilities this week (available via Windows update).

The bad news is there remains a massive bug in SMB traffic handling which needs fixing quickly since exploit code is in the wild, putting the Git into Github. You can read about that vulnerability here.

A couple of us have been lucky enough to spend the week at the Cisco Live event in Berlin. It was huge with so much to see (sore feet all round). Congratulations to Cisco for putting on such a fantastic experience.

We were particularly interested in Cisco’s ‘Umbrella’ product line that is integrating the new Firepower Threat Detection, OpenDNS, CloudLock (a CASB product), Stealthwatch (formerly Lancope) and a shiny new cloud based orchestration layer. We will be looking into integration opportunities of these and other technologies as our NetSure360° product develops.

Have a great weekend and may your teams triumph in the Six Nations.

If you would like to discuss patching, botnets, anything else about security or Rugby, please contact us at: [email protected] or 020 7517 3900.

Author: Kevin Whelan

Recent Posts
Comments
  • Mark T
    Reply

    The 90 “rule” between discovery and publicity seems to be about the right balance. However in all things this has to be judgment call. Would 90 day rule apply to CPNI or medical devices bugs?

    The challenge of home smart devices is that customers should not be asked to do anything to secure devices. Security by default has to be the aim. The model created by the NCSC for smart meters may well work here.

    I found it interesting that SHA1 collision went from a lab demo to exploit (trashing the WebKit GIT repo) in only a few days. Fun times.

Leave a Comment

Tel:
+44 (0) 20 7517 3900

 

Contact ITC Secure

If you have a question, request, comment or requirement, please send us an email now and we will get back to you by return