Fun and games - hacking & China

| No Comments

Asleep at the wheel - from Ars Technica:

More US agencies potentially hacked, this time with Pulse Secure exploits
At least five US federal agencies may have experienced cyberattacks that targeted recently discovered security flaws that give hackers free rein over vulnerable networks, the US Cybersecurity and Infrastructure Security Agency said on Friday.

The vulnerabilities in Pulse Connect Secure, a VPN that employees use to remotely connect to large networks, include one that hackers had been actively exploiting before it was known to Ivanti, the maker of the product. The flaw, which Ivanti disclosed last week, carries a severity rating of 10 out of a possible 10. The authentication bypass vulnerability allows untrusted users to remotely execute malicious code on Pulse Secure hardware, and from there, to gain control of other parts of the network where it's installed.

Security firm FireEye said in a report published on the same day as the Ivanti disclosure that hackers linked to China spent months exploiting the critical vulnerability to spy on US defense contractors and financial institutions around the world. Ivanti confirmed in a separate post that the zero-day vulnerability, tracked as CVE-2021-22893, was under active exploit.

No complex software is 100% bug free.  Shit happens.  Still, there is no reason they need to be relying on complex software for doing a simple task like establishing a Virtual Private Network and managing a decent level of encryption. There are plenty of established open source packages to do that. This software has been picked over with a fine-tooth comb and is secure. Creeping featuritis is catnip to bugs and exploits.

"Could you add just this one little feature"
      NO

Shit like this is why.

Leave a comment

May 2021

Sun Mon Tue Wed Thu Fri Sat
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31          

Environment and Climate
AccuWeather
Cliff Mass Weather Blog
Climate Depot
Ice Age Now
ICECAP
Jennifer Marohasy
Solar Cycle 24
Space Weather
Watts Up With That?


Science and Medicine
Junk Science
Life in the Fast Lane
Luboš Motl
Medgadget
Next Big Future
PhysOrg.com


Geek Stuff
Ars Technica
Boing Boing
Don Lancaster's Guru's Lair
Evil Mad Scientist Laboratories
FAIL Blog
Hack a Day
Kevin Kelly - Cool Tools
Neatorama
Slashdot: News for nerds
The Register
The Daily WTF


Comics
Achewood
The Argyle Sweater
Chip Bok
Broadside Cartoons
Day by Day
Dilbert
Medium Large
Michael Ramirez
Prickly City
Tundra
User Friendly
Vexarr
What The Duck
Wondermark
xkcd


NO WAI! WTF?¿?¿
Awkward Family Photos
Cake Wrecks
Not Always Right
Sober in a Nightclub
You Drive What?


Business and Economics
The Austrian Economists
Carpe Diem
Coyote Blog


Photography and Art
Digital Photography Review
DIYPhotography
James Gurney
Joe McNally's Blog
PetaPixel
photo.net
Shorpy
Strobist
The Online Photographer


Blogrolling
A Western Heart
AMCGLTD.COM
American Digest
The AnarchAngel
Anti-Idiotarian Rottweiler
Babalu Blog
Belmont Club
Bayou Renaissance Man
Classical Values
Cobb
Cold Fury
David Limbaugh
Defense Technology
Doug Ross @ Journal
Grouchy Old Cripple
Instapundit
iowahawk
Irons in the Fire
James Lileks
Lowering the Bar
Maggie's Farm
Marginal Revolution
Michael J. Totten
Mostly Cajun
Neanderpundit
neo-neocon
Power Line
ProfessorBainbridge.com
Questions and Observations
Rachel Lucas
Roger L. Simon
Samizdata.net
Sense of Events
Sound Politics
The Strata-Sphere
The Smallest Minority
The Volokh Conspiracy
Tim Blair
Velociworld
Weasel Zippers
WILLisms.com
Wizbang


Gone but not Forgotten...
A Coyote at the Dog Show
Bad Eagle
Steven DenBeste
democrats give conservatives indigestion
Allah
BigPictureSmallOffice
Cox and Forkum
The Diplomad
Priorities & Frivolities
Gut Rumbles
Mean Mr. Mustard 2.0
MegaPundit
Masamune
Neptunus Lex
Other Side of Kim
Publicola
Ramblings' Journal
Sgt. Stryker
shining full plate and a good broadsword
A Physicist's Perspective
The Daily Demarche
Wayne's Online Newsletter

About this Entry

This page contains a single entry by DaveH published on May 5, 2021 8:41 PM.

Nice work if you can get it - WOKE Coke was the previous entry in this blog.

Talkin' 'bout my g-g-generation is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives

Pages

OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.2.9