networking

Update: Another IPMI Mishap? Researcher Claims Supermicro Devices Vulnerable

There’s more bad news for companies that rely on the Intelligent Platform Management Interface (IPMI) to manage servers and other hardware in their IT environments. Specifically: researcher Zachary Wikholm over at Cari.net has published evidence of what he says is a head-slapping vulnerability affecting devices that use IPMI Base Management Controllers (BMCs) made by the firm SuperMicro. According to Wikholm, servers equipped with Supermicro BMCs store a password file, PSBlock, in plain text and – making matters worse- leave it open to the world on port 49152. “You can quite literally download the BMC password file from any UPnP enabled Supermicro motherboard running IPMI on a public interface,” he wrote. Baseboard Management Controllers (BMCs) are small, embedded systems attached to a system’s motherboard that manage IPMI communications. Wikholm says that Supermicro has fixed the problem in the latest version of its IPMI firmware. However, companies are often reluctant to flash […]

Continue Reading

IPMI’s Inconvenient Truth: A Conversation With Dan Farmer

The work of brilliant computer security researchers often borders on a kind of madness. After all, it takes dedication and a certain amount of monomania to dig through the mush of disassembled source code or the output of application fuzzers and find the one software vulnerabilities – or chain of vulnerabilities – that might lead to a successful attack. Often, this work puts you at odds with what most of us consider “the real world.” Notably: the well-respected researcher Dragos Ruiu had many in the security community wondering about his sanity after he sounded the alarm about a super stealthy piece of BIOS malware he dubbed “BadBIOS” that seemed to be everywhere and nowhere, all at once. Dan Farmer finds himself in a similar position as he continues to sound alarms about the security threat posed by insecure implementations of the Intelligent Platform Management Interface (IPMI)– a ubiquitous protocol used to do remote […]

Continue Reading

Podcast: Is Defense-In-Depth The Only Real Heartbleed Fix?

Like everyone else, we wrote extensively in the last month about the serious security vulnerability in OpenSSL dubbed “Heartbleed,” which affected many of the world’s leading web sites and services, including Facebook and Google. The large-type headlines about Heartbleed have passed. But that doesn’t mean that the danger has. As we have noted,  we are entering a phase that might be considered Heartbleed’s ‘long tail.’ Most of the well-trafficked websites that were vulnerable to Heartbleed have gotten around to fixing the vulnerability. But public-facing web servers are only the beginning of the story for OpenSSL. Chasing down the vulnerability’s long tail in third-party applications and on internal web sites and applications is a much larger task. As I’ve noted: open source components make their way into all manner of applications and bespoke products these days, often without any effort to assess the security of the borrowed code. For companies that need to protect critical IT […]

Continue Reading

Akamai: New DoS Tool Leads To Resurgence of SNMP Attacks

The security firm Akamai issued an advisory to customers on Thursday warning that a new software tool for managing distributed denial of service (DDoS) attacks was leading to a resurgence in large-scale attacks that use Simple Network Management Protocol (SNMP) traffic to overwhelm web sites.   The Threat Advisory (reg wall) was issued by Akamai’s Prolexic Security Engineering and Response Team (or PLXsert). According to the advisory, Akamai began noticing a resurgence in DDoS attacks using SNMP on April 11. The company said that firms in industry verticals including consumer goods, gaming, online hosting and Software-as-a-Service and non-profits had all been targeted.   [Read more Security Ledger coverage of DDoS attacks here.] The company has identified new- and updated tools in the cyber underground, including one dubbed SNMP Reflector – that are enabling the attacks. Simple Network Management Protocol (SNMP) is a protocol that is used for managing devices on a network including […]

Continue Reading

China Hacking Indictments Day 2: Now For The Blowback

The big news yesterday was about the U.S. Justice Department announcing the first-ever criminal charges against a foreign country for cyberspying. The news today may well be about China (and other countries) taking retaliatory actions, including similar legal steps against individuals in this country, working on behalf of the NSA, CIA or other government agencies. The Justice Department on Monday announced that a grand jury in the Western District of Pennsylvania indicted five Chinese citizens (PDF) for charges that include computer hacking and economic espionage directed at six American companies in the nuclear power, metals and solar products industries. The indictment alleges that the five defendants conspired to hack into American companies on behalf of competitors in China, including state-owned enterprises.  The stolen information included intellectual property that would allow the Chinese firms to better compete with their American competitors. The hackers also stole confidential information regarding business negotiations and other deals that would aid the Chinese […]

Continue Reading
1 13 14 15 16 17