RainSec is happening Tuesday March 25th, 6:30-10:00 PM @ the Lucky Lab Brew Pub (915 SE Hawthorne).

Details are available here:

https://smokesignal.events/did:plc:nzjdkhdb7mzxgehwks2o25ei/3lgp4zavepq2h

https://www.meetup.com/rainsec/events/304282964/

https://groups.google.com/g/rainsec/c/fScU_IyD9Jw

Hey all, don't forget that the Hackboat 2024 unconference is taking place on July 10th!

See https://hackboat.org for details.

RainSec is happening Tuesday June 25th, 6:30-10:00 PM @ the Lucky Lab Brew Pub (915 SE Hawthorne).

Details are available here:

https://www.meetup.com/rainsec/events/300050690/

https://groups.google.com/g/rainsec/c/9rSfnihFq5Y

https://calagator.org/events/1250481001

I wanted to take a few moments and apologize to many of my former students.

In the past I said the industry needs people who look at security as a vocation and an avocation.

I was wrong.

Have a life outside of this industry.

Have hobbies that have nothing to do with your computer.

Get outside.

The problems of the industry are not problems of people not working hard enough.

They are not problems of people not being "hard core" enough.

They are problems of education and resource prioritization.

I was wrong.

I am sorry.

Stop breaking yourself on rocks for people who don't really care if you break yourself on rocks.

@christophetd Initial observation was for "GetAuthorizationToken" API calls to the "ecr.amazonaws.com" service endpoint. I believe this was interactive, because I also saw some attempts to assume other roles when the first attempt failed due to not having needed IAM privileges. Since all attempts resulted in Access Denied, I don't have any further indicators available.

This was the same pattern observed across canary tokens and legitimate tokens.

@georgewherbert Yes, both our support specialist, and the abuse team.

According to a recently published paper by Chinese researchers, it is possible to break 2048-bit RSA encryption using a combination of classical lattice reduction techniques and a quantum approximate optimization algorithm. While this has not yet been demonstrated, the researchers were able to successfully factor 48-bit numbers using a 10-qbit quantum computer, suggesting that it may be achievable with a larger quantum computer, such as the IBM Osprey, which has 433 qbits. It should be noted that this claim should be taken seriously, as it is not clearly incorrect and Shor's algorithm has previously demonstrated that factoring with a quantum computer is relatively straightforward.

#quantum #quantumcomputing #encryption #algorithm #algorithms #cryptography

Summary from Bruce Schneier: https://www.schneier.com/blog/archives/2023/01/breaking-rsa-with-a-quantum-computer.html

Paper: https://arxiv.org/pdf/2212.12372.pdf

@mikemcdnet There is a major difference between "I found a foothold and breached a company that I have zero prior access to" and "I have legitimate access to all of these credentials at a company I work at and I used them to steal information".

https://www.justice.gov/usao-sdny/pr/former-employee-technology-company-charged-stealing-confidential-data-and-extorting

That said, I'm not simping for Ubiquiti, just pointing out that what initially came out in the media was not the real story.

@mikemcdnet I don't disagree entirely, but my point was that an external party didn't get into their systems.

An employee with authorization abused that access to steal customer information from their cloud management offering, while he worked there, and pretended to be an external party while extorting Ubiquiti and giving false information to the press.

This is patently different from "an external party breached their systems" unless I am missing something?

@mikemcdnet

Did you read any of the followup to the alleged "breach"? It was an insider that tried to extort the company and fed false information to @briankrebs, who later issued a retraction.

https://krebsonsecurity.com/2022/08/final-thoughts-on-ubiquiti/

https://www.bitdefender.com/blog/hotforsecurity/man-charged-with-ubiquiti-data-breach-and-extortion-was-employee-assigned-to-investigate-hack/

Now, I'm not saying that their security posture is perfect, an insider threat is still a threat that you need to control for, but this missing context really changes the narrative (at least in my threat model).

It's also possible to run Unifi without any kind of cloud management connectivity.

@mikemcdnet Yeah, another aftermarket firmware, a fork of the old tomato firmware from the WRT54G(L) days. It seems pretty well supported for the r8000 and is still getting updated builds.

I used to run Kong's DD-WRT builds, but he stopped releasing a few years back. I ran into too many issues on the r8000 with mainline DD-WRT.

These days I'm on a PFSense and Ubiquiti stack; been eyeing an AX jump via the Unifi AP-U6-E.

@mikemcdnet Have you looked into the FreshTomato firmware? It's what I used to extend the life of the r8000 when I was still using it. Even if you're done with it, it's a fun project that will make the router more usable to whoever you give it to.