This is Gonna Get Ugly

So my focus is shifting largely due to focus on my professional career, limited time, and frankly the political scene is something that has me so damn angry I need shit to take my mind off of it. For instance I’ve spent my past three weekend moving servers around for a bunch of gun bloggers I take care of hosting for.

For those who don’t know I’m a host, who’s having random sabbaticals, over at The Gunblog Variety Cast.  And well if you know me or have been lucky enough to friend me on Facebook, sorry I don’t just accept anyone, overall I have a solid bead on the tech security space.

The Problem

So incase you’ve been under a rock there have been some major events recently about computer security. First up was “WannaCry“.

WannaCry propagates using EternalBlue, an exploit of Windows’ Server Message Block (SMB) protocol. Much of the attention and comment around the event was occasioned by the fact that the U.S. National Security Agency (NSA) had discovered the vulnerability in the past, but used it to create an exploit for its own offensive work, rather than report it to Microsoft.[22][23] It was only when the existence of this vulnerability was revealed by The Shadow Brokers that Microsoft became aware of the issue,[24] and issued a “critical” security patch on 14 March 2017 to remove the underlying vulnerability on supported versions of Windows, though many organizations had not yet applied it.[25]

The thing is, there’s way more that was in the Shadow Brokers dump and the hits keep coming. CVE-2017-7494 came out May 30th, 2017. This affects “SAMBA”, which is the implementation of the Windows Server Message Block protocol for Linux. I expect a decent chunk of my readership, at least of what’s left since I haven’t written in a year, just went “What!?” It’s at this point I’m going to try to break it down Barney style, ask questions in the comments.

The Windows SMB protocol is how Windows does file sharing.  So when you type something like \mymachinename\ and you see a list of folders available, it’s making use of that protocol. This protocol is also  implemented for Linux that allows you to have a Linux server serving files for Windows machines.

So before I get too much further lets talk about these exploits.  Including a very recent CVE-2017-8543 that was patched Tuesday June 13th. All of them through various methods allowed for whats called “Unauthenticated Remote Code Execution.” The scary thing about 8543 is that it is a zero day, which means that it was found being actively exploited in the wild before the release of the patch.

Logo via Softpedia.

What does that mean, someone, anyone, could cause the end point service to execute arbitrary code sent to it. This wasn’t intentional, that is what makes this an exploit. Someone found a bug that causes the service to behave in this way.  What does that really mean though? It means anyone can send a carefully crafted message to your computer that will make it does whatever they want, including encrypting your data to deny you access.

What does this mean?

So, I hear many of you saying, “Well I have Windows not Linux so I’m good just applying the Microsoft patches right?” This is where I scare the crap out of everyone.

Embedded Linux is used almost everywhere, from cell phones, to ATMs, Network Attached Storage, to the common home wireless router. The good news is really old routers didn’t really offer this as a feature, the bad news is starting around 2013 routers started shipping with USB and eSATA ports so one could connect an external hard drive and share it across the network. It basically was a feature that allowed people to quickly deploy a NAS.

Image via Bob McKay

These embedded devices are all using the SAMBA service as they’re running embedded Linux. It’s worth noting the vulnerability exists going all the way back to March 1st of 2010. So basically any and every router with these features is affected. Going a step further every NAS (Network Attached Storage) device on the market is likewise affected.

So the devices have a software bug, which allows arbitrary code execution which can result in the following:

  • Denial of access to data. It’s encrypted and only decrypted, if they feel like it, after you pay them a ransom.
    • Do NOT pay the ransom. There is no escrow and thus no guarantee you will actually recover your data.
  • Exfiltration of data. Someone searches through your data, saves what they can make money from. Could be IP theft or blackmail.

But it’s a software bug, we just need to get the patch from the manufacturer and life is going to be good right?

The Rub

Image from PCWorld.com

Most of these devices aren’t being updated anymore. That is to say, manufacturers will most likely not be releasing an update to patch this issue if the device is more than a year old.

I’ve got a very nice WRT-1900AC.  The last firmware update was in the middle of 2015. It has features that fall under this and tools show it is vulnerable to the exploit. Let me put this another way. My 300 dollar router, yes that’s what it cost when I bought it, got updates for a year and was then out of service and now critical bugs are being found and left unfixed by the vendor.

Unlike Windows and WannaCry, manufacturers of these devices will leave users vulnerable. Worse, removing them from the network will remove one of the more beneficial features, Network Attached Storage. In the case of routers, these devices are often placed on the border between a users private network and the internet so they are exposed to malicious traffic.

Ideally the router does not present the SMB interface to the internet, however this isn’t to say malicious packets will not find their way into the interior network from the internet if other issues are found with the router. At which point the router will fall victim.

It gets worse…

While working on this post an article came out over at SearchSecurity, discussing CherryBlossom. This was a project by the CIA to attack router security issues including a lack of firmware validation.

“On the enterprise side, the big router manufacturers have offered validation of signed firmware for quite some time. The problem is that it’s not enabled by default for the most part, and it requires that a network admin actually go and do something,” Kuzma told SearchSecurity. “Both the Cisco and Juniper tools rely on MD5 hashes. MD5 is broken as a hashing algorithm, with several known and feasible techniques for generating identical hashes from wildly different binary content.”

Image from Fossbytes.

So this isn’t event just a commercial issue but even an enterprise level issue. Firmware can be updated remotely, over wireless in many cases and has no validation of the code being installed as being from the vendor. Additionally the router provides a fantastic vantage point for an attacker. He can sit in the middle and analyze all your traffic undetected.

It’s like climbing to the top of a peak overlooking a valley. You can see everything from the vantage point.  Not only see in this case, because the router can redirect and alter your traffic to do even more.

So What Do We Do?

First, maintain an offline backup of all your data. Grab a hard drive, copy your important files on to it, and update it periodically.  Do NOT leave it connected to your computer or network. Doing so will leave you vulnerable if something does get in. Plan on when, not if, someone gets in and locks up your data.

Part of this also stems from a “Jack of All Trades” view of equipment in the consumer space and improper defaults in the enterprise space. Really, who wants to buy multiple pieces of equipment and who wants to take the extra steps in configuration?

The problem is in the consumer space ongoing maintenance and support of products is nonexistent.  In the enterprise IT space there are products that are undergoing long-term use and support. Hardware that is often used is basically a mini computer and the router software and firewall is like installing an operating system.

This is where I say something I hate. Because honestly I prefer the easy route for anyone and everyone. It needs to be trivial for a user to do. The problem is this route is leading us down a horrible path because manufacturers are not maintaining their equipment for that path to work.

What’s that mean? You need to actually build a proper firewall appliance and use if for your network. I’m going to write-up a multi part series how-to with instructions. There are a bunch of hardware options, which in itself can lead to the paralysis of analysis. My goal through this is to give a guide of hardware and software to put you in a position you can easily succeed.

The thing is, that’s just bare hardware. It’s dumb, doesn’t do anything, and still needs software and a configuration to run.  So what should you use to protect your network.  Currently the desired guard dog is pFsense.  This takes some work to set up and configure, but in the end will last longer, will be better maintained, and protect your data more reliably.

Over the next couple weeks I will be writing up a how-to on deployment and  looking at creating a default deployment image for that hardware if possible. My hardware choice is slightly different, not because that hardware isn’t good, it’s because I’m doing some advanced deployment for my network.

OpenWRT/DD-WRT are both options as well but there’s a few issues. One they don’t solve the secure update problem seen in Cheery Blossom.  You will still need to disable and remove the mass storage features of the router. While one could look at this you’re also going to no longer use the router as a router but merely an access point.

Depending however on the capabilities of the router, you can do advanced things within your network which still will leverage those capabilities. Ideally though you would still update your router software to OpenWRT/DD-WRT to deal with the exploit, but there can still be a lag or lack of support for your router by either of these solutions. Not to mention the process can be unforgiving and leave you with a brick.

Conclusion:

If you know a friend who’s into IT and computers, now is a good time to buy a case of beer and invite him over to see if he can help. These issues are only going to get worse, especially since the Shadow Brokers are now charging for exploit dumps. Meaning Blackhat hackers will be buying the exploits and unless some whitehats also buy them, which is funding criminal enterprise, we will not know what exploits are in the wild until the malware hits.

Putting multiple eggs into the same basket is becoming more and more risky and we need to start diversifying and looking at using the best tools to protect critical assets. The last thing we want to do is combine the defensive position with the material we’re trying to defend.

This is going to get worse, defense is going to get harder, and the time to start building your earthworks and redoubts is now.

Saying Goodbye to a Friend…

Last Sunday was a sad day. On Facebook I had noted my good friend Ray Carter, aka GayCynic, aka Northwest Freethinker, had passed away. It created a large wake within the gun community spurring a few articles such as this one. Sadly this meant I was going to meet a handful of mutual online friends in meat-space for the first time as we said goodbye to another friend.

The good news was, Ray being Ray made the service a fun ride, having planned much of it in advance himself. Including 37 minutes of prelude music (iTunes link).

Ray's Playlist

Ray’s Playlist

Even to the point of writing his own naming in the service:

Raymond was by his own admission over-serious and more sensitive than was really in his own best interests. He was a recovering alcoholic, sober since 1996 with all the benefits and flaws that implies. He sought to be a good son, to accept his brother for who he was, and to be a good uncle and friend.

Ray was driven to activism by many things. His sense of obligation to those who went before, his fundamental opposition to injustice, his patriotism, his love for his fellow man and his belief that often the kindest and most moral thing a government can do is to leave individuals to work out their own destiny.

Ray considered his nieces a special blessing, and loved them every day of their lives. His favorite holiday was Christmas and he went over the top each year that he could, going wild with decorating and striving to uphold the family traditions. He enjoyed cooking, reading and bull sessions with friends.

His time with the Freedom Day Committee, culminating in co-chairing a Pride Parade was a proud memory that he always enjoyed sharing. He took even greater joy in his time working with the Second Amendment Foundation and for firearms rights, which he saw as just another side of the same issue – civil rights – with debatably saner players. Or at least differently nuts.

Ray came to Masonry later in life, following his father and grandfather into lodge membership. He found this an opportunity for service and as an immense comfort during the last years of his life. He requests that in lieu of flowers or other donations that word be made to the Masonic Scholarship Fund of Alki Lodge #152.The growth of the lodge and facilitating educational opportunities for today’s youth was critically important to him.

The support of the Second Amendment Foundation, his friends and colleagues there, and particularly the support and tolerance of Alan and Julie Gottlieb made possible a dignified and graceful passage and rose well above any reasonable expectation of an employer; they are to be commended for their efforts and Ray hopes they accept his deepest gratitude.

Ray asked that I make clear that this service celebrating his life celebrate ALL of his life – not just one part or another. He chose music, verses and asked for themes that reflected who he was – a decidedly out gay man, a pro-gun activist, a patriot, a “small l” libertarian, a supporter of LGBT rights, and all the other roles in his life. He admitted he cheated and threw in one or two songs that he loved just for the beauty of the songs and asked that all of us here forgive him his final whimsy.

I realize now after the service there was a LARGE number of people who for various reasons weren’t able to make it but wanted to be there. I hope this glimpse into the service will suffice and put a smile on your face like Ray would have wanted.

There was limited commentary while sitting in the church regarding stories about Ray. Well anyone that knows Ray knows exactly why that is, I can’t think of any stories that are “Sanctuary Appropriate”. I made sure the story of Ray and Linoge was given to everyone in the room.

The wife made Ray’s Rice Crispy treats:

Rice Krispy treats

Ray Carter

For a 9×13 pan

Ingredients

1 cup each sugar, peanut butter, and light corn syrup

1 16oz bag each chocolate chips and butterscotch chips

6 cups rice krispies (or cereal to be disposed of)

Directions

In double boiler, melt together until smooth, corn syrup and sugar.

Let come to bare boil, back off. Remove from heat.

Stir in peanut butter, blending thoroughly.

Pour blended mixture over bowl of 6c of rice krispies – mixing thoroughly.

Press into buttered 9×13 pan. Use care and/or a spoon.

Set aside.

Clean or retrieve 2nd double boiler.

Melt together butterscotch chips and chocolate chips, stirring until indistinguishably blended.

Pour over rice krispy mix as frosting, until covered from edge to edge.

Either let set, or to accelerate setting, place in fridge or (if in great hurry) freezer.

Using sturdy knife, cut in 1×1 squares (2×2 seem far more common though).

Consume and giggle.

She even made a sign for the closing quote:

Ray says, Consume and Giggle.

Ray says, Consume and Giggle.

At the end, Phil, Drang, Bradley, Link, Ry, Kyle, Dustin, my Mom, TMW, Harry, and I all headed down for BBQ and spent another couple hours chatting and telling stories.

A bunch of us chatting after everything was over.

A bunch of us chatting after everything was over.

It was a sad day but we all made the most of it. We’ll miss you Ray and so long my brother.

I’m Back Baby…

So, tonight DaddyBear wrote up a post just after I did a Quote of the Day. Well I had come to the same conclusion as I wrote that post and evidently I’m not alone.

 I haven’t said much about gun rights in a long time.  To be honest, after the 2013 anti-rights push, I felt I was beginning to sound like a broken record.  I still supported gun causes, but I stopped using this soap box and others to get the message out.

It appears as always the collective guilt train is out in force again. Attempting to blame people for things they didn’t do. Not only blaming, but attempting to confiscate the property of innocent people who did nothing wrong. As if some how they can stop evil that is so vicious that it convinced two people to abandon their 6 month old baby so they could kill 14 people.

Let me be clear people, no matter how many laws you pass, no matter what barriers you put in place. You will not stop this kind of evil by merely passing laws. You must stand and fight. You must put the rabid dogs down when they show themselves. These people, while detached from reality, are so motivated to plan, acquire, detail, and act. You will not stop this by disarming and abusing innocent people.

Hell they still did this in California, with some of the most strict gun control in the country. Gun control didn’t stop them in Paris either.

Yet here we are, with the media and the extreme fringe blaming the NRA and the gun owning public as if they are responsible for the deeds of a lunatic. No, we’re not and collective guilt is bullshit.

So again I find myself winding up for the fight. Here currently on the soap box, with a drive over the next year for the ballot box. Additionally with a strive to educate those so they are ready even for the Jury Box. Lastly however we must train and prepare, even for the cartridge box. There are many who even think those first three boxes are a lost cause. Given many different factors they may be right, but currently the paths still exist so we must try.

Let me say here and now though they are flirting with a line in the sand for many. I remember the lessons of the 20th century. And well, this is the best way to describe exactly how I’m feeling right now.

Screw The Facebooks…

So if you’re friends/follow me on Facebook you will have probably noticed that I, who am normally active and full of commentary have been dead silent. Not only that if you try to hit up my Facebook page it is gone. Every comment I ever wrote, everything. Facebook has scrubbed me entirely from its system.

What was my transgression I hear you ask. You would think I was excessively nasty or offensive or did something that pissed someone off and the answer to that is a simple no. That isn’t to say I don’t say things that are offensive to some or that I don’t poke the bear, it’s just that I don’t do it in a manner that I walk into someone else’s house to do it.

No the burr up Facebook’s ass is they seem to think my name is not my real name. Let me repeat that, they thinks my name isn’t a real name. Evidently the idea that someone is named with my unique name is just too damn hard to fathom. Now it should be noted I only used my last initial because well they wouldn’t let me suppress the damn thing otherwise. Frankly I’m not a fan of stalkers, supporting stalkers, or making it easier for stalkers, yet here Facebook is doing exactly that. Sure you could do some digging and find my Facebook page, not the one tied to the blog, but the fact of the matter is I’d rather keep the people who are missing the order of fries and the drink in their happy meal away from my personal page. I use the FB mainly to keep in touch with friends and family, if I feel like a debate it’s here or twitter. News flash Facebook, you claim this is to make sure people can find me. Everyone who knows me can find me, quite easily I might add. So please STFU.

So now that my account is disabled though, with no real note of when they will re-enable it if at all, I am wondering. Why do we need Facebook? Why do we need a centralized cloud which can censor everything? I’ve chatted with friends about a possible alternative method to remove the central gate-keeper. The main reason we haven’t is because well who cares? Facebook works right? Why is it worth my time? Well all the sudden you’ve taken the guy with the idea and the means and given him a motive.

So in the mean-time, maybe I should just blog more. Because eventually, we’re not going to need you Mark Zuckerberg and when that day comes you’ll merely be like Tom from MySpace.

For you podcast listeners…

I’ve been slacking. Between working gun shows, writing up responses and chatting with journalists my blogging has been light. However it’s nice to have some outside influence to force me to be regular about one thing.

So Sean and Wizard started a new podcast a couple weeks back. It features a crazy cast that many of you will be familiar with:

Episode 6 just went live. The podcast as a whole features everything from guns, prepping, world politics, and tech. Give it a listen.

iTunes link for those of you with iDevices.

2,000 Times….

That’s how many time’s I’ve hit the submit button. This post is #2000 that I’ve published. I saw this morning when I went to check on the blog it was sitting at #1999. We’ll there’s a post scheduled for later this morning but I like nice even round numbers.

So here’s a couple Ear Worms to start off your morning:

Make sure you actually let this play at least to 1:30, the rest is an intro. Real song starts @1:48.
(I know not everyone likes heavy metal.)

Beware it might get dusty…

This made me laugh…

I was about to just straight up bit bucket this thing but decided to at least take a look since all I saw was the name when I glanced on my phone.  I’m glad I did because I needed a good laugh.

From: Amy <[email protected]>
Subject: ATTENTION the-minuteman.org OWNER!!!

Message Body:
Hello the-minuteman.org owner,

My name is Amy and I am a private investigator with 20 years of experience. PLEASE READ THIS MESSAGE SERIOUSLY! While browsing the internet just now, I found out there are some people talking BAD about your website the-minuteman.org at a few online forums and Facebook groups. They are creating Bad Reputation about your website the-minuteman.org! They even say the-minuteman.org is a big liar and many people had believed them!

I decided to capture some screen shots of their activities and make it into a FREE report for you.

Please download the report that I made for your website the-minuteman.org here : [link removed for safety]

Your contact form does not allow file upload, so I uploaded it into a free file hosting site called cleanfiles.net, they host files for free so you are required to complete a short survey before downloading your report.

Take a look into this matter RIGHT NOW! Download your report here : [link removed for safety]

P/S: I am just trying to help. If you DON’T CARE about your REPUTATION you can ignore my message.

Amy.


This mail is sent via contact form on The Minuteman http://www.the-minuteman.org

Obviously you’re not familiar with me or this website.  I am well known and take pleasure in the idea that some people hate me.  I’m well aware of people writing bad things about me on the internet.  I just make sure when I find it I return the favor.

I’m reasonably sure Amy that my reputation with those I actually respect is quite well intact.  In the words of Winston Churchill:

You have enemies? Good. That means you’ve stood up for something, sometime in your life.

Thanks for confirming I’ve done my job.

It’s a Weird Feeling

Through my online travels I’ve ended up meeting and getting to know a lot of people in digital space.  Most of these people I would have never met otherwise and due to the nature of the online relationship I know more about them than many people I do know in meat-space.

So it’s a weird feeling thinking of someone as a friend that honestly I’ve never actually met in meat-space.  I’ve got plenty of them, including a bunch I have also met in meat-space, but the saddest most helpless feeling is seeing one of my friends in trouble, with not a damn thing I can do.  Especially when it drags on in a manner that doesn’t seem to end.

As another one of my friends said:

She’s going to be just fine. I mean really, whose side do you want to be on? Tam’s or cancer’s?

I betting on Tam.

Jennifer is right, Tam will be fine.  It did however remind me of something that has been discussed before.  The wonder that is the internet and the expansion and alterations to the boundaries of our “tribes”.

There are many who wouldn’t have moved into my circle of friends if it hadn’t been for this invention known as the internet.  It’s nice having it here though because even in the middle of this whole mess I’m reminded of why I love this community and why I’m so glad to be a part of it.

Go give Tam some words of support.  One of these day’s I’ll finally get to meet her, I’ve got some other friends who have met her and have had nothing but nice things to say about her personality in meat-space.