Skip to main content

Posts

What is SolarWinds Orion and why should I care that it was hacked?

Full disclosure: I've been employed by several companies that were customers and/or vendors of SolarWinds. However, I have never been employed by SolarWinds and I was not compensated for this post. On December 13th, digital security firm FireEye published a post to their blog with the comprehensive title " Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor ". The post identified a digitally-signed component of the Orion software, SolarWinds.Orion.Core.BusinessLayer.dll, that contained a backdoor. Multiple signed updates contained additional malware. Traffic from infected hosts was disguised using traffic resembling normal SolarWinds activity and avoided using IPs that were part of non-U.S. netblocks or assignments registered to "bullet proof" hosts that are frequented by criminals. Orion's compromised distribution platform was then leveraged to infect a wide variety of organizations. Accordi...

Google Workspace Outage

Yesterday, on December 14th, all services associated with Google Workspace (AKA GSuite - or for those who aren't familiar with it, what is essentially Google's paid "business" services) went offline for roughly an hour from 7AM to 8AM Eastern time. Users typically first encountered the error when attempting to send email or after receiving an error indicating that their account could "not be found" when attempting to login to Google services.  Other impacted services include Youtube and the Google Nest home security service.  Google's official statement to the press described the cause in extremely general terms: Services requiring users to log in experienced high error rates during this period,” a Google spokesperson said. “The authentication system issue was resolved at (7:32 a.m. EST). All services are now restored. We apologize to everyone affected, and we will conduct a thorough follow-up review to ensure this problem cannot recur in the future. ...

Botnet spamming The Pirate Bay with malware

Over the last few weeks, a botnet has been mass-uploading a specific package of what appears to be malware (I haven't had time to look at the payload itself yet). Cleverly, the person(s) behind this effort have appeared to scrape filenames from titles that have already been pirated by popular uploaders. Stupidly, each download uses an obviously fraudulent filesize of 8.04MB. Videogames have not been that small for decades. This mistake would have been less obvious if not for the fact that the same user account - halfax - has uploaded dozens and dozens of games with the exact same filesize. Adding to the obvious fraud behind this effort is the number of nodes sharing these bad files. A screenshot of the current front page of the Games listing for TPB shows the disparity in the number of Seeders and Leachers between files shared by actual pirates and those shared by "halfax": Notice how, although there is variation in the number of seeders and leechers, the varia...

A Shame With No End

Three years ago I wrote a blog post demonstrating how the International Business Times appeared to be associated with some extremely shady online advertising networks , resulting in International Business Times article links being advertised on places like malware-filled mirrors of The Pirate Bay. The presence of IB Times on a Pirate Bay clone site was particularly ironic as the online news outlet had recently published several articles detailing exactly how terrible the ads on Pirate Bay were. To be clear: I never found any indication of any malfeasance on IB Times' part. In fact, I think it is much more likely to be the fault of some affiliate marketing firm that did a poor job of tracking its purchases. As such, I contacted IB Times via Twitter to inform them of my findings. I was contacted by a representative of IBT Media, during which I offered (for free) to walk their marketing staff on how to identify the affiliate responsible for the ad placement. IBT declined - instead...

Palm Beach Post covers the Heroin Epidemic

For over a year I assisted the Palm Beach Post with an in-depth investigation on the State of Florida's involvement with sparking the current heroin epidemic. That investigation has just been published . Among other things, I assisted the Post by creating a custom player to support a carousel-style multimedia presentation with full-screen video encoded using Azure Media Services and distributed through Verizon CDN. It just occurred to me while writing this that my very first work with streaming was Windows Media Services 4.1 on IIS 5.0 (I missed the NetShow party ). It sucked. AMS isn't too bad. For over a century, the United States' narrative surrounding its continuing war on its own drug-addicted citizens has been a jingoistic heap of catch-phrases and rationalizations that have resulted in  the US incarcerating a larger share of our citizens in both absolute and per capita terms than any other nation in the world . News organizations (particularly - but not solely...

NSA Leak Bust Points to State Surveillance Deal with Printing Firms

Earlier this week a young government contractor named Reality Winner was accused by police of leaking an internal NSA document to news outlet The Intercept. The documents outline the intelligence community's take on Russian efforts to hack a variety of companies responsible for facilitating US election voting. You can read the documents here . Despite what anyone might have to say about the issue on Twitter, an arrest involving an accusation of any crime by any law enforcement agency in any country is not evidence of guilt. Even the most circumspect appraisal of the US justice system will reveal that tens of thousands of individuals are arrested every year only to have those charges *immediately* dismissed by a court, while nearly everyone who actually is *convicted* of a crime in this country has their charges reduced. Even in cases in which individuals have been convicted of the the most serious capitol crimes, courts have been forced to release dozens of individuals after DNA ...

Billing systems development now available

Good news for current and future clients of Josh Wieder Technical Consulting : customers can now retain a variety of unique services related to popular hosting billing platforms Ubersmith & WHMCS , many of which are not available anywhere else. The services we are now able to offer include:      - Automated per-minute DID usage billing integration for Vitelity VOIP resellers for both Ubersmith & WHMCS.     - Credit card number and profile migration services to and from WHMCS. We are capable of decrypting CC data stored in WHMCS for you and facilitating migration to a token-based payment verification system (such as Authorize.Net CIM) that can improve your compliance with PCI standards.     - PayPal subscription migration services to, from and between WHMCS & Ubersmith.     - Authorize.Net CIM profile migration services.     - Custom development of Authorize.Net & PayPal gateways ...