Security News for the Week Ending October 25, 2019
Database Leaked 179 GB of Personal Data of military personnel, officials and hotel customers.
I wish this was a new story. Autoclerk, a Best Western service that manages reservations, revenue, loyalty programs, payment processing and other functions for the hotel chain. left an elastic search database exposed.
Hundreds of thousands of guest reservations were exposed including names, home addresses, dates of birth, travel dates and other information.
The reason why government and military personnel are affected is that a government contractor that deals in travel reservations was sucked into the breach. Source: SDNet.
San Bernadino Schools Hit By Ransomware
A message on the school district’s web site says not to worry, all of your data is secure. (it’s just that it has all been encrypted by a hacker). Phones are working but email is not working. Schools in Flagstaff closed last month for several days while officials got things under control after a ransomware attack there. Source: ABC
Russia Using “False Flags” to Confuse Security Experts
Researchers are still dissecting the attack on the 2018 Olympics in South Korea. Russia inserted false signals and other misdirections in order to may people think that the attack came from China or North Korea. This does point out that if you are willing to spend millions of dollars, you likely can figure out quite about a cyber attacker. The story is so complex that one of the researchers wrote a book, Sandworm, which will be available on Amazon on November 5, 2019. Source: WaPo
Amazon’s Web Services DDoSed for 10 Hours This Week
For about 10 hours earlier this week parts of Amazon were effectively offline. Amazon’s DNS servers were being hammered by a DDoS attack. This meant that Amazon backend services such as S3 may have failed for websites and apps that attempted to talk to those services. The outage started around 0900 east coast time so it impacted users throughout the work day on Tuesday October 22, 2019. For developers and businesses this is just one more reminder that nothing is bullet proof if the bullet is large enough. Even though Amazon has an amazing about of bandwidth and infrastructure, it can get taken down.
Other services that were affected included RDS (database), Simple Queue Service, Cloudfront, Elastic Compute Cloud, and Elastic Load Balancing. Amazon did offer some ways to mitigate the damage if it happens again – see the link below. As a business you need to decide how much cost and effort you are willing to expend to mitigate rare occurrences like this. Source: The Register.
Comcast is Lobbying Against Browsers Encrypting DNS Requests
Here is a big surprise. As the browser vendors (Chrome and Firefox) add the ability to support encrypting your DNS requests to stop people from spying on you, one of the biggest spies, Comcast, is lobbying against this. They say that since Google would be able to see the data, that puts too much power in Google’s hands. Ignore for the moment that Firefox is not using Google as a DNS provider and also ignoring that Google is offering users at least 4 different encrypted DNS providers. Lets also consider that encrypted DNS is not even turned on by default. The much bigger issue is that Comcast will not be able to see your DNS requests and therefore will not be able to sell your web site visit data. But of course, we would not expect them to be honest about why. Source: Motherboard.