As much as I like and make a living from technology, I have always maintained a healthy interest in all aspects of digital security. I have written plenty of previous articles about how technology is pretty devoid of good security in my opinion, such as:
The world of security anonomalies
Security before convenience or else
Here’s another recent personal episode that once again proves my point that we are headed to a very bad place with technology due to a lack of focus and understanding of the real value of security.
While visiting a family member they informed me they feared their PC had been hacked. The reason sighted was they saw a message appear on the screen, while browsing the Internet, that told them their system had been hacked. They immediately panicked and turned the whole system off awaiting my arrival.
Time to investigate.
I powered the machine back up and ran a few scans and checked the logs and couldn’t see anything nasty. The family member told me that had been searching the Internet and viewing the resultant sites. The last one they remember visiting was:
Rather the visting the site I ran my own search on the name of the business.
Above is the first result that was returned. If you look closely you’ll see that results returned are just ‘default text’ ( i.e. Donec ullamcorper…). This indicates to me that site still has some ‘defaults’ set somewhere. If that is the case then the site also probably has ‘default’ security, which really means no security!
After a little more digging I turned up the suspect HTML page and the above image from the browser cache which is what the user remembered seeing.
The suspect HTML also revealed that the exploit used was against an outdated Mailchimp WordPress plugin.
After some further checking I was confident that the exploit targeted the insecure server not client browsers. I re-assured the user that all was good and they didn’t have anything to worry about (for the reasons I’ll point out a bit later).
After some more digging it turns out that the company whose web site it was actually went into liquidation a while back.
Tasmanian Air Adventures in liquidation
That was about 10 months ago as of today.
So here are my comments/questions:
1. Why the hell is an insecure web site still allowed be to be running when that company was liquidated 10 months ago?
2. Who the hell is paying for that server to be still running?
3. If that web server was actually shared amongst others that insecure account now potentially makes all accounts on that server vulnerable.
I could go on but ….
My point here is that as we race towards making technology more and more part of our lives and our businesses, including connecting them all together all the time, we make ourselves more vulnerable to any single insecurity.
The Internet of Things sure sounds great but it will open a Pandora’s box of pain for everyone by connecting every device we see to the Internet. Why? Because all it requires is one insecurity in any of these connected system to give the bad guys a foot hold. In fact, I would contend that it is too late, they already well entrenched.
I’m scared. I really am. We are building a world that is going to fail, and fail potentially castastrophically. It is going to make us more vulnerable. It’s a world were the financial incentive is heavily stacked towards doing evil rather than good.
It is pretty much impossible these days to go totally unibomber and unplug. Thus, our only realistic option is to deal with the world we have created. That means taking total ownership of your own security.
Case in point, the family member who experience this issue was running a FULLY patched AUTOMATICALLY updating version of Windows 10 with other security measure in place thanks to your truly. Many people complain about the change Microsoft made to have Windows and Office automatically update. I, however, think that is GREAT! It is one thing EVERY piece of software MUST do in my opinion. Otherwise, we leave holes that the bad guys can crawl into and never be removed once they are in.
The reality, which I believe fails to be grasped, is that technology security is a losing equation. Every day more and more software and devices become vulnerable because they are not being updated YET they remain connected, just like the web server my relative was visiting.
I’m sorry, we are all doomed and technology is to blame. You have been warned.
CIAOPS 