Archive | June 14, 2017

What’s on your network?

This article in ZDNet points to flaws in Microsoft’s SMB file sharing systems (“Windows networking”) that are, unfortunately, faithfully reproduced in Samba:

http://www.zdnet.com/article/its-not-just-windows-anymore-samba-has-a-major-smb-bug/

See also:

https://access.redhat.com/security/cve/CVE-2017-7494

This means that an old Samba server you have could be be misused as a vector for malware to get a foothold on systems where local Windows machines could get infected. Over the weekend, I went through and cleaned out, updated, reconfigured, or blocked access at some of my client sites.

I also took a long look at our in-house dev network for stuff that could be a problem and found a couple of issues:

– An old Western Digital NAS device was running an *ancient* version of Linux and Samba, and unfortunately is no longer being supported by the manufacturer (last update, 2012). In addition to basic SMB file serving, it supplied media streaming over various protocols and offered ftp (turned off). Despite being in fine shape, mechanically and electronically, I had to turn it off, because, even though the source code is available (yeah, GPL), cross-compiling and rebuilding an ARM 2.6 kernel and utilities into a modern version, and getting it to work on an unsupported device is more effort than I have time for.

– A couple of our networked printers shipped from the factory with all their protocols turned on, even if not configured nor active: SNMP, Web server,  SMB, FTP, tftp, LPD, Raw port, IPP, AirPrint, Web Services, Google Cloud Print, SMTP, mDNS and LLMNR, several of which I had to look up. Surely, there could be no flaws there! And, to boot, two of them were running older versions of firmware, also worth updating.

I am a strong skeptic of the IOT marketing that drops devices into your home/office network that communicate with “the cloud” and can be run from your cellphones, or likely anyone else’s. Unlike PCs with firewalls, intrusion detection, malware scanners and intentionally secure devices like routers, IOT devices are trying to “Just Work” and security might not be in mind.

I knew this was the case for things like “Smart” TVs and voice-recognition devices, but it hadn’t dawned on me that printers would also be in that category.

Be careful out there.

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.