Friday, November 5, 2021

Security Smörgåsbord, vol. 13 no. 7

Here's a collection of interesting computer security news from the last month or so.

When there's never any good news, some good news is always welcome. Port of Houston successfully blocks cyber attack

The Port of Houston, a major U.S. port, was targeted in an attempted cyber attack last month, the Port shared in a statement on Thursday.

“The Port of Houston Authority (Port Houston) successfully defended itself against a cybersecurity attack in August,” the statement reads. “Port Houston followed its Facilities Security Plan in doing so, as guided under the Maritime Transportation Security Act (MTSA), and no operational data or systems were impacted as a result.” 

I think this may be the first time in 13 years that I've posted a success story.  I have a post tag called pwned; maybe I need one called "Not pwned"?  Anyway, chalk one up for the good guys.  Ports are very much part of critical infrastructure.

Let's Encrypt allows root and intermediate certificates to expire:

Websites and apps are suffering or have suffered outages around the world for at least some netizens today due to connectivity issues.

Though the exact causes of the IT breakdowns are in many cases not fully known right now, there has been a sudden uptick in downtime right as Let's Encrypt, which provides free HTTPS certificates to a ton of organizations, let one of its root and intermediate certs expire.

This expiration should be invisible to software, services, and users relying on the certificates for encryption, tamper-proof communications and whatnot, however not all systems appear to have handled the expiry well. 

[facepalm]  There are two ways to look at this.  The first option is that an Internet Certificate Authority doesn't really know how to manage their own certificates.  The second is that programmers who write code using these certificates don't really know hoe to manage their certificates.  I'm not sure which is more terrifying. 

Ransomware attack leads to baby's death:

A U.S. hospital paralyzed by ransomware in 2019 will be defending itself in court in November over the death of a newborn, allegedly caused by the cyberattack.

As the Wall Street Journal reported on Thursday, the baby’s mother, Teiranni Kidd, gave birth to her daughter, Nicko Silar, on July 16, 2019, without knowing that the hospital was entering its eighth day of clawing its way back from the attack.

According to court filings, health records at the hospital – Springhill Medical Center, in Mobile, Ala. – were inaccessible. A wireless tracking system for locating medical staff was still down. And, in the labor-and-delivery unit, staff were cut off from the equipment that monitors fetal heartbeats, which are normally tracked on a large screen at the nurses’ station and in the delivery room.

Those monitors should have informed the staff of what was a life-threatening situation, alleges a medical malpractice lawsuit that Kidd has filed in the Circuit Court of Mobile County. Nicko was born with the umbilical cord wrapped around her neck, choking off her blood and oxygen. She suffered severe brain damage and died nine months later.

I'm going to have to borrow J.Kb's wood chipper ...

NSA has released a guide on how to pick a secure VPN.  I'm cynical enough to wonder if NSA isn't trying to lead everyone to poor encryption choices.  Again.  Oh, who am I kidding?  They've never stopped.  Once is coincidence, twice is happenstance, three times is enemy action.


Beans said...

So, in a nutshell, following commonsense protocols and procedures makes one not vulnerable to attacks.

Putting all of one's eggs in a badly made basket, on the other hand, especially one made by the NSA, not so much.

Good on the Port of Houston.

Jerry said...

I saw an interesting proposal recently; governments should issue Letters of Marque for private hackers to pursue other hackers. The privateers can claim bounty for unmasking and identifying hackers as well as keep some or all of their ill-gotten gains.

Borepatch said...

Jerry, people have been talking about "the right to 'hack back'" for years and years. The consensus is that this is a Very Bad Idea due to how easy it is for an attacker to spoof his address to get you to attack someone who is blameless.