The infosec Grinch made its first appearance last week when hackers known as Phantom Squad announced they will strike with DDoS attacks on gaming servers over the Christmas week. If you recall, last Christmas, it was the Lizard Squad who claimed responsibility for the DDoS attacks on the PSN and Xbox Live servers leaving millions of gamers reeling. What’s worse is that the group is definitely not bluffing as only last week they claimed responsibility for knocking Reddit offline. Hopefully with this warning, both Sony and Microsoft will take the necessary precautions and save Christmas.
Also last week it was revealed hackers installed rogue software on Juniper firewall, Iran was blamed for a dam breach near New York City and Goldman Sachs admit one, big, mistake!
Hackers install rogue software on Juniper firewall
Juniper made its mark with routers that had more speed and capacity than those from Cisco. As a result, Juniper devices power much of the Internet and a good part of large enterprise data centers. So when last week it was reported that spying software was successfully embedded onto Juniper gear – in this case Juniper firewalls – it made the headlines.
The hackers modified Juniper firewall code, giving them access to the devices. More troubling, the hack was only recently discovered, but the spy code seems to have been embedded years ago, and since the hack was discovered Juniper has been trying to educate customers to the fact that hackers have password access to the firewalls.
Fortunately there is a patch, but many of these firewalls haven’t been updated. The password is unfortunately now public, making these firewalls sitting ducks.
Juniper CIO Bob Worrell came clean with the information late last week. “During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen® devices and to decrypt VPN connections. Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS,” Worrell wrote. “At this time, we have not received any reports of these vulnerabilities being exploited; however, we strongly recommend that customers update their systems and apply the patched releases with the highest priority.
Dam breach blamed on Iran
In 2013, hackers from Iran took over the system that controls a dam near New York City – potentially allowing them to release torrents of water and wreak major havoc. The incursion was kept quiet for two years, and then the information was leaked to the Wall Street Journal.
The 20 foot tall damn was breached by hacking a cellular modem that was used for in and outbound communication. The lesson here is that critical infrastructure, such as dams, power grids, and communications systems, are still far too vulnerable, especially since much of the computing and network systems are based on old technology.
The hack may have been payback for a US-based attack on an Iranian nuclear operation, an attack that used the all too common Stuxnet malware.
How Goldman Sachs got it so wrong on Microsoft
Securities firm Goldman Sachs really should have a good bead on Microsoft. After all, it helped bring Microsoft public 30 years ago, and for years Goldman’s Rick Sherlund was the number 1 Microsoft analyst. But two years ago, the Wall Street giant told investors to sell Microsoft stock. Those that did are kicking themselves now, and the stock has gone up over 80% since 2013.
I’ve always defended Microsoft against the bashers. After all, it has perhaps the broadest product portfolio with most of its tools forming a tightly integrated ecosystem. And it has tens of thousands of incredibly smart people. That is how it so successfully reacted to seismic market changes such as the Internet and cloud computing.
You’d be wise to never count Microsoft out. Goldman made the mea culpa argument in a recent report where it simply said “We were wrong. We failed to appreciate that the stock would disconnect from downward EPS revisions, and the significant upward rerating of the multiple driven by MSFT’s transition to the cloud (Office 365 and Azure).” It goes on to state that Microsoft “has been successfully transitioning its Office installed base to Office 365, is the number two leader in cloud services behind Amazon Web Services and has shown strong operating expense discipline and capital allocation.”