Treck TCP/IP Library Flaws Discovered, Patches Issued

June 17, 2020 by Marc Handelman in Network Insecurity, IoT Insecurity, Supply-Chain Insecurity, Information Insecurity

via Juha Saarinen, writing at Australia's well-regarded ITNews, reports of security failures in the Treck TCP/IP library, comprimising a wide range of supply-chain related IoT infrastructure. A single ray of happy sunshine illuminating this mess is the apparent acknowledgement of the flawed bits, and issuance of patches for the lib under scrutiny. Today's unfortunate bad news/good news Must Read.

No Direction Home: Large Scale Worldwide DNS Attacks

January 11, 2019 by Marc Handelman in DNS, DNS Record Hijacks, Information Security, Network Security, Network Insecurity

via Muks Hirani, Sarah Jones and Ben Read writing at FireEye's threat research blog, comes notification of world-wide-dns-at-scale hijacks. Pre-election first-pass, stakes-in-the-ground reconnaisance foundation building? Or simple larcency? You be the judge. H/T

"FireEye Intelligence identified access from Iranian IPs to machines used to intercept, record and forward network traffic. While geolocation of an IP address is a weak indicator, these IP addresses were previously observed during the response to an intrusion attributed to Iranian cyber espionage actors." - via Muks Hirani, Sarah Jones and Ben Read writing at FireEye's threat research blog

Latest Chinese BGP Redirect: Your Bits Are In Beijing

November 14, 2018 by Marc Handelman in BGP Routing Insecurity, Network Insecurity, Information Security, Information Warfare

News, via Ars Technica's Dan Goodin, detailing another BGP SNAFU - with the end result being the re-route of legit traffic - and this time - it's Googles' (Nasdaq: GOOG) bits-in-question. Included in the particularly bad-news-for-the-interwebs, is the belief that this redirect was not malicious - this, of course, remains to be proven. Stay Tuned.