Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

America has been discovered before, but it has always been hushed up. -- Oscar Wilde

computers / comp.os.vms / Re: IKEA

SubjectAuthor
* IKEAArne Vajhøj
`* Re: IKEADavid Wade
 `* Re: IKEASingle Stage to Orbit
  `* Re: IKEAAlexander Schreiber
   +- Re: IKEASingle Stage to Orbit
   +* Re: IKEAStephen Hoffman
   |`* Re: IKEAArne Vajhøj
   | `- Re: IKEAStephen Hoffman
   `- Re: IKEAArne Vajhøj

1
IKEA

<tmra0j$1sqq$1@gioia.aioe.org>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=25784&group=comp.os.vms#25784

  copy link   Newsgroups: comp.os.vms
Path: i2pn2.org!i2pn.org!aioe.org!LeVffQP25j5GAigzc2gaQA.user.46.165.242.75.POSTED!not-for-mail
From: arn...@vajhoej.dk (Arne Vajhøj)
Newsgroups: comp.os.vms
Subject: IKEA
Date: Wed, 7 Dec 2022 19:09:54 -0500
Organization: Aioe.org NNTP Server
Message-ID: <tmra0j$1sqq$1@gioia.aioe.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Info: gioia.aioe.org; logging-data="62298"; posting-host="LeVffQP25j5GAigzc2gaQA.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.5.1
Content-Language: en-US
X-Notice: Filtered by postfilter v. 0.9.2
 by: Arne Vajhøj - Thu, 8 Dec 2022 00:09 UTC

https://cybernews.com/news/ikea-posted-ransomware-gang/

<quote>
"IKEA Morocco and Kuwait faced a cyber attack, causing disruptions on
some operating systems. The attack is being investigated in
collaboration with the competent authorities as well as our
cybersecurity partners," the company said in a Twitter post in French.
</quote>

I assume that "some operating systems" does not include VMS.

But does anyone know?

Arne

Re: IKEA

<tms69p$r1rc$1@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=25785&group=comp.os.vms#25785

  copy link   Newsgroups: comp.os.vms
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: g4u...@dave.invalid (David Wade)
Newsgroups: comp.os.vms
Subject: Re: IKEA
Date: Thu, 8 Dec 2022 08:12:40 +0000
Organization: A noiseless patient Spider
Lines: 26
Message-ID: <tms69p$r1rc$1@dont-email.me>
References: <tmra0j$1sqq$1@gioia.aioe.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 8 Dec 2022 08:12:41 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="b3810b36dbb06f73830aab5132bb5124";
logging-data="886636"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/7ZgkBBmlciiPgqXyX0T8w"
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.5.1
Cancel-Lock: sha1:xJDknN6NxwXcpe7E+wbmaQj8Zco=
In-Reply-To: <tmra0j$1sqq$1@gioia.aioe.org>
Content-Language: en-GB
 by: David Wade - Thu, 8 Dec 2022 08:12 UTC

On 08/12/2022 00:09, Arne Vajhøj wrote:
> https://cybernews.com/news/ikea-posted-ransomware-gang/
>
> <quote>
> "IKEA Morocco and Kuwait faced a cyber attack, causing disruptions on
> some operating systems. The attack is being investigated in
> collaboration with the competent authorities as well as our
> cybersecurity partners," the company said in a Twitter post in French.
> </quote>
>
> I assume that "some operating systems" does not include VMS.
>
> But does anyone know?
>
> Arne

Interesting question. It appears from what I have read that there is a
lot of ransomware which targets files on SMB shares, and I expect these
would find and encrypt anything shared from a VMS box by Pathworks for
example.

Does this mean VMS is affected?

Given the ubiquity of SMB is there anything that could be done?

Dave

Re: IKEA

<b1970c8bd02fc91d1abed23ea5a14b9a1101f4b8.camel@munted.eu>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=25786&group=comp.os.vms#25786

  copy link   Newsgroups: comp.os.vms
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!palladium.buellnet!not-for-mail
From: alex.bu...@munted.eu (Single Stage to Orbit)
Newsgroups: comp.os.vms
Subject: Re: IKEA
Date: Thu, 08 Dec 2022 10:00:02 +0000
Organization: One very high maintenance cat
Message-ID: <b1970c8bd02fc91d1abed23ea5a14b9a1101f4b8.camel@munted.eu>
References: <tmra0j$1sqq$1@gioia.aioe.org> <tms69p$r1rc$1@dont-email.me>
Reply-To: alex.buell@munted.eu
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Injection-Info: solani.org;
logging-data="1893154"; mail-complaints-to="abuse@news.solani.org"
User-Agent: Evolution 3.44.4
Cancel-Lock: sha1:q7UIRgZPJMWxBagsbviHiL/9D4M=
In-Reply-To: <tms69p$r1rc$1@dont-email.me>
X-User-ID: eJwVwokRwDAIA7CVeIIh47gU9h+h15PCoeg8CJzYHx49nBbRd6uWTJoskYxh4jbd2o/Ap7TNZ5S8lk+YRH1rtRWq
 by: Single Stage to Orbi - Thu, 8 Dec 2022 10:00 UTC

On Thu, 2022-12-08 at 08:12 +0000, David Wade wrote:

> Given the ubiquity of SMB is there anything that could be done?

Yes, stop usuing SMB1, use SMB3 instead.

--
Tactical Nuclear Kittens

Re: IKEA

<slrntp6g64.3l3ap.als@frodo.angband.thangorodrim.de>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=25787&group=comp.os.vms#25787

  copy link   Newsgroups: comp.os.vms
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: als...@usenet.thangorodrim.de (Alexander Schreiber)
Newsgroups: comp.os.vms
Subject: Re: IKEA
Date: Fri, 9 Dec 2022 15:05:56 +0100
Organization: Not much.
Lines: 16
Message-ID: <slrntp6g64.3l3ap.als@frodo.angband.thangorodrim.de>
References: <tmra0j$1sqq$1@gioia.aioe.org> <tms69p$r1rc$1@dont-email.me>
<b1970c8bd02fc91d1abed23ea5a14b9a1101f4b8.camel@munted.eu>
Reply-To: als@usenet.thangorodrim.de
Injection-Info: reader01.eternal-september.org; posting-host="ad0a6bdd9e01b9d6eda6dadfbc10b968";
logging-data="1234832"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+hCMFOb7H+97Rc27bD33WY"
User-Agent: slrn/1.0.3 (Linux)
Cancel-Lock: sha1:G53oHxhlxokJXE7PFBNU8i8Vgro=
 by: Alexander Schreiber - Fri, 9 Dec 2022 14:05 UTC

Single Stage to Orbit <alex.buell@munted.eu> wrote:
> On Thu, 2022-12-08 at 08:12 +0000, David Wade wrote:
>
>
>> Given the ubiquity of SMB is there anything that could be done?
>
> Yes, stop usuing SMB1, use SMB3 instead.

Which would magically protect against files being encrypted via a
machine/user with r/w access to the share exactly how?

Just wondering,
Alex.
--
"Opportunity is missed by most people because it is dressed in overalls and
looks like work." -- Thomas A. Edison

Re: IKEA

<dee26f912ff0a173bf8f9722d0510151c99f8bcd.camel@munted.eu>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=25788&group=comp.os.vms#25788

  copy link   Newsgroups: comp.os.vms
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!palladium.buellnet!not-for-mail
From: alex.bu...@munted.eu (Single Stage to Orbit)
Newsgroups: comp.os.vms
Subject: Re: IKEA
Date: Fri, 09 Dec 2022 18:23:10 +0000
Organization: One very high maintenance cat
Message-ID: <dee26f912ff0a173bf8f9722d0510151c99f8bcd.camel@munted.eu>
References: <tmra0j$1sqq$1@gioia.aioe.org> <tms69p$r1rc$1@dont-email.me>
<b1970c8bd02fc91d1abed23ea5a14b9a1101f4b8.camel@munted.eu>
<slrntp6g64.3l3ap.als@frodo.angband.thangorodrim.de>
Reply-To: alex.buell@munted.eu
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Injection-Info: solani.org;
logging-data="918341"; mail-complaints-to="abuse@news.solani.org"
User-Agent: Evolution 3.44.4
Cancel-Lock: sha1:H5u0YLFqohp3w4mAtyf9x0bWc4A=
X-User-ID: eJwFwYEBwCAIA7CXQKHUc5SO/09YkhuOrkAicnKmEa2z1m1em8TBSjip43EjN8tFBv3jCys9zbKmWzEl/T+VFOk=
In-Reply-To: <slrntp6g64.3l3ap.als@frodo.angband.thangorodrim.de>
 by: Single Stage to Orbi - Fri, 9 Dec 2022 18:23 UTC

On Fri, 2022-12-09 at 15:05 +0100, Alexander Schreiber wrote:
> > > Given the ubiquity of SMB is there anything that could be done?
> >
> > Yes, stop usuing SMB1, use SMB3 instead.
>
> Which would magically protect against files being encrypted via a
> machine/user with r/w access to the share exactly how?

That would be most unfortunate, I agree but moving to SMB3 gives
greater security and if rights and/or permissions were set correctly,
the damage could be limited.
--
Tactical Nuclear Kittens

Re: IKEA

<tn09rg$1balu$1@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=25789&group=comp.os.vms#25789

  copy link   Newsgroups: comp.os.vms
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: seaoh...@hoffmanlabs.invalid (Stephen Hoffman)
Newsgroups: comp.os.vms
Subject: Re: IKEA
Date: Fri, 9 Dec 2022 16:37:52 -0500
Organization: HoffmanLabs LLC
Lines: 65
Message-ID: <tn09rg$1balu$1@dont-email.me>
References: <tmra0j$1sqq$1@gioia.aioe.org> <tms69p$r1rc$1@dont-email.me> <b1970c8bd02fc91d1abed23ea5a14b9a1101f4b8.camel@munted.eu> <slrntp6g64.3l3ap.als@frodo.angband.thangorodrim.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: reader01.eternal-september.org; posting-host="19ff3b74127c130d83f335bd1dd62454";
logging-data="1419966"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19haAJK6obQ66llOaClCuyjsAgJRcVHEo8="
User-Agent: Unison/2.2
Cancel-Lock: sha1:Q9CUv8mjMX3hg2Q8epxY2TpMZ40=
 by: Stephen Hoffman - Fri, 9 Dec 2022 21:37 UTC

On 2022-12-09 14:05:56 +0000, Alexander Schreiber said:

> Single Stage to Orbit <alex.buell@munted.eu> wrote:
>> On Thu, 2022-12-08 at 08:12 +0000, David Wade wrote:
>>
>>> Given the ubiquity of SMB is there anything that could be done?
>>
>> Yes, stop usuing SMB1, use SMB3 instead.
>
> Which would magically protect against files being encrypted via a
> machine/user with r/w access to the share exactly how?

I'll here assume this reply was intended as a serious posting, and not
as a troll.

Yes, ditching SMB1 will absolutely help, as it's hideously insecure.
Unfortunately for those folks still necessarily using PATHWORKS Server
/ CIFS / Advanced Server, ditching SMB1 can be a problem. The OpenVMS
Samba port can help:
https://vmssoftware.com/docs/samba-release-notes.pdf

The OpenVMS Samba port is 4.10-16A, while Samba 4.17.3 is current. And
there are security fixes, though whether those also effect OpenVMS I've
not checked.

Is the removal of SMB1 the only thing that needs to be addressed to
improve security? No. Of course not. But it helps, as Ned Pyle will
absolutely tell you.
https://techcommunity.microsoft.com/t5/storage-at-microsoft/stop-using-smb1/ba-p/425858

As for the IKEA breach, it's apparently involving spearphishing, and
the attackers reportedly have more than a foothold in the IKEA networks
and servers.

Of what is reported about the IKEA breach:
https://www.bleepingcomputer.com/news/security/ikea-email-systems-hit-by-ongoing-cyberattack/

How much we might eventually learn about the details of the IKEA
breach? How much IKEA might discuss with VSI, assuming OpenVMS issues
or exploits are identified and involved in the breach?

Rackspace had an apparently catastrophic hosted Exchange Server Breach
recently, too. Details:
https://www.rackspace.com/newsroom/rackspace-technology-hosted-exchange-environment-update

Mail servers, directory servers, and network servers more generally are
complex, and failures are bad. Related: https://beyondcorp.com

With OpenVMS, there are various things that the OpenVMS staff, and the
organization's network and security operations staff, should be aware
of potential SMB1 usage included, and also including POP and IMAP
support issues, network service reflection attacks, everybody's
favorite iLO password-revealing mess, the ill-considered open-relay
default of the SMTP mail server, and a variety of other
OpenVMS-specific topics, and of course many other and more generic
topics. Because while SMB1 might not be part of any particular security
attack, it could be.

--
Pure Personal Opinion | HoffmanLabs LLC

Re: IKEA

<tn0hld$11bs$1@gioia.aioe.org>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=25790&group=comp.os.vms#25790

  copy link   Newsgroups: comp.os.vms
Path: i2pn2.org!i2pn.org!aioe.org!LeVffQP25j5GAigzc2gaQA.user.46.165.242.75.POSTED!not-for-mail
From: arn...@vajhoej.dk (Arne Vajhøj)
Newsgroups: comp.os.vms
Subject: Re: IKEA
Date: Fri, 9 Dec 2022 18:51:08 -0500
Organization: Aioe.org NNTP Server
Message-ID: <tn0hld$11bs$1@gioia.aioe.org>
References: <tmra0j$1sqq$1@gioia.aioe.org> <tms69p$r1rc$1@dont-email.me>
<b1970c8bd02fc91d1abed23ea5a14b9a1101f4b8.camel@munted.eu>
<slrntp6g64.3l3ap.als@frodo.angband.thangorodrim.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Info: gioia.aioe.org; logging-data="34172"; posting-host="LeVffQP25j5GAigzc2gaQA.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.5.1
X-Notice: Filtered by postfilter v. 0.9.2
Content-Language: en-US
 by: Arne Vajhøj - Fri, 9 Dec 2022 23:51 UTC

On 12/9/2022 9:05 AM, Alexander Schreiber wrote:
> Single Stage to Orbit <alex.buell@munted.eu> wrote:
>> On Thu, 2022-12-08 at 08:12 +0000, David Wade wrote:
>>> Given the ubiquity of SMB is there anything that could be done?
>>
>> Yes, stop usuing SMB1, use SMB3 instead.
>
> Which would magically protect against files being encrypted via a
> machine/user with r/w access to the share exactly how?
>
> Just wondering,

Ditching SMB1 does not help if the attack is
using intended file access on a file share.

Ditching SMB1 helps a lot if the attack is based
on one of the known vulnerabilities in SMB1.

Arne

Re: IKEA

<tn0hqk$11bs$2@gioia.aioe.org>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=25791&group=comp.os.vms#25791

  copy link   Newsgroups: comp.os.vms
Path: i2pn2.org!i2pn.org!aioe.org!LeVffQP25j5GAigzc2gaQA.user.46.165.242.75.POSTED!not-for-mail
From: arn...@vajhoej.dk (Arne Vajhøj)
Newsgroups: comp.os.vms
Subject: Re: IKEA
Date: Fri, 9 Dec 2022 18:53:55 -0500
Organization: Aioe.org NNTP Server
Message-ID: <tn0hqk$11bs$2@gioia.aioe.org>
References: <tmra0j$1sqq$1@gioia.aioe.org> <tms69p$r1rc$1@dont-email.me>
<b1970c8bd02fc91d1abed23ea5a14b9a1101f4b8.camel@munted.eu>
<slrntp6g64.3l3ap.als@frodo.angband.thangorodrim.de>
<tn09rg$1balu$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Info: gioia.aioe.org; logging-data="34172"; posting-host="LeVffQP25j5GAigzc2gaQA.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.5.1
X-Notice: Filtered by postfilter v. 0.9.2
Content-Language: en-US
 by: Arne Vajhøj - Fri, 9 Dec 2022 23:53 UTC

On 12/9/2022 4:37 PM, Stephen Hoffman wrote:
> On 2022-12-09 14:05:56 +0000, Alexander Schreiber said:
>> Single Stage to Orbit <alex.buell@munted.eu> wrote:
>>> On Thu, 2022-12-08 at 08:12 +0000, David Wade wrote:
>>>> Given the ubiquity of SMB is there anything that could be done?
>>>
>>> Yes, stop usuing SMB1, use SMB3 instead.
>>
>> Which would magically protect against files being encrypted via a
>> machine/user with r/w access to the share exactly how?

> Yes, ditching SMB1 will absolutely help, as it's hideously insecure.

It help for some security problems, but not for the one described.

> Is the removal of SMB1 the only thing that needs to be addressed to
> improve security? No. Of course not. But it helps, as Ned Pyle will
> absolutely tell you.
> https://techcommunity.microsoft.com/t5/storage-at-microsoft/stop-using-smb1/ba-p/425858

As always there are a lot of things to do to secure a system, but
getting rid of SMB1 should be part of it.

> As for the IKEA breach, it's apparently involving spearphishing, and the
> attackers reportedly have more than a foothold in the IKEA networks and
> servers.
>
> Of what is reported about the IKEA breach:
> https://www.bleepingcomputer.com/news/security/ikea-email-systems-hit-by-ongoing-cyberattack/

That was last year.

Is it the same this year?

Arne

Re: IKEA

<tn0j0g$1dgm9$1@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=25792&group=comp.os.vms#25792

  copy link   Newsgroups: comp.os.vms
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: seaoh...@hoffmanlabs.invalid (Stephen Hoffman)
Newsgroups: comp.os.vms
Subject: Re: IKEA
Date: Fri, 9 Dec 2022 19:14:08 -0500
Organization: HoffmanLabs LLC
Lines: 54
Message-ID: <tn0j0g$1dgm9$1@dont-email.me>
References: <tmra0j$1sqq$1@gioia.aioe.org> <tms69p$r1rc$1@dont-email.me> <b1970c8bd02fc91d1abed23ea5a14b9a1101f4b8.camel@munted.eu> <slrntp6g64.3l3ap.als@frodo.angband.thangorodrim.de> <tn09rg$1balu$1@dont-email.me> <tn0hqk$11bs$2@gioia.aioe.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: reader01.eternal-september.org; posting-host="ccf800cac55ed938f447b67e356b3afb";
logging-data="1491657"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+neVre7b+vls/8bbBEJR28tCq0j0t2+tc="
User-Agent: Unison/2.2
Cancel-Lock: sha1:5Pz7CvPQ7VJfqtYHVsLTDQI5cdQ=
 by: Stephen Hoffman - Sat, 10 Dec 2022 00:14 UTC

On 2022-12-09 23:53:55 +0000, Arne Vajhj said:

> On 12/9/2022 4:37 PM, Stephen Hoffman wrote:
>> On 2022-12-09 14:05:56 +0000, Alexander Schreiber said:
>>> Single Stage to Orbit <alex.buell@munted.eu> wrote:
>>>> On Thu, 2022-12-08 at 08:12 +0000, David Wade wrote:
>>>>> Given the ubiquity of SMB is there anything that could be done?
>>>>
>>>> Yes, stop usuing SMB1, use SMB3 instead.
>>>
>>> Which would magically protect against files being encrypted via a
>>> machine/user with r/w access to the share exactly how?
>
>> Yes, ditching SMB1 will absolutely help, as it's hideously insecure.
>
> It help for some security problems, but not for the one described.

I'll concede that this is not the worst possible problem, of all
possible problems.

SMB1 is a problem that no network should have.

But then this is comp.os.vms, and arguing for the removal of telnet,
FTP, and SMB1 is viewed as traumatic change for some.

>> Of what is reported about the IKEA breach:
>> https://www.bleepingcomputer.com/news/security/ikea-email-systems-hit-by-ongoing-cyberattack/
>>
>
> That was last year.
>
> Is it the same this year?

Ah, my bad.

Here are some of the recent reported IKEA-related security breaches:
2019:
https://cyware.com/news/ikea-inadvertently-exposed-over-400-email-addresses-due-to-human-error-e14e9f38

2022:
https://globalnews.ca/news/8812708/ikea-canada-internal-data-breach-95000-records/

2022:
https://www.techradar.com/news/ikea-confirms-it-was-hit-in-significant-cyberattack
(which lists Morocco, Kuwait and maybe Jordon, and apparently
franchises.)

--
Pure Personal Opinion | HoffmanLabs LLC

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor