[Info-vax] IKEA

Stephen Hoffman seaohveh at hoffmanlabs.invalid
Fri Dec 9 16:37:52 EST 2022 

On 2022-12-09 14:05:56 +0000, Alexander Schreiber said:

> Single Stage to Orbit <alex.buell at munted.eu> wrote:
>> On Thu, 2022-12-08 at 08:12 +0000, David Wade wrote:
>> 
>>> Given the ubiquity of SMB is there anything that could be done?
>> 
>> Yes, stop usuing SMB1, use SMB3 instead.
> 
> Which would magically protect against files being encrypted via a 
> machine/user with r/w access to the share exactly how?

I'll here assume this reply was intended as a serious posting, and not 
as a troll.

Yes, ditching SMB1 will absolutely help, as it's hideously insecure. 
Unfortunately for those folks still necessarily using PATHWORKS Server 
/ CIFS / Advanced Server, ditching SMB1 can be a problem. The OpenVMS 
Samba port can help: 
https://vmssoftware.com/docs/samba-release-notes.pdf

The OpenVMS Samba port is 4.10-16A, while Samba 4.17.3 is current. And 
there are security fixes, though whether those also effect OpenVMS I've 
not checked.

Is the removal of SMB1 the only thing that needs to be addressed to 
improve security? No. Of course not. But it helps, as Ned Pyle will 
absolutely tell you. 
https://techcommunity.microsoft.com/t5/storage-at-microsoft/stop-using-smb1/ba-p/425858 


As for the IKEA breach, it's apparently involving spearphishing, and 
the attackers reportedly have more than a foothold in the IKEA networks 
and servers.

Of what is reported about the IKEA breach: 
https://www.bleepingcomputer.com/news/security/ikea-email-systems-hit-by-ongoing-cyberattack/ 


How much we might eventually learn about the details of the IKEA 
breach?  How much IKEA might discuss with VSI, assuming OpenVMS issues 
or exploits are identified and involved in the breach?

Rackspace had an apparently catastrophic hosted Exchange Server Breach 
recently, too. Details: 
https://www.rackspace.com/newsroom/rackspace-technology-hosted-exchange-environment-update 


Mail servers, directory servers, and network servers more generally are 
complex, and failures are bad. Related: https://beyondcorp.com

With OpenVMS, there are various things that the OpenVMS staff, and the 
organization's network and security operations staff, should be aware 
of potential SMB1 usage included, and also including POP and IMAP 
support issues, network service reflection attacks, everybody's 
favorite iLO password-revealing mess, the ill-considered open-relay 
default of the SMTP mail server, and a variety of other 
OpenVMS-specific topics, and of course many other and more generic 
topics. Because while SMB1 might not be part of any particular security 
attack, it could be.


-- 
Pure Personal Opinion | HoffmanLabs LLC

More information about the Info-vax mailing list