Newsletter Archives

• FBI Private Industry Notification: Win7 is a leaky boat

  Posted on August 5, 2020 at 07:42 CDT by woody • Comment in the Forums

  The US Federal Bureau of Investigation released PIN number 20200803-002 which says, inter alia,

  The FBI has observed cyber criminals targeting computer network infrastructure after an operating system achieves end of life status. Continuing to use Windows 7 within an enterprise may provide cyber criminals access into computer systems. As time passes, Windows 7 becomes more vulnerable to exploitation due to lack of security updates and new vulnerabilities discovered. Microsoft and other industry professionals strongly recommend upgrading computer systems to an actively supported operating system.

  Migrating to a new operating system can pose its own unique challenges, such as cost for new hardware and software and updating existing custom software. However, these challenges do not outweigh the loss of intellectual property and threats to an organization.

  The announcement is long on conventional wisdom but, as best I can tell, presents no new information. There are some old examples of long-patched security holes (EternalBlue, BlueKeep) and advice that you check your antivirus, spam filters, and close up Remote Desktop access. Most of all, though, the FBI says you should move from Win7 to Win10.

  Which shouldn’t surprise anybody.

  Catalin Cimpanu has a detailed look on ZDNet.

  Windows 7 FBI

• LulzSec rides again

  Posted on June 4, 2011 at 09:40 CDT by woody • Comment in the Forums

  Man, the person (small group?) calling itself LulzSec is on a ride.

  You could probably best describe them as cyber vigilantes. With considerable technical chops.

  In the past few days, they apparently hacked into PBS.org, stole enormous amounts of (unencrypted!) personal information from Sony Pictures and other Sony sites, and dug up dirt on FBI-affiliated security “whitehats” (I use that term in a derogatory sense now, along the lines of “HB Gary.”)

  If you hurry, you can see how they’ve defaced an FBI-affiliated site for Infragard. I’ve never heard of Infragard, but their web site claims “At its most basic level, InfraGard is a partnership between the Federal Bureau of Investigation and the private sector. InfraGard is an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories.”

  Their claims about Infragard have me seeing HB Gary all over again.

  TheHackersNews just tweeted “The Day Gonna be More LULZ.” If it’s anything like the last few days, it’ll be well worth watching. Chilling.

  Other FBI, Infragard, LulzSec