Wednesday, January 13, 2016

New back doors in essential devices on Internet infrastuctures

The Fortinet firewalls and Citrix platforms virtualization are the news stages, using massively, where back doors have been found in the last hours. Someone claims that are attending at the dismantling of the spying infrastructure which we be warned about by Snowden in its days. We will discuss it, as well as the strange friendship between Verizon and the spammer crime and the detection of members from the DDoSers, DD4BC warning group.

Yesterday, at last hour, breaking news: the Fortinet firewalls allows to access with privileges through SSH, with a password given by the system if we access like an user called "Fortimanager_Access". Fortinet reacted immediately, claiming that it wasn´t a back door, but, an access for his personal, unveiled already in 2014 and it has a patch that close it. Although anyone knows about this patch until now...


According to "The Register", the Russian hacker W0rm has discovered a default password, Citrix123, that allows direct passage to the Content Management System (CMS) of the Citrix platforms, the second one more used in virtualization of corporate environments. W0rm has warned Citrix twice, the first time personally, and the second one by an Israeli company, but Citrix didn´t listen them. According W0rm, this would be an open door to a virus for example.

Verizon and spam

Today, we woke up with an accusation from the Spamhaus project against the American provider Verizon: last years the spammers had bought big ranges of IP directions for their business and when IP directions started to be scare, they have dedicated to steal them. Whom are they using to route the stolen IP´s? Verizon, that is actually at the sixth position on the list of Spamhaus " The worst ISPS over the world at the fight against spam".

Byez DD4BC

We finish our daily post with good news; Europol and different European police forces had arranged two members of the dangerous groups DDoS 4 Bitcoins (DD4BC), who had extorted lots of banks, media and big companies last year with impressive Distributed Denial of Service attacks. This operation no will stop the cyber extort, today one of the most buoyant electronic crimes, but at least it will frighten them a little.

We are happy to give you good news sometimes, we wish our readers finish having a good  day.


Post a Comment