Archive for June 23, 2020

It Seems That Netgear Is Rolling Out Firmware Fixes For Their Epic Security #Fail

Posted in Commentary with tags on June 23, 2020 by itnerd

Things seem to be evolving when it comes to the over 70 Netgear routers that are affected by a remote takeover flaw. An issue that Netgear has known about since the start of the year. But didn’t seem to do anything about until the issue became public. Which is one of the reasons why I recommended that you pull the router from service and get something else.

Now, if you want to keep your Netgear router in place rather than replace it with a more secure option from another vendor, I would direct you towards this page on the Netgear support site which seems to be updated on a semi-frequent basis with new router firmware. At last count, I saw new firmware for 8 of their routers. That’s up from two from yesterday. Keep in mind that over 70 routers are affected by this issue. Thus this while showing that they are trying to do something about this epic security #fail, it’s a drop in the bucket relative to the scale of the overall problem. But having said that, if you’re router has updated firmware available, you should install that firmware now. As in right the hell now. Because I guarantee that with exploit code and scanning tools being available, the bad guys are looking for your router to do something evil to it.

I’ll also note something else. On the “Workarounds” section of this page, it says this:

Turning off Remote Management on your router or gateway web user interface significantly reduces your risk of exposure to these vulnerabilities. Remote Management on your router or gateway’s web user interface is turned off by default. If you never enabled Remote Management, you do not need to take any action to turn off Remote Management.

You’ll note the words “significantly reduces your risk of exposure to these vulnerabilities.” It doesn’t say that it eliminates the risk. Which means that even if you do what Netgear suggests, it will only make your network safer, but not safe. Which is why by the weekend, my Netgear router will be off my network and replaced by something else.

There’s another question here that needs to be answered. This story has been out there for a day or two, and you’re seeing updated firmware appear very quickly. So that implies that they could have done this in January when they became aware of this issue. Thus the question is, why didn’t they take action then? Sure they could have been working on a fix between January and now. But if that were true, it should have been released to the public between January and now. Right? The cynic in me says that Netgear wasn’t interested in fixing this until it went public. But I am free to be proven wrong by Netgear. Seeing as they read my stuff, I challenge them to provide not only an answer for this, but please tell me and my readers why you should be trusted going forward.

So how about it Netgear?

Dell Launches New Gaming Gear

Posted in Commentary with tags on June 23, 2020 by itnerd

Today, Dell announced updates to the range of gaming laptops, monitors and peripherals which are slated for release this year. Here’s the highlights:

Dell G7 Laptop

Dell is introducing the new G7 15/17, a powerful gaming laptop that stands out with its own sophisticated style that can easily go from classroom to gaming.

Completely redesigned – with a slim design, powerful performance and value-added features like customizable chassis light – the new G7 touts significant all-around improvements over the previous gen for on-the-go gaming. As we struggle to squeeze into our swimsuits this summer, the G7 15 is a step ahead, dropping by 4mm to a svetle 20.5mm at the hinge, thanks to the innovative hinge design and the black anodized, all-metal chassis construction. The same for its elegant narrow bezel display, going from 9.9mm to 6.5mm on G7 15 and 8.16mm on the 17-inch.

The G7 is powered by the latest 10th Gen Intel Core CPUs (up to i9) and NVIDIA’s GeForce graphic cards (up to NVIDIA® GeForce RTX™ 2070 with Max-Q Design on the 15”, or NVIDIA® GeForce RTX™ 2070 Super on the 17”). Its gameplay experience is enhanced with a precision glass trackpad, customizable chassis lighting and 4-zone RGB keyboard.  And a discrete “Game Shift” macro key instantly kicks the fan’s speed into dynamic performance mode for heavy action scenes. Nahimic 3D Audio rounds out the experience with a 360⁰ soundscape with VoiceBoost and Sound Tracker radar. The new G7 17 will be available on June 23 starting at $1,429.99 USD, with the G7 15 available on June 29 starting at $1,429.99 USD.

Dell G5 Desktop

In the spirit of gaming desktops, Dell brings roller coaster-worthy momentum to the G5 desktop.

Cranking up the torque is Intel’s new 10th Gen Core CPU, delivering performance upgrades for high frames-per-second and smoother gameplay. Paired with VR-capable NVIDIA® GeForce® GTX/RTX or AMD Radeon™ RX 5600 graphics cards for stunning 1080p gaming, you can experience strong performance and lighting quick responsiveness for uninterrupted gameplay.

During intense gaming sessions, you’ll love the G5’s four thermal mode options in the Alienware Command Center that’s adjustable whether you’re gaming, working, studying or watching videos. Easy to expand or upgrade with tool-less entry, G5 is designed as a compact desktop that makes it easier to game in a smaller space like a dorm room, bedroom or office. Its distinctive front panel design is accented by full RGB LED lighting and an optional clear window side panel, making it a stunning conversation starter. The new G5 is initially on sale July 9 starting around $699.99 USD.

Dell Gaming Monitors     

Take your pick with the new Dell 27 Gaming Monitor (S2721DGF) and Dell 27 Curved Gaming Monitor (S2721HGF).

In the flat screen category, our Dell 27 Gaming Monitor offers a reimagined design for gamers who want captivating visuals with VESA DisplayHDRTM 400 for graphic-intensive games. With fast IPS technology, QHD resolution, support for NVIDIA® G-SYNC® Compatible and AMD FreeSyncTM Premium Pro technology, you can expect great color quality and consistency, a blazing 165Hz refresh rate and true 1ms (gray to gray) response time in Extreme mode as well as tear-free, stutter-free graphics.

Spotted with its new gaming-inspired design that offers both functional and aesthetic benefits, the ultra-thin three-sided bezel enlarges the screen area. The intuitive OSD navigation with joystick and short-cut buttons at the back of the monitor is easy to reach and use, while the adjustable stand and tapered base makes for comfortable viewing and the smaller footprint provides greater versatility. Dell 27 Gaming Monitor is available worldwide on July 28 for $569.99 USD.

Designed to draw you deeper into the game, the Dell 27 Curved Gaming Monitor delivers truly immersive gameplay on its expansive curved FHD VA panel display.  With support for NVIDIA® G-SYNC® Compatible technology and fast 144Hz refresh rate, you will enjoy swift and responsive gameplay coupled with buttery-smooth visuals without motion blur. Like its flat screen cousin, this gaming monitor also features the newly revamped gaming-inspired design providing a refreshed identity. Optimized ventilation is achieved with the extra vents on the back for enhanced heat dispersal.  Dell 27 Curved Gaming Monitor is available in China on July 17, expanding worldwide on August 21 for $279.99 USD.

Alienware Keyboard

Does a keyboard make a difference? You know it does. That’s why Dell has pulled out all the stops to bring you the Alienware RGB Mechanical Gaming Keyboard (AW410K).

Designed with full Cherry® MX Brown Switches, its full-height keys are known for their tactility, silent travel and light actuation force, giving gamers incredibly responsive and tactile feedback (not to mention a 100 million-keystrokes lifespan). This thing is beautiful and useful at the same time.  It features fully programmable keys for macros and key assignments as well as AlienFX per-key RGB backlighting that is customizable with up to 16.8 million brilliant colors. The keyboard is safe from freezing up during intense gaming sessions with 100% anti-ghosting with NKRO. With three different angles and easy height adjustability you can game comfortably, while a pass-through USB port conveniently connects to other devices.  Alienware RGB Mechanical Gaming Keyboard is available for sale on August 4 for $129.99 USD.

Early Preview of the Redesigned XPS Desktop

As a bonus – and while Dell is on the subject of desktops – Dell is excited to give you a first look at the new XPS Desktop with a modern minimalistic design. Joining the XPS 17 laptop as the latest addition to NVIDIA’s RTX Studio program, this desktop provides massive performance for powering creation, gaming and VR. Stay tuned for more details coming July 2020.

And finally, as you’re potentially getting ready to spend more time outdoors, Dell also wanted to mention another rig that can that travels – the new Alienware Area-51m. It’s a powerhouse on the patio and a beast at the beach available now starting at $2,299.99 USD

Keyfactor & PrimeKey Partner To Enable Highly Scalable PKI

Posted in Commentary with tags on June 23, 2020 by itnerd

Keyfactor, the leader in securing digital identities, and PrimeKey, a leading provider of open-source public key infrastructure (PKI) and digital signature solutions, today announced a partnership and integration to simplify and automate PKI for large-scale enterprise and internet of things (IoT) deployments.

Enterprises today – and a growing number of connected device manufacturers – rely on PKI to enable digital security. Enterprise security teams and IoT product developers issue trusted and unique identities necessary to protect sensitive data, ensure uptime and secure connections across cloud services and connected devices.

PrimeKey delivers a uniquely scalable and flexible alternative to existing certificate authority (CA) software, providing turnkey PKI solutions for governments, financial institutions and thousands of global enterprises. As a pioneer in open-source PKI, PrimeKey’s solutions address a range of digital identity use cases such as IoT, e-ID and e-Passports, as well as PKI migration and consolidation.

Enterprises today use a mix of public and private CAs to support PKI, yet ever-increasing certificate volumes are a challenge to manage across multiple CA-provided tools. Using an API-based gateway, Keyfactor’s certificate management solution (Keyfactor Command) integrates with PrimeKey’s PKI (EJBCA Enterprise), providing end-to-end visibility and automation to all private and publicly issued certificates within a single, purpose-built platform.

Additionally, the integration between EJBCA Enterprise and Keyfactor’s end-to-end identity platform for connected devices (Keyfactor Control) makes it easy and affordable for IoT device manufacturers to embed trusted identity into their IoT products at design, and secure firmware and software updates through the device lifecycle. 

To learn more about the integration, visit: https://info.keyfactor.com/ejcba-enterprise-certificate-management.

Why Netgear Doesn’t Deserve Another Chance To Get Your Hard Earned Money

Posted in Commentary with tags on June 23, 2020 by itnerd

Yesterday, I reported that Netgear has 79 different router models that are affected by a serious vulnerability that allows for the complete takeover of the router. That’s incredibly bad and far from trivial. But the thing is, we’re been here before. Netgear has a history of security issues in their products that date back many, many years. Let me cite some examples:

Now that last incident was in 2018. and I thought that Netgear had cleaned up their act. But clearly not. Netgear has clearly not learned from their past mistakes. Instead, they repeat them.

Now one thing that I didn’t report was this fact that was pointed out by a reader:

That’s right. Netgear has known about this latest issue with their routers since January of this year. It’s currently late June, and they didn’t take action until these issues were made public. So that’s a complete #fail as it appears to the casual observer that Netgear wasn’t going to take action. And that as far as I am concerned is also the final nail in the coffin.

Netgear has basically proven that they cannot produce a router that will keep you secure. This is doubly important as we are all living in the age of everyone and their dog is working for home. As far as I am concerned, they don’t deserve a cent from you. Thus if you’re affected by their latest security issues, ditch their router right now and buy another brand of router to replace it. What brand of router should you buy? Well, anything is preferable to Netgear as I am not aware of another router brand that has the scale and history of security issues that Netgear does. Thus any other brand is an improvement over Netgear. And going forward, I would not have any Netgear product on your list for any new purchases. Nor will I recommend Netgear to my clients. In fact, I will be pulling my recommendation of the R8500 because of this security fiasco.

If Netgear wants to rescue their image, they need to give a fulsome explanation in terms of how they are going to ensure that users of their products are going to be secure going forward. And they need to bring in a third party to not only audit everything from a security standpoint in that company, but to also make sure that they aren’t just talking the talk, but they are walking the walk 100% of the time. If they want a template to work from, they should look at what Zoom is doing and copy that.

To be frank, I don’t expect Netgear to do this. The fact is, if they were the least bit serious about keeping their users safe, they would have done some or all of this already. And we wouldn’t be here talking about their security issues today. Thus let me restate my recommendation. If you have Netgear equipment, ditch it ASAP. Because they simply do not deserve your hard earned money. Plain and simple.

UPDATE: Netgear has begun to roll out fixes for this fiasco. More details here.