Archive for May 21, 2023

A Screw Up By ASUS Knocked A Bunch Of Their Routers Offline For A Couple Of Days

Posted in Commentary with tags on May 21, 2023 by itnerd

Earlier this week there were reports of ASUS routers being knocked offline. The reports started to come in on May 16, 2023 and if you were affected by this (I own an ASUS router and I wasn’t affected, though I should have been. More on that shortly), your issues might have lasted a couple of days. Unless you factory reset your router to get back online.

Now the company was pretty silent about what was going on. In fact people complained about the lack of communication from ASUS. But the mystery was solved via this story from ARS Technica which a reader pointed me to:

Two days later, the Taiwan-based hardware maker has finally answered the calls for help. The mass outage, the company said, was the result of “an error in the configuration of our server settings file.” After fixing the glitch, most users needed to only reboot their devices. In the event that didn’t fix the problem, the company’s support team advised users to save their current configuration settings and perform a factory reset. The company also apologized.

Here’s the root cause in detail:

Asus still hasn’t provided details about the configuration error. Various users have offered explanations online that appear to be correct.

“On the 16th, Asus pushed a corrupted definition file for ASD, a built-in security daemon present in a wide range of their routers,” one person wrote. “As routers automatically updated and fetched the corrupted definition file, they started running out of filesystem space and memory and crashing.”

The explanation answered the question of what was causing routers to crash, but it raised a new one: Why were routers affected even when they had been configured to not automatically update and no manual update had been performed? Asus has yet to address this, but the likely answer is that the definitions file for ASD, which resides in memory and scans devices for security threats, gets updated whether or not automatic updates are enabled.

I might be able to answer some of this.

ASD is the AIProtection functionality that is built into many ASUS routers which is made by anti-virus vendor Trend Micro. What this does is block access to questionable websites, protecting users from spyware, malware, and other unwanted applications while preventing potential distributed denial of service (DDOS) attacks and other security incidents. It relies on definition files to update itself. And the downloading of those definition files are completely independent of the downloading of firmware updates for the routers. That’s why users got this update even if firmware updates were turned off. In fact doing some experiments on my ZenWiFi XT8 indicate that the only way to turn off the updates for AIProtection is to turn off AIProtection. The other thing that AIProtection does is send your browsing history to Trend Micro. Presumably to help to improve AIProtection. But I can see that some people would be bothered by this as it makes you the product seeing as AIProtection is free.

Now this incident highlights the risks of having this sort of functionality built into your router. And if you’re someone who is concerned about this and want another option, I’ll give you two. There’s CIRA Canadian Shield which is a DNS service that offers a lot of this sort of functionality. Along with that is HYAS Protect At Home which is the same sort of product, but it’s a lot more advanced as it is based on their corporate security tech.

A final word about this. ASUS has a bit of a history of finding themselves in bad situations, and screwing the attempts to diffuse the situation in question. This incident is an example of that. It should not have taken ASUS two days to say anything about this issue. And their apology is pretty lame. ASUS really need to learn how to do a better job of managing a crisis situation that affected a large number of their customers. Otherwise, they will not have any customers.

Teen Charged With Breaking Into The DraftKings Website

Posted in Commentary with tags on May 21, 2023 by itnerd

This is a bit different than what I am used to covering. It looks like a teen decided to “flex” about that fact that he broke into betting website DraftKings. And it came back to haunt him it seems:

A boastful teenage hacker has been charged with orchestrating a break-in to the sports betting website DraftKings, which led to $600,000 being drained from hundreds of customer accounts.

Joseph Garrison, 18, of Madison, Wis., is accused of using stolen log-in and password combinations he bought on the dark web to hack his way into 60,000 accounts on DraftKings last November. He then sold the information to others who used it to drain 1,600 customer accounts, federal prosecutors in Manhattan said.

Ani Chaudhuri, CEO, Dasera had this to say:

In the face of this most recent cyberattack on DraftKings, we feel the pain and shock reverberating across the industry. It’s a stark reminder of the profound threat that cybercrime poses to our online businesses and our consumers, undermining trust and causing tangible harm.

The alleged hacker’s flagrant disregard for the consequences of his actions underlines a growing issue – cybersecurity is not just about technology; it’s about people. The threat landscape is constantly evolving, and it’s not just a matter of securing networks and systems, but also about instilling an understanding of cyber ethics and responsibility, especially among younger demographics.

The advent of credential stuffing, the tactic used in this breach, reveals a hard truth: we are only as strong as our weakest link. Reusing passwords across platforms can have cascading effects that go beyond a single compromised account. It emphasizes the urgent need for robust, multi-layered security strategies that include not just advanced technical defenses, but also user education about safe online behavior.

Companies must prioritize deploying dynamic security measures that can adjust and react to emerging threats. Utilizing advanced analytics, AI, and machine learning technologies can help detect and prevent anomalous activities early. Additionally, stronger authentication methods such as multi-factor authentication can significantly reduce the risk of unauthorized access, even if login credentials are compromised.

It’s also critical that we, as an industry, share our experiences and learn from these incidents. Transparency in the face of a breach isn’t an admission of defeat; it’s a commitment to improvement. By sharing knowledge and best practices, we can collectively strengthen our defenses and continue to instill trust in our digital ecosystem.

It’s encouraging to see DraftKings acting swiftly to restore stolen funds and reaffirming their commitment to security. Cybersecurity is not a destination but a journey, and the continued dedication to safety, despite such setbacks, is an essential part of navigating this path successfully. This event underscores that cybersecurity is not a luxury but a necessity in today’s digital world.

Hopefully this teen gets a long prison sentence so that he understand that “flexing” has consequences. And it also sends a message that if you hack something and you get caught, you will pay.