DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • DevOps Chats
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Communities
    • AWS Community Hub
    • CloudBees
    • IT as Code
    • Rocket on DevOps.com
    • Traceable on DevOps.com
    • Quali on DevOps.com
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DevSecOps
  • DevOps Onramp
  • Practices
  • ROELBOB
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps

Home » News » Dev Job Phisher Steals $540M | Patch OpenSSL NOW | Systemd Dev Joins Microsoft

Dev Job Phisher Steals $540M | Patch OpenSSL NOW | Systemd Dev Joins Microsoft

By: Richi Jennings on July 7, 2022 Leave a Comment

Welcome to The Long View—where we peruse the news of the week and strip it to the essentials. Let’s work out what really matters.

This week: Spear-phishing causes $540 million loss, a high severity bug in OpenSSL might be “worse than Heartbleed,” and Lennart Poettering is now working for Microsoft.

AppSec/API Security 2022

1. Don’t Phall for Phishing

First up this week: A senior developer allowed hackers to break into their employer’s network by opening an emailed attachment. The dev trusted the sender because it appeared to be a company offering a juicy job.

Analysis: Don’t let your guard down

DevOps staff are usually the most switched on to the risks of opening email attachments. But even the most careful might fail to spot a clever, patient attacker such as this one.

Ryan Weeks: How a fake job offer took down the world’s most popular crypto game

Rarely has a job application backfired more spectacularly than in the case of one senior engineer … whose interest in joining what turned out to be a fictitious company led to one of the [cryptocurrency] sector’s biggest hacks [as] Ronin, the Ethereum-linked sidechain … lost $540 million. … One source added that the [recruitment was] through the professional networking site LinkedIn.
…
The fake “offer” was delivered in the form of a PDF document, which the engineer downloaded — allowing spyware to infiltrate Ronin’s systems. From there, hackers were able to attack and take over … the Ronin network.


PDF? How was that possible? zrobotics saw a similar scenario:

Phisher asked employee to sign a document relating to customs. The phisher had gathered that this employee works with shipping claims and returns, and surmised that they need to deal with customs documents requiring signature.

There was a link to an exe hosted on a European cloud service in the PDF titled “install fake signature certificate company to sign this document.” This directed to a download of a basic ransomware executable. This did get past our AV to the point of encrypting the employee’s machine, but thankfully was blocked from spreading to the rest of the network.

The employee’s machine was toast, but I was able to restore from the prior day’s backup and no major harm occurred … but they did lose a half-day work and I updated our training. The attack itself was clever from a social engineering perspective, but the technical exploit was something any script kiddy could have downloaded from the open web, nothing advanced at all. But Gmail doesn’t always scan links in PDFs, so a clever ruse was able to bypass Google’s scanning as well as our local scanning.


Social engineering FTW, though. Here’s Rachel Tobac:

Job based phishing attacks are a huge challenge for a lot of reasons: It’s tough to verify identity/authenticity with people you have no relationship with, job opportunities actually do reach out to schedule interviews/send info so attack method matches real life, etc.


2. OpenSSL Bug ‘Worse Than Heartbleed’?

OpenSSL 3.0.4 introduced a tricky vulnerability that allows an attacker to corrupt server memory. CVE-2022-2274 might let such scrotes execute code remotely.

Analysis: Patch now, obvs.

3.0.5 fixes the flaw and is now available upstream. If your servers support AVX512IFMA instructions, you should go get it as soon as your distro has it.

Guido Vranken: OpenSSL remote memory corruption

Peculiarly, almost nobody is talking about this: … OpenSSL version 3.0.4 … is susceptible to remote memory corruption which can be triggered trivially by an attacker. … x64 systems with AVX512 support are affected.
…
If RCE exploitation is possible this makes it worse than Heartbleed. … Apart from code execution, there can also be scenarios where private data is leaked to the attacker.


Why are we still using OpenSSL when there are better choices? ggm:

OpenSSL represents “API/ABI” dependency. People coded to this.

OpenSSL is also “s/w by accretion” as people added and removed things over time. The original core, SSLEAY, Was an exemplary instance of somebody outside the core cryptographic community … and was hand coded to be both algorithmically faithful to export restrictions (ITAR) and machine code optimisations: it was fast.


And here’s a slightly sarcastic Sirened:

Intel, in a shocking move, has preemptively patched this vulnerability in silicon by deprecating AVX512 months ago.


3. Systemd Dev is now Working for Microsoft

Systemd is like Marmite … or the Kia Soul: You either love it or hate it. Will more people hate it now that its creator is a Microsoft employee?.

Analysis: Embrace, extend, extinguish?

Microsoft has long touted its love and support of open source. But people have pachydermous memories—so trust is hard to earn. But Lennart Poettering joins a long and distinguished list of current and former FLOSS devs.

Michael Larabel: Systemd Creator Lands At Microsoft

Lennart Poettering quietly … left Red Hat following a decade and a half there leading PulseAudio among other projects and ultimately going on to start systemd, which has fundamentally reshaped modern Linux distributions. … He joined the Redmond company … it actually turns out not to be a joke.
…
The prominent open-source developer [is] continuing his focus on systemd development. While some may not always align with his views or approaches to handling some things, there is no overstating his enormous contributions to the Linux/open-source world.
…
Microsoft has over time employed a number of Linux developers and other prominent open-source developers. [For example] Python creator Guido van Rossum, GNOME creator Miguel de Icaza … Nat Friedman … Gentoo Linux founder Daniel Robbins … Steve French … Matteo Croce, Matthew Wilcox, Tyler Hicks, Shyam Prasad N, Michael Kelley, and many others. … It was also just earlier this year that Christian Brauner … another longtime Linux kernel developer, joined Microsoft.


“Quietly”? em-bee’s not surprised:

I am not surprised that he made this move quietly. Poettering’s work attracted a disproportionate share of criticism, and moving to Microsoft is not exactly a helpful move to quell that criticism.
…
Since he continues to work on systemd, critics will now start to decry systemd as being a Microsoft product. … This move is likely to strengthen the anti systemd camp.


Whatever Microsoft does, some people will never trust the company. For example, rabcor:

Systemd is great, though it’s hated … for its monolithic structure, which is a pretty lame reason. … I’m sure that we’ll start seeing more distros moving away from systemd purely due to mistrust towards Microsoft—and that’s a good thing, ‘cuz variety and choice is nice.

I truly don’t mind sticking with systemd though, even with Poettering working on it from Micro$oft, I mean I hate Microsoft, and I sure as **** wouldn’t trust them with a pet rock, but systemd is an open source project and if they force some shady **** into systemd then someone’s just gonna fork it and remove it and we’ll all use that instead.
.


The Moral of the Story:
Be great in act, as you have been in thought


You have been reading The Long View by Richi Jennings. You can contact him at @RiCHi or [email protected].

Image: Bruno van der Kraan (via Unsplash; leveled and cropped)

Recent Posts By Richi Jennings
  • We Must Kill ‘Dinosaur’ JavaScript | Microsoft Open Sources 3D Emoji
  • Recession! DevOps Hiring Freeze | Data Centers Suck (Power) | Intel to ‘be’ Wi-Fi 7
  • VW CEO Fired for Dev Fails | Fiber Shortage Hits | Google Fires Blake Lemoine
More from Richi Jennings
Related Posts
  • Dev Job Phisher Steals $540M | Patch OpenSSL NOW | Systemd Dev Joins Microsoft
  • Red Hat CEO: Out | Blind Users: Revolt | ARM: Google Joins Party
  • Does Microsoft really have a DevOps story?
    Related Categories
  • API
  • Blogs
  • Business of DevOps
  • Continuous Delivery
  • DevOps and Open Technologies
  • DevOps Culture
  • DevOps in the Cloud
  • DevOps Practice
  • DevOps Toolbox
  • DevSecOps
  • Enterprise DevOps
  • Features
  • Identity and Access Management
  • IT as Code
  • Leadership Suite
  • Most Read
  • News
    Related Topics
  • Be great in act as you have been in thought
  • Lennart Poettering
  • LinkedIn
  • microsoft
  • open source
  • OpenSSL
  • phishing
  • recruitment
  • systemd
  • The Long View
Show more
Show less

Filed Under: API, Blogs, Business of DevOps, Continuous Delivery, DevOps and Open Technologies, DevOps Culture, DevOps in the Cloud, DevOps Practice, DevOps Toolbox, DevSecOps, Enterprise DevOps, Features, Identity and Access Management, IT as Code, Leadership Suite, Most Read, News Tagged With: Be great in act as you have been in thought, Lennart Poettering, LinkedIn, microsoft, open source, OpenSSL, phishing, recruitment, systemd, The Long View

Sponsored Content
Featured eBook
The State of the CI/CD/ARA Market: Convergence

The State of the CI/CD/ARA Market: Convergence

The entire CI/CD/ARA market has been in flux almost since its inception. No sooner did we find a solution to a given problem than a better idea came along. The level of change has been intensified by increasing use, which has driven changes to underlying tools. Changes in infrastructure, such ... Read More
« DevOps Unbound EP 19 – How AI and ML are being used in DevOps Today – TechStrong TV
DevOps Unbound EP 18 – Standardizing DevOps – TechStrong TV »

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

The ROI of Integration: Must-Have Capabilities to Maximize Efficiency and Communication
Thursday, August 18, 2022 - 11:00 am EDT
Best Practices For Writing Secure Terraform
Thursday, August 18, 2022 - 3:00 pm EDT
Transforming the Database: Critical Innovations for Performance at Scale
Tuesday, August 23, 2022 - 1:00 pm EDT

GET THE TOP STORIES OF THE WEEK

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2022 ·Techstrong Group, Inc.All rights reserved.