Information Technology

A year ago, Forrester set out to document a new model for security and networking that was gaining mindshare in the market. As a result, Forrester recently published its research in a new report that introduces the Zero Trust Edge model for security and network services. There’s a similar name going around in the market, “Secure Access Services Edge” (SASE) to describe the same model. We put the emphasis on the Zero Trust part.  

ZDNet Recommends

Forrester is an advocate for this model for several reasons. But the primary one is this: The internet was designed without security in mind. Should we, as technologists, just expect every organization in the world to simply attach themselves directly to it and hope it all works out for them? For 25 years, we’ve just been putting Band-Aids on top of Band-Aids, hoping to stop the cybersecurity bleeding, but the carnage gets worse every year. The Zero Trust Edge (ZTE) model is a safer on-ramp to the internet for organizations’ physical locations and remote workers. 
A ZTE network is a virtual network that spans the internet and is directly accessible from every major city in the world. It uses Zero Trust Network Access (ZTNA) to authenticate and authorize users as they connect to it and through it. If those users are accessing corporate services like an on-prem application or Office 365, they may rarely even “touch” the internet, except to be safely tunneled through it, and they’ll certainly be kept away from the bad parts of town. 
Tactics Vs. Strategy 
Many enterprises are looking at this model to tactically solve a specific problem: securing the remote workforce. These organizations realize that acquiring more VPN licenses during the COVID-19 lockdown was just a stopgap measure to keep people working. Now, they’re looking for a ZTNA solution. 
All ZTE vendors have ZTNA because it’s the primary security service of their stack. Once enterprises start talking with vendors like Zscaler, Akamai, or Netskope, they realize there are more security services they can consume as a service, and now they’re talking themselves into ZTE strategy. 
In the future, after other technologies like SWG, CASB, and DLP are integrated into the stack, organizations will look to put all their network traffic through these ZTE networks. And that’s where the security and network teams will have to work together, because legacy on-prem networks are heterogenous, and the migration of giant datacenters or 12-story hospitals using software-defined WAN (SD-WAN) as a transport into the ZTE networks will be a challenge.  
We’ll solve the tactical problem, remote workforce, first with ZTNA. We’ll move on to the larger security challenges next. And finally, we’ll address the network. In the end, remote users, retail branches, remote offices, factories, and data centers will be connected to ZTE networks that will use Zero Trust approaches and technologies to authenticate, sanitize, and monitor connections through the network and into the internet and public clouds. 

To understand the business and technology trends critical to 2021, download Forrester’s complimentary 2021 Predictions Guide here. 
This post was written by Senior Analyst David Holmes, and it originally appeared here.  More

The Tor mode included with the Brave web browser allows users to access .onion dark web domains inside Brave private browsing windows without having to install Tor as a separate software package.
Added in June 2018, Brave’s Tor mode has allowed throughout the years access to increased privacy to Brave users when navigating the web, allowing them to access the .onion versions of legitimate websites like Facebook, Wikipedia, and major news portals.
But in research posted online this week, an anonymous security researcher claimed they found that Brave’s Tor mode was sending queries for .onion domains to public internet DNS resolvers rather than Tor nodes.
While the researcher’s findings were initially disputed, several prominent security researchers have, in the meantime, reproduced his findings, including James Kettle, Director of Research at PortSwigger Web Security, and Will Dormann, a vulnerability analyst for the CERT/CC team.

Furthermore, the issue was also reproduced and confirmed by a third source, who also tipped off ZDNet earlier today.
The risks from this DNS leak are major, as any leaks will create footprints in DNS server logs for the Tor traffic of Brave browser users.
While this may not be an issue in some western countries with healthy democracies, using Brave to browse Tor sites from inside oppressive regimes might be an issue for some of the browser’s other users.

Brave Software, the company behind the Brave browser, has not returned a request for comment sent before this article’s publication earlier today.
Over the past three years, the company has worked to build one of the most privacy-focused web browser products on the market today, second only to the Tor Browser itself.
Based on its history and dedication to user privacy, the issue discovered this week appears to be a bug, one the company will most likely hurry to address in the coming future.
Update: Minutes after this article went live, the Brave team announced a formal fix on Twitter. The patch was actually already live in The Brave Nightly version following a report more than two weeks ago, but after the public report this week, it will be pushed to the stable version for the next Brave browser update. The source of the bug was identified as Brave’s internal ad blocker component, which was using DNS queries to discover sites attempting to bypass its ad-blocking capabilities, but had forgotten to exclude .onion domains from these checks.

tl;dr1. this was already reported on hackerone, was promptly fixed in nightly (so upgrade to nightly if you want the fix now)2. since it’s now public we’re uplifting the fix to a stable hotfixroot cause is regression from cname-based adblocking which used a separate DNS query https://t.co/dLjeu4AXtP
— yan (@bcrypt) February 19, 2021 More

Malaysian officials announced on Thursday the arrest of 11 suspects believed to be part of a hacktivist group that defaced government websites during late January.
The group, calling itself Anonymous Malaysia, defaced 17 websites for local governments and universities, according to posts they made on a Facebook page earlier this month.
The defacements were part of a campaign the group called #OpsWakeUp21, during which they wanted to highlight the poor security of government websites by posting warning messages on their front pages (see screenshot above).
Malaysian authorities started an investigation after the attacks took place in late January, and 11 suspects were arrested on Wednesday.
According to local reports, the suspects were aged between 22 and 40, and from Pahang, Johor, Perak, and the Klang Valley regions.
Similar hacktivism activity reported in Myanmar
The arrests come after earlier this week, another hacktivist group, named the Myanmar Hackers, defaced sites for the Myanmar military, state-run broadcaster MRTV, the Central Bank, the Port Authority, the Food and Drug Administration, and local law enforcement.
The cyber intrusions and website defacements were part of nationwide protests against the current government, which illegitimately seized power earlier this month following a military coup.

On February 1, the Myanmar military leadership ordered the arrest of members of the National League for Democracy party, along with its leader Aung San Suu Kyi, which convincingly won the November 2020 elections after soundly defeating the military’s representatives.
Mass public protests have been taking place since the coup, in a country that just years before escaped from the rule of another failed junta regime.
Since the coup, the government has attempted several times to shut down internet access for the entire country, has blocked access to social networks to prevent citizens from organizing new protests, and is currently trying to pass a new draconian security law that would allow it to easier and unfettered access to any user’s personal data and browsing history.

An initial version of this article reported the arrests as members of the Myanmar Hackers group due to a misunderstanding in a source. More

WhatsApp is moving ahead with its controversial change to its privacy terms and it will soon push a banner to the app that it hopes will help explain that the change doesn’t mean you need to leave the service. 
WhatsApp last month delayed enforcing its new privacy terms after giving its two billion users the ‘choice’ to accept its new privacy terms by February 8, or essentially, stop using the app. 

More on privacy

The new date for users to accept the terms is May 15 and, ahead of that date, WhatsApp has posted a new blog attempting to explain what the changes mean for users. 
SEE: Security Awareness and Training policy (TechRepublic Premium)
WhatsApp said it had deferred the policy change to “clear up the misinformation”, but not before tens of millions of WhatsApp users started exploring alternatives, such as Signal and Telegram, the latter of which recently released a feature to bring WhatsApp messages across to its platform. 
Part of WhatsApp’s effort to clear up “confusion” is an in-app banner that explains the changes and further updates an FAQ page about the changes. 
“In the coming weeks, we’ll display a banner in WhatsApp providing more information that people can read at their own pace,” WhatsApp said in a new blogpost. 

Per TechCrunch, the banner will have an option to click “to review”, which provides further explanation of the changes and details about how WhatsApp works with Facebook.   
WhatsApp says it has updated the FAQ page to “try to address concerns we’re hearing.”
“Eventually, we’ll start reminding people to review and accept these updates to keep using WhatsApp,” it notes in the blogpost. 
The privacy changes addressed the situation where a WhatsApp user communicates with a business.
While WhatsApp won’t share a user’s contacts or chats with Facebook, the Facebook-owned messaging app will share a user’s profile data with Facebook after the user communicates with a business on WhatsApp. 
That communication could happen in a number of ways and Facebook is opening more opportunities for that conversation between user and businesses. For example, as part of Facebook’s commerce plans with Shops, Facebook allows business to promote their goods in WhatsApp. If users interact with the offer on WhatsApp, their data is shared with Facebook and its advertiser. That communication could also influence what ads the same user sees on Facebook. 
WhatsApp also took a shot at rivals in its blogpost. 

“We’ve seen some of our competitors try to get away with claiming they can’t see people’s messages – if an app doesn’t offer end-to-end encryption by default that means they can read your messages,” writes WhatsApp.  
“Other apps say they’re better because they know even less information than WhatsApp. We believe people are looking for apps to be both reliable and safe, even if that requires WhatsApp having some limited data.” More

LastPass is changing its free offering, and some are looking for a new home for their passwords. But how do you get your passwords and other data out of LastPass?

Here’s how.
There are a few different ways to get your data out of LastPass, but the easiest, most reliable way I’ve found is to log into your account through a browser on a computer.
You can then export a file of your data that’s CSV compatible, which most password applications and services will accept (this is a whole other topic, and I suggest you test things and take your time, because there’s always the risk of losing your password data).
Here I’ll show you how to get your data out of LastPass.
Step 1
First, go to lastpass.com and log into your account.

Log in to your LastPass account
Step 2
If you use two-factor authentication, you’ll need to enter those details.

Deal with two-factor authentication
Step 3

You’re in. Now click on Advanced Option…

You’re in!
Step 4
Click on Export.

Export
Step 5
Re-enter your credentials.

Re-enter your credentials
Step 6
There’s your data!

There’s your data!
Step 7
Now you need to select this data, copy it, paste it into a text file and give it a .CSV extension. 
I don’t recommend keeping all your passwords laying around unencrypted, so you either need to encrypt this file in the interim, so put it into whatever service you are going to use next. 
Also, don’t kill your LastPass account until you are sure that your new service is set up and your passwords are accessible! Remember, these are your passwords!
I can’t stress this step enough! I have heard from multiple people over the years who have gotten themselves into an enormous mess doing this. More

Image: Microsoft
Microsoft’s security team said today it has formally completed its investigation into its SolarWinds-related breach and found no evidence that hackers abused its internal systems or official products to pivot and attack end-users and business customers.

ZDNet Recommends

The OS maker began investigating the breach in mid-December after it was discovered that Russian-linked hackers breached software vendor SolarWinds and inserted malware inside the Orion IT monitoring platform, a product that Microsoft had also deployed internally.
In a blog post published on December 31, Microsoft said it discovered that hackers used the access they gained through the SolarWinds Orion app to pivot to Microsoft’s internal network, where they accessed the source code of several internal projects.
“Our analysis shows the first viewing of a file in a source repository was in late November and ended when we secured the affected accounts,” the company said today, in its final report into the SolarWinds-related breach.
Microsoft said that after cutting off the intruder’s access, the hackers continued to try to access Microsoft accounts throughout December and even up until early January 2021, weeks after the SolarWinds breach was disclosed, and even after Microsoft made it clear they were investigating the incident.
“There was no case where all repositories related to any single product or service was accessed,” the company’s security team said today. “There was no access to the vast majority of source code.”
Instead, the OS maker said intruders viewed “only a few individual files […] as a result of a repository search.”

Microsoft said that based on the search queries attacker performed inside their code repositories, the intruders appeared to have been focused on locating secrets (aka access token) that they could be used to expand their access to other Microsoft systems.
The Redmond company said these searches failed because of internal coding practices that prohibited developers from storing secrets inside source code.
Some source code was also downloaded
But beyond viewing files, the hackers also managed to download some code. However, Microsoft said the data was not extensive and that the intruders only downloaded the source code of a few components related to some of its cloud-based products.
Per Microsoft, these repositories contained code for:
a small subset of Azure components (subsets of service, security, identity)
a small subset of Intune components
a small subset of Exchange components
All in all, the incident doesn’t appear to have damaged Microsoft’s products or have led to hackers gaining extensive access to user data.

SolarWinds Updates More

It’s been almost a year since many of us started working from home, and it doesn’t look like that’s going to change anytime soon. In previous Jason Squared shows, Jason Cipriani and I have talked about securing your home internet and even how to improve your Wi-Fi signal. However, there are alternative ways to improve connectivity throughout your home. Today, we will talk about one of the oldest — and perhaps still one of the best ways to connect your equipment to the internet — Ethernet.

What the heck is Ethernet, exactly?
Ethernet is a wired network communications standard developed in the early 1970s by a computer engineer named Bob Metcalfe (who, for many years, was also a well-known computer industry columnist at InfoWorld and also was responsible for forming 3COM, which HP later bought in 2010) and his team of researchers at Xerox’s Palo Alto Research Center.

Category 5e Ethernet Cables
Steve Heap, Getty Images/iStockphoto
Over the years, Ethernet morphed from using coaxial cable to twisted pair cable and fiberoptic cables. The original standard called for network frames sent at 10Mbps. Today, it’s not uncommon for Ethernet to communicate at 1Gbps over twisted pair cable. Ethernet can move as fast as 40Gbps/100Gbps using fiberoptic cables on enterprise networks within data centers or in specialized environments. 
Why do we want to use Ethernet at home?
Chances are, you probably already do use at least some Ethernet at home. Most consumer broadband installations will have a residential gateway that incorporates Wi-Fi and some broadband access device, like a cable modem or an optical network terminal (ONT). Those will be connected with a short Cat-5 or Cat-6 Ethernet cable and the modular RJ-45 8-pin connector.
There are many homes in which that’s likely the extent of their Ethernet install. But all home routers/residential gateways have at least one or more additional Ethernet ports on them, allowing you to expand that Ethernet network. So, for example, in my own home, with my AT&T ARRIS residential gateway (the main router), I have a few extra Ethernet ports. I have a 24-port Ethernet switch connected to one of these to add more Ethernet-connected devices.
But you’re not stuck with the number of ports on your router. An Ethernet Switch is like the USB hubs you can buy for your PC or Mac. If you run out of Ethernet ports, you buy a switch, and it will give you more network interfaces.
Why would I want to connect more devices to Ethernet rather than use Wi-Fi?
There are a lot of reasons. Ethernet is super-reliable for starters. It is secure; it’s far more difficult for someone to sniff your network traffic if you use Ethernet, especially if you are using something like a VLAN. It’s also considerably faster than the network connectivity you will get in most home environments with Wi-Fi. Even with Wi-Fi 6, you will only get 450Mbps to 650Mbps speeds under optimal conditions; you will still get interference and latency. But with my 1Gbps fiber connection from AT&T, I frequently get over 900Mbps downloads, close to wireline speeds, when using a computer connected to the Ethernet switch.

The other thing that’s good about Ethernet is it has pretty high distance limitations, like about 100 meters per run. So you can get the full speed out of that cable over that distance. This is good to have if you have a multi-story home, where you might have, say, an entertainment center in your basement or a bedroom on an upper floor that you want to have high-speed network connectivity. 
Perhaps the Wi-Fi from the bottom floor or even your mesh network just isn’t cutting it because there are too many walls or whatever. You can bridge your network using a Wi-Fi access point using Ethernet, and a long cable runs to the switch or the router. You need to be able to drop that cable through a wall soffit, through the attic, or a crawlspace, or run it along the wall under the carpet to where it has to go. 
In my case, my office is in the room next to where all my broadband equipment is, so I hired a handyman to install an Ethernet jack on both sides of the adjoining wall. But I know many people who have just drilled through the wall, bore a hole, and put an inexpensive plastic plate there or a grommet kit that is used for pushing cables through. You can get those at Home Depot.
Is it expensive to build out your Ethernet network?

An inexpensive 8-port Ethernet switch, made by Netgear.
It doesn’t have to be expensive. I frequently see unmanaged desktop 16-port Gigabit Ethernet switches from Netgear, TP-LINK, and D-Link on Amazon for less than $60. You can buy pre-fabricated cables that are as long as 100 feet for about $22 from Best Buy or Amazon, and I have seen them as cheap as $12 at Walmart, too. But you can also crimp your own cables with a crimping tool and buy the twisted pair cable spools and the RJ-45 heads, and that’s not that expensive if you have to do your own wiring.
Many streaming devices have Ethernet ports already built-in, such as the Roku, the Amazon Fire TV, the Apple TV, and gaming consoles like the Xbox and the Playstation. Network adapters for laptops are also not that expensive. We talked about hubs a few weeks ago; many on the market include Ethernet and HDMI and extra USB-C and USB-A ports for like $40, such as the one from Anker.
What about the pricier Ethernet switches?
The higher-end models are managed switches and are more expensive because they have special segmenting and security capabilities, such as for VLANs. These are typically for small and medium business use. But the other thing these more expensive switches can do is Power over Ethernet or PoE.
In addition to carrying Ethernet communication, a Cat5-Cat6 twisted pair cable can also carry power. That means, if you wanted to place, say, a Wireless Access Point in some remote part of your house or in your small business where no AC power outlets exist, all you need to do is string the Cat5 cable to that location and plug in the device. This is useful for broadcasting a Wi-Fi signal to a wide-open area and mounting an access point on a ceiling. 
For example, in my house, I have my main AP mounted high on a wall in my living room, and that signal can reach a large part of my house. It’s powered by a PoE switch connection in a spare bedroom where all my communications equipment is, including the broadband connection. To use PoE, in addition to a PoE compatible switch — and you can get them as cheaply as $80 for an 8-port version — you need to have a device that can be powered by PoE, such as a business-class access point. You can find these on Amazon for like $100 or less; Netgear has a Wi-Fi 6 one for $130. Som if you’re having a tough time with mesh networking routers — like I have — this is another way to get whole home or whole business Wi-Fi coverage.
What if I can’t string Cat5 in my home?

A pair of MoCA coaxial to Cat5 Ethernet transceivers, made by Actiontec.
There are other ways of moving Ethernet. One way of doing that is MoCA, or Multimedia over Coax, which uses the Coaxial cable you might already have in your home from back in the Cable TV or the Satellite TV days. Many homes have to coax installed many years ago, but you can also coax outdoors and back into your home if needed, as it is a thick, shielded copper cable that is designed better to be protected from the elements. A MoCA adapter is a device connected in pairs, so you have one at one side of the coax cable you want to send Ethernet signal and one at the receiving end where you might put a switch or, say, an access point or something else. Actiontec, for example, sells these in pairs for $170. It advertises up to 2.5Gbps speeds over existing coaxial cable, which is extremely fast. Trendnet sells a similar product for $110, and you can also get that on Amazon. 
What if you don’t have coax or don’t want to run new coax?

A pair of HomePlug AV2 Powerline to Ethernet adapters, made by TP-LINK
Finally, we get to something called Ethernet over Powerline, or HomePlug AV2, which is like the opposite of PoE; we are sending Ethernet signal over the AC power wires that are already inside your home. Again, this uses a pair of devices. One is plugged into the wall, and then Ethernet is cabled to your switch. Another one is plugged into the wall where you want the Ethernet signal transmitted to, and then there’s an Ethernet cable coming out of that, which plugs into whatever you want to plug it into. Using this method, it’s possible to have these adapters plugged into outlets all over your home, so your electrical system becomes one big network. 
Now there are some gotchas to this: If your wiring is ancient and janky, this might not work. You also might not get good throughput out of this, either. However, it is theoretically possible to get up to a gigabit connection doing things this way. You can get the Homeplug AV2 adapters in pairs for about $70$80 on Amazon, and companies like Netgear, Trendnet, TP-Link, and D-Link make them. In my home, in the past, I’ve seen as high as 400Mbps per second when extending my living room’s entertainment center with this type of equipment — which is about par for the course with the fastest most people are going to see with 802.11ac Wi-Fi in optimal scenarios.

ZDNet Recommends More

RIPE NCC, the organization that manages and assigns IPv4 and IPv6 addresses for Europe, the Middle East, and the former Soviet space, has disclosed today a failed cyber-attack against its infrastructure.

“Last weekend, RIPE NCC Access, our single sign-on (SSO) service was affected by what appears to be a deliberate ‘credential-stuffing’ attack, which caused some downtime,” the organization said in a message posted on its website earlier today.
The agency said it mitigated the attack and found that no account was compromised but that an investigation is still underway.
“If we do find that an account has been affected in the course of our investigations, we will contact the account holder individually to inform them.”
Founded in 1992, RIPE NCC currently oversees the allocation of Internet number resources (IPv4 addresses, IPv6 addresses, and autonomous system numbers) to data centers, web hosting companies, telcos, and internet service providers in the EMEA region.
A compromise of any RIPE NCC account would spell big problems for both RIPE and the account holders as it would allow intruders to re-assign, even if temporarily, internet resources to third-parties.
IPv4 addresses are currently in very high demand all over the world, and a flourishing black market has formed over the past decade. This market is fueled by hijacked IPv4 address blocks, and its most frequent customers are malware gangs which use it to rent access to hijacked IPv4 address spaces so they can send spam and skirt spam blocklists.

One of the most notorious IPv4 address space hijacks was discovered in 2019 when more than 4.1 million IPv4 addresses were transferred from South African companies to new owners, according to an AFRINIC investigation.
RIPE NCC officially ran out of IPv4 addresses in November 2019, which explains why threat actors are now gunning for member accounts in the hopes of hijacking existing address pools.
RIPE is now asking all its members, estimated at around 20,000 orgs, to enable two-factor authentication for their Access accounts to prevent intruders from gaining access to these resources through simple brute-force-like attacks. More