Security News for the Week Ending November 20, 2020

Oracle POS Back Door Discovered

Oracle bought the Micros Point of Sale System a few years ago and now needs to deal with the challenges from that. The newest challenge is a modular back door that affects the 3700 POS series. It is used by hundreds of thousands of hotels, restaurants, bars and other hospitality locations. The malware, which has been around for a year, can download new modules to increase the damage it can do. Credit: Help Net Security

New Facebook Feature

Okay, many people use Facebook a lot while others find it useless. Ransomware extortion artists have found a new use. Hack Facebook advertiser’s accounts and buy ads telling victims to pay up. These ads get taken down but not before someone (else) gets to pay for them and not before the victim gets outed very publicly. Credit: Brian Krebs

White House Fires Chris Krebs, As Expected

As anticipated, the White House fired Chris Krebs, head of DHS’s CISA unit. Krebs was the person who was in charge of protecting the 2020 elections and, by all accounts, did a great job. Part of the White House’s upset with Krebs is the web site he ran called rumor control where he debunked the myths about election fraud that the White House has been peddling. The good news is that he will be able to find a job at any number of consulting companies making double or triple what he was making at DHS. This is a loss for the country. Credit: Bleeping Computer

Ransomware: 56% of Organizations Get Hit

56% of organizations responding to a recent survey say that they have been hit by ransomware in the last year. 27% of those hit chose to pay the ransom with an average payout to the hackers of just over a million bucks.

87% of the respondents said that nation-state sponsored cyberattacks are far more common than people think, posing the single biggest threat (check your cyber insurance for an exclusion for that). Credit: Help Net Security

2 thoughts on “Security News for the Week Ending November 20, 2020”

  1. Hi Mitch, since you commented on Krebs, do you have info or comments on the Dominion software used in the current election? The word ‘fraud’ comes to mind.
    Paula Jo…yup, it’s me.

    1. Hi Paula Jo,

      While no software is perfect, the audit trail really eliminates any kind of massive vote switching. If you audit the paper records and count 10 votes for Mickey Mouse (pick your candidate) and then you look at the count that the software reported and it says 10 votes for Donald Duck, you know you have a problem. On the other hand, if both tallies say 10 for Mickey, then you know that the software is not changing votes. That is the whole reason why most states require an after the fact sampling of random precincts to see if the software is changing votes (Colorado requires this). This is why the security community pushed so hard for paper audit trails. In addition, the paper audit trails MUST be human readable ( Colorado’s is). Otherwise, the machine could change the vote, print out a receipt with the changed vote and if all there was to check was a barcode, you would not know if the computer changed your vote. Mail in ballots are even easier to audit because the ballot itself is the receipt. If the scanner says 10 people voted for Betty Boop, you better find 10 and only 10 ballots with Betty Boop checked as the desired candidate.

      In my opinion, it is dramatically easier to feed people misinformation on social media to have them change their vote than it is to compromise the software in an undetectable way.

      My opinion.

      Take care.

Leave a Reply

Your email address will not be published.