Re: [RDD] Ransonware attack

2021-12-16 Thread Fred Gleason 
On Dec 15, 2021, at 23:51, Brian  wrote:

> One more thought... Samba is Open Source, and I think you could make a case 
> that mature, established, widely-used open source software is generally less 
> exploitable than widely-used proprietary software of any age. The reason for 
> this being the fact that the source code is public.
> 
> With public source code in a mature codebase, all the low-hanging fruit has 
> been plucked years ago. The first place a would-be exploit creator is going 
> to look for vulnerabilities is the source code. Same with security 
> researchers. The whole world can clearly see the implementation of the 
> software, and so with something as widely deployed as Samba, errors will be 
> caught swiftly by anyone from a random software engineer perusing the 
> codebase out of curiosity to a security researcher being paid to find 
> vulnerabilities in open source software. It follows from the sheer number of 
> eyeballs looking at the code.

One would hope. But, take a look at the currently unfolding horror-show with 
Log2j. That is a FOSS project, *very* widely deployed by Java shops, and had an 
egregious, easily exploitable zero-day flaw (severity level 10 out of 10) 
sitting in the open for years, but discovered only a few weeks ago.

(And before you ask: no, Rivendell does not use Java, and is not vulnerable to 
the Log2j flaw). :)

Cheers!


|-|
| Frederick F. Gleason, Jr. | Chief Developer |
|   | Paravel Systems |
|-|
| A room without books is like a body without a soul. |
| |
| -- Cicero   |
|-|___
Rivendell-dev mailing list
Rivendell-dev@lists.rivendellaudio.org
http://caspian.paravelsystems.com/mailman/listinfo/rivendell-dev

Re: [RDD] Ransonware attack

2021-12-16 Thread Fred Gleason 
On Dec 15, 2021, at 23:43, Brian  wrote:

> I'm not sure this conclusion follows from the premises. Samba on *nix is a 
> totally independent implementation of the SMB/CIFS protocols that shares 
> nothing in common with the MS implementations. 99.9% of the time 
> vulnerabilities like the one described aren't caused by an inherent flaw in 
> the protocol itself, but on one of the implementations of the protocol. If 
> the vulnerability were in the protocol itself, that would generally require 
> disabling the related feature of the protocol or rolling out a new version of 
> the protocol itself, not just patching a bug. The actual coding bugs that 
> could be exploited are nearly always going to be totally different – and in 
> totally different places – from one implementation to the next.

CIFS/SMB has historically had its share of both (flaws in the protocol as well 
as in an implementation). But overall you are correct - a flaw in one 
implementation will rarely if ever carry over to another (assuming that the two 
codebases are completely independent).

Cheers!


|-|
| Frederick F. Gleason, Jr. | Chief Developer |
|   | Paravel Systems |
|-|
| Every program has at least one bug and can be shortened by at   |
| least one instruction -- from which, by induction, one can deduce   |
| that every program can be reduced to one instruction which doesn't  |
| work.   |
| |
|  -- Anonymous   |
|-|___
Rivendell-dev mailing list
Rivendell-dev@lists.rivendellaudio.org
http://caspian.paravelsystems.com/mailman/listinfo/rivendell-dev

Re: [RDD] Ransonware attack

2021-12-16 Thread drew Roberts 
Crazy idea to follow...

On Wed, Dec 15, 2021 at 11:37 AM Fred Gleason 
wrote:

snip

>
> So, just saying “Interfacing with Windows isn’t supported” isn’t in the
> cards if you expect to be an actually relevant, viable option in Broadcast
> Automation.
>

Well, there's a good chance it is crazy... or at least overcomplicated for
little or no gain...

Don't set up samba and shares on the Riv instance.

Instead, set up a virtual machine. In the VM, put a stripped down version
of the OS on the riv machine or even a tiny/security distro. Configure
samba and the shares in the VM. Rsync in both directions between the samba
directories in the VM and matching directories on the RIV machine. Perhaps
watch the directories on both sides and initiate the rsyncs when the
dirs/files change.

As an install or post install option, set up the samba stuff on an actual
separate box and not in a VM.

all the best,

drew
-- 
Enjoy the *Paradise Island Cam* playing
*Bahamian Or Nuttin* - https://www.paradiseislandcam.com/
___
Rivendell-dev mailing list
Rivendell-dev@lists.rivendellaudio.org
http://caspian.paravelsystems.com/mailman/listinfo/rivendell-dev

Re: [RDD] Ransonware attack

2021-12-16 Thread Rich Gattie 
While this is no doubt a big headache and a ton of work for Tim, and I
empathize, this is also a very good discussion to help others avoid this.
I think this would make for a great page on the Wiki to have some of these
suggested measures available for everyone to have ready access to.

I only am wondering if it should be it's own subject/parent page or a child
page to like planning an installation.


73.
--Rich



On Wed, Dec 15, 2021 at 11:52 PM Brian  wrote:

> One more thought... Samba is Open Source, and I think you could make a
> case that mature, established, widely-used open source software is
> generally less exploitable than widely-used proprietary software of any
> age. The reason for this being the fact that the source code is public.
>
> With public source code in a mature codebase, all the low-hanging fruit
> has been plucked years ago. The first place a would-be exploit creator is
> going to look for vulnerabilities is the source code. Same with security
> researchers. The whole world can clearly see the implementation of the
> software, and so with something as widely deployed as Samba, errors will be
> caught swiftly by anyone from a random software engineer perusing the
> codebase out of curiosity to a security researcher being paid to find
> vulnerabilities in open source software. It follows from the sheer number
> of eyeballs looking at the code.
>
> Brian
>
>
> On Wed, Dec 15, 2021 at 8:43 PM Brian  wrote:
>
>> On Wed, Dec 15, 2021 at 9:02 AM Alejandro olivan Alvarez <
>> alejandro.olivan.alva...@gmail.com> wrote:
>>
>>> Being a Linux-only user, I would add that, IMHO (and risking to be
>>> polemic) nothing is more secure regarding security fixes/updates on the SMB
>>> protocol than MS Itself (Windows server environment, with AD)... MS will be
>>> the first to detect AND DEPLOY any security fix for MS machines via Windows
>>> Updates. A Linux machine, on the other hand, can live happily with
>>> older/vulnerable samba packages for ages.
>>>
>> I'm not sure this conclusion follows from the premises. Samba on *nix is
>> a totally independent implementation of the SMB/CIFS protocols that shares
>> nothing in common with the MS implementations. 99.9% of the time
>> vulnerabilities like the one described aren't caused by an inherent flaw in
>> the protocol itself, but on one of the implementations of the protocol. If
>> the vulnerability were in the protocol itself, that would generally require
>> disabling the related feature of the protocol or rolling out a new version
>> of the protocol itself, not just patching a bug. The actual coding bugs
>> that could be exploited are nearly always going to be totally different –
>> and in totally different places – from one implementation to the next.
>>
>> An exploit that works against Samba is *extremely* unlikely to work
>> against Windows, and an exploit that works against Windows is *extremely*
>> unlikely to work against Samba.
>>
>> Therefore, how fast Microsoft patches a vulnerability has no bearing on
>> the relative security in practice of choosing Samba.
>>
>> On the other hand, Microsoft has the disadvantage of being considerably
>> more widely deployed as an enterprise file server than Samba on *nix – and
>> therefore a much juicier target for malicious attackers to spend their time
>> developing exploits for.
>> (Though I admit, one might reasonably make the case that the
>> proliferation of Samba on Linux-based NAS appliances might actually make it
>> an equally tempting target.)
>>
>> I think it's likely that exploitable vulnerabilities are less commonly
>> discovered in Samba than in Windows, so even if they take longer to patch,
>> it may still end up being the case that there are fewer days per year that
>> a vulnerability could be actively exploited on Samba than on Windows. (I
>> would need to compare the frequency/severity of CVEs on both platforms,
>> taking number of days unpatched into account to say with certainty)
>>
>> To summarize:
>> * MS is going to have a lot more exploits to patch to keep up with and on
>> top of.
>> * The exploits that work against MS will almost never work against Samba
>> and vice versa.
>> * Logically, the swiftness of Microsoft patching vulnerabilities in
>> Windows has nothing to say one way or the other about the relative security
>> of a Samba deployment.
>>
>> Brian
>>
>>
> ___
> Rivendell-dev mailing list
> Rivendell-dev@lists.rivendellaudio.org
> http://caspian.paravelsystems.com/mailman/listinfo/rivendell-dev
>


-- 
-=:{ Rich Gattie, KB2MOB }:=-
Email: mob...@gmail.com
Web: http://x1radio.net
___
Rivendell-dev mailing list
Rivendell-dev@lists.rivendellaudio.org
http://caspian.paravelsystems.com/mailman/listinfo/rivendell-dev