"My Computer is Acting Strangely" I'm certain that something like this has happened to you.
You're at work/home/shopping and a friend/coworker/family-member asks/phones/sends-a-telegram to you basically stating: "My computer is acting strangely, do you think I have a virus? " I had this happen this week so I asked: "describe strange. " So they listed off some symptoms: slow to boot takes a while for the computer to catch up to what you're typing can't get rid of this silly toolbar password to (some service) is no longer working "Stop right there. "Now's not a good time to do that. "Yes, but I don't recommend it. " What You Should Do The correct response when suspecting a compromise like this on a non-enterprise device is to simply buy a new hardrive and an external enclosure for you old drive. What I Did That fixed the performance issues on the next reboot.
Was the System Compromised or Just Over-protected? Golly that takes a while to run (about 2 hours on a 4Gb system, creating 6.5Gb of data.) Silent Traitors - Embedded Devices in your Datacenter. I was recently in a client engagement where we had to rebuild / redeploy some ESXi 4.x servers as ESXi 5.1.
This was a simple task, and quickly done (thanks VMware!) , but before we were finished I realized that we had missed a critical part - the remote managent port on the servers. These were iLO ports in this case, as the servers are HP's, but they could just as easily have been DRAC / iDRAC (Dell), IMM or AMM (IBM) or BMC (Cisco, anything with a Tyan motherboard or lots of other vendors). These "remote management ports are in fact all embedded systems - Linux servers on a card, booting from flash and usually running a web application. This means that once you update them (via a flash process) they are "frozen in time" as far as Linux versions and patches go. So from a security point of view, all the OS version upgrades and security patches from the last 3 years had NOT been applied to these embedded systems. Cyber, Enterprise Risk Services. The rapid pace of change in technology has provided huge opportunities for organisations to develop new models, services and products.
But while the digital revolution has evolved the way we do business, it has also created a sophisticated and complex set of security issues. Assets that were once physically protected are accessible online; customer channels are vulnerable to disruption; criminals have new opportunities for theft and fraud. Watch and learn more Our services Our flexible, pragmatic and independent approach to managing cyber security means that we work with organisations – from network to boardroom – to address constantly changing threats.
While every organisation’s needs are different – and we tailor our approach accordingly – Deloitte offers a range of services that cover the three critical elements of effective and agile cyber security: Owning Dell DRAC for ONE AWESOME HACK! « When a new Dell Chassis hardware infrastructure is installed, a web interface is also present to help with management of the Chassis.
Each blade has its own web interface that gets installed by default on 443 (HTTPS). During a penetration test, the Dell DRAC installations (web interface) can lead to an entire compromise of the overall infrastructure and ultimately own everything else. When the DRAC interface is installed, it installs with default credentials of username “root” and password of “calvin”. Today, we are releasing a new tools called the Dell Drac and Chassis Scanner for Default Credentials v0.1a which will scan CIDR notations look for default installations. It’s extremely quick in that it scans /24′s in less than a minute and class B’s in about an hour. Daves-MacBook-Pro-2:Desktop david$ python delldrac.py +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Dell Drac and Chassis Scanner for Default Credentials v0.1a Written by Dave Kennedy @ TrustedSec 1. 5. 7. 9.
Web Proxy Log Analysis and Management 2007.