Topics

Data breach exposes American Express credit cards

American Express is warning card members of a third-party data breach. Several other companies that use the hacked merchant processor could also be affected. Exposed American Express Card member data includes account numbers, names, and expiration dates. If exploited, cybercriminals can use this information to commit identity theft.

I went and bought a ASUS RT-AX86U Pro to replace my NetGear WAC104, I have them both running together until I get my wife and daugther to move over to the new network, then I will take out the Cisco 2950-12 and ASA5525 Firewall, and the WAC104, I could also probably pull out my Cisco 3550 also, and go 100% wireless with the  RT-AX86U connected directly to the cable modem.

how can I investigate this without forking out $$$ to Micros**t

from windows 11 system event log: today

The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000004e (0x0000000000000007, 0x00000000004d420e, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\WINDOWS\Minidump\021624-37796-01.dmp. Report Id: af82ef39-64d8-405d-a293-0f0bc1a6fb9e.

I looked at the .dmp file with wordpad but it was all gibberish. Seems like I am hitting something like this every day now for the past week or so.

I did purchase Norton Utilities Ultimate last week, and it did clean up a bunch of crap on my computer.

maybe it's time to run SFC /scannow.

Anyone have any experience with moving a data center?  out Fed wants to move one of our fairly large data centers, it's in an 80 year old building, they want to gut and refurbish the building.  Lessons learned?

Happy New Year 2024!!!!

My home config in Xfinity->Netgear CM1000 Cable Modem-> Cisco ASA 5525 -> NetGear WAC104 ((( wireless devices

Now the WAC104, needs firmeware updates, unfortunately, current firmware on the device is so old that the device will be wiped when I upgrade to the latest firmware. which will cause downtime.

the Cisco ASA 5525, id getting long in the tooth, no further software updates have been available for some time.

I'd like to dump the firewall and the WAC104, and replace it with something similar  I've been looking at WIFI Router, Netgear RAX10, Gryphon tower AC3000, and a Synology RT2600ac.

seems wifi routers these days require a download of an app, and then syncing the device with the phone app.
the Netgear and Gryphon seem to have firewalls, the netgear is basically minimal, and the Gryphon has app issues according to the reviews on amazon.

although I'd like to replace the network design, with CM1000 -> Wifi Router I would need to setup the WIFI router behind my firewall, connect it to the internet. validate it's working before I move to retire the ASA.

maybe it's best that I go buy a new firewall, and a new wifi router?

For those that celebrate, Merry Christmas, and may your Christmas greens be true.   

What happened?   
A security flaw is being blamed for a third-party data breach that has exposed the information of more than 35 million Xfinity customers. The internet provider reports stolen information that includes names, contact info, last four digits of Social Security numbers, and secret questions and answers. If exploited, cybercriminals can use this information to commit identity theft.

https://techcrunch.com/2023/12/19/comcast-xfinity-hackers-36-million-customers/

To all those that participate.
Happy Thursday to all the others.

wow just wow!!!
 I never knew how complicated the middle east was...
this guy does a good explanation.

I locked myself out of using ASDM on a Cisco multicontext ASA firewall. I somehow need to issue command "changeto context system" as I login to the firewall to change location to where I can transfer files between my PC and the firewall,  NAT is broken on the management firewall to the SCP server so SCP does not work.

ok ok. ASDM version has a bug that locks up session without releasing the, after disconnect, so when all used up the ASDM connectivity balks, and with new ASA version I went to it requires ASDM to have an imbedded digital signature, otherwise ASDM configuration command is not allowed.

See this is what I do when on call,  make up songs like this


Sung to the tune 100 bottles of beer on the wall

168 hours of on call to go, 168 hours of on call.
you mark it down, sit around, 167 hours of on call to go.

167 hours of on call to go, 167 hours of on call.
you mark it down, sit around, 166 hours of on call to go.

166 hours of on call to go, 166 hours of on call.
you mark it down, sit around, 165 hours of on call to go.

.....

so I have not been a NE for a few years,  disclaimer that I cannot know certain models or versions of devices affected, I am a firewall security engineer.  the is just a documentation post for the major outage we had over the past weekend  symptoms. and some findings.

so about last Friday, there were intermittent outages, in one of out data centers, alt of this is here say, user could access devices then  could not auth, we could access network via AD credentials but not RSA credentials.  so for me I could log into a firewall management interface with AD but could not get to enable mode with RSA  on and off like if it was going. but then in a few minutes I could.

Hellish troubleshooting weekend, where it seems like the problem was flapping (but flapping where?)  across many applications (not just RSA) , users couldn't login to devices, web services, and other service.  Most of these issues were related to the F5 (VIPS), We determined that the F5 was seeing the flaps, the F5 monitoring ports were seen flapping on the F5s, past experiences with issues like this it probable was a bad fiber or SFP for one of the port channel members on one of the data center switches. F5s seemed to be connect to same switches as some hosts. e.g. we could not ping from F5 to backend server on same network.

Working with Cisco TAC, the issue was isolated to a few 7Ks on the network,  seemed that the F5 and hosts were connected to one of the switches that was having issues. seemed to be a possible memory issue, but syslog's couldn't confirm, there were not memory errors in logs.

Once the affected devices were identified and rebooted, the reboot process identified that there were memory issues on the device,  TAC made some config adjustments, and issue cleared up for the most part.

although for the members here, informational. this is more a post for those that are seeing a similar problem and maybe googling for an answers

GN

Puppies in the Street


Sung to the tune Dancing in the Street
original version by Martha Reeves & The Vandellas


[Verse 1]
Calling out around the world
Are you ready for a brand new beat?
Summer's here and the time is right
For puppies in the street
They're puppies in Chicago (puppies in the street)
Down in New Orleans (puppies in the street)
In New York City (puppies in the street)

[Pre-Chorus]
All we need is puppies, sweet puppies
(Sweet, sweet, sweet, sweet puppies)
There'll be puppies everywhere (Everywhere)
There'll be swinging, swaying
And puppies playing
puppies in the street, oh
[Chorus]
It doesn't matter what you wear
Just as long as you are there
So come on, every guy, grab a girl
Everywhere around the world
They'll be puppies (puppies in the street)
They're puppies in the street (puppies in the street)

[Verse 2]
This is just an invitation across the nation
A chance for folks to meet
There'll be laughing, singing, and puppies swinging
puppies in the street
Philadelphia, PA (puppies in the street)
Baltimore and D.C., now (puppies in the street)
Can't forget the Motor City (puppies in the street)

[Pre-Chorus]
All we need is puppies, sweet puppies
(Sweet, sweet, sweet, sweet puppies)
There'll be puppies everywhere (Everywhere)
There'll be swinging, swaying (Swaying)
And puppies playing (Playing)
puppies in the street, oh

[Chorus]
It doesn't matter what you wear
Just as long as you are there
So come on, every guy, grab a girl
Everywhere around the world
They're puppies
They're puppies in the street
(puppies in the street)

[Outro]
Way down in L.A., every day (puppies in the street)
They're puppies in the street (puppies in the street)
They form a big strong line, get in time (puppies in the street)
They're puppies in the street (puppies in the street)
Across the ocean blue, me and you (puppies in the street)
They're puppies in the street, yeah (puppies in the street)...

SO YOU WANT TO BE IN IT?

it's not all bells and whistles, pay is good but comes at a price,  you've gotta love the job otherwise burnout is around the corner,

a few weeks ago, got up early, I drove in traffic 90 mins to get training 9-5. training ended late, another 90 mins drive back home, had to do a maintenance that night at 8PM, Got online around 7:30 check my email s from the day, check monitoring tools for any problems with the equipment I will be working with, (don't want to troubleshoot a pre-existing problem during the maintenance window), anywho, ran into issues, got finished around 1:30 the next morning, i got paged out a 6am that next day because the enterprise VPN was down. troubleshooted that for a few hours, and finished out the day and went to bed.

yesterday, worked regular day, has maintenance planned for 8PM, got online around 7AM, had a Cisco pre-scheduled event to fix a network problem, finally got an engineer online at 8:30, troubleshoot for a few hours, TAC couldn't fix issue, recommended upgrade to latest code to see if that fixed problem (needed a new change request to do that), got done shortly after 11:00.  around 11:30 got paged out, network device was down in DC, so I has to jump in the car drive an hour to the DC, took me about an hour to fix the problem, then another hours drive back home,  got back at home about 3:30AM. woke up for work, (a bit late) with about 3 1/2 hours sleep under my belt. was online for work about 9AM.  (did get some comp hours today).

how to fix ?

I have a security service, Vivint, when I try to login and check my balance, I get Authentication Failed: csrf cookie is missing or invalid

I turned off ad blocker, script blocker, and permitted site cookies for this site in Chrome, still no good.
I have tried edge which worked in the past, pretty much default config, set to allow cookies for web site. no good.
i just downloaded Firefox, in default state was able to log into web site no issues.

I can resort to using Firefox, but would like to fix for Chrome/edge.  this issue will probably eventually affect Firefox too.
Thanks
 

Had family emergency earlier in the week.

Family ate catfish for dinner last Monday.
catfish bone got stuck in wife's throat.
she followed a bunch of recommendations from the internet.
like drinking water, eating bread, bananas, peanut butter. nothing worked
she woke me up Tuesday 2AM, said it was a critical emergency,
(and it is, bones in your through can cause throat damage, infections, and even death)
so we went to the ER.
Nobody on staff could fix her issue, 3 people tried, but she has a really bad gag reflex when stuff is in her mouth, nobody could resolve.
did some CT scans to determine if it was a bone or not  (reference I Cannot refer but i remember 80/335 people in survey did not have bone stuck in throat when I did research)
Sat till scheduled Ear, Nose, Throat doctor came online in the morning, she tried around 7AM, couldn't do it.
wife had had some Juice around 6AM.   
They were going to put her in the OR, but couldn't undergo surgery until 6 hours after last liquids intake due to anesthia.
so we waited more.
eventually the ENT doctor decided that is was best to not go OR, and do Conscious sedation. which they did around 1:30PM.
kicked me out of the ER, and performed the procedure to pull a 1" catfish bone out of her throat.
she is all well and fine now.
But it was a scary PITA, so don't eat bony fish.
12 hours alter we were home
Thanks to my daughter for taking care of the dogs.

been out of touch, been learning Cisco ACI, in training all week,   
tenent's, VRf's, bridge domains, EPG's, contracts, subjects, filters

Yeesh.

like flying an airplane all the levers, gauges, dials,  if you know what you are doing fine, if not ya CRASH!!! and die.

talk about Zero trust,  like to the extreme.

is it a thing to tip your co-workers? or are they just expected to do their job?

I was planning to decommission a firewall this weekend,  previously discussed, one of the data center ops guys (not from my team) offered to help. (pulling servers out of a packed rack by yourself,  with much cabling in the way is not a job for one person) and was not his job. We did work together, and he pulled the firewall out of the rack and removed the rails for me, I was thinking that I should throw this guy a $20 as a tip for his help. I don't know if that is something done or not. .

In another case. one of our NAC guys wanted me to put him in another VPN group for testing some NAC stuff, I went ahead and jokingly told him to send my tip to my PayPal account  (which he offered a certificate of appreciation which I thought was a funny response).

I don't know,  as a server in a restaurant, and ya need help. someone covers your table, wouldn't you expect to let them keep the tip. or keep it since it was your table?

if I wrote software and someone found a bug, should I tip them ? (commonplace, for bug hunters)

or is tipping just gone overboard these days.

thanks for your help here's a tip, DONT invest in collectables.


 

New Palo Alto Networks Security Advisories.
Palo Alto Networks has published three new security advisories and two informational bulletins at https://security.paloaltonetworks.com on February 8, 2023:



Cortex XSOAR

CVE-2023-0003 Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server (Severity: MEDIUM)

https://security.paloaltonetworks.com/CVE-2023-0003



Cortex XDR Agent

CVE-2023-0001 Cortex XDR Agent: Cleartext Exposure of Agent Admin Password (Severity: MEDIUM)

https://security.paloaltonetworks.com/CVE-2023-0001



CVE-2023-0002 Cortex XDR Agent: Product Disruption by Local Windows User (Severity: MEDIUM)

https://security.paloaltonetworks.com/CVE-2023-0002



Informational Bulletins

PAN-SA-2023-0001 Impact of OpenSSL Vulnerabilities Disclosed Feb 7, 2023 (Severity: NONE)

https://security.paloaltonetworks.com/PAN-SA-2023-0001



CVE-2023-22809 Impact of Sudo Vulnerability CVE-2023-22809 (Severity: NONE)

https://security.paloaltonetworks.com/CVE-2023-22809





Please visit our Security Advisories website to learn more at https://security.paloaltonetworks.com/.

If you have questions, please contact support https://www.paloaltonetworks.com/company/contact-support.



Regards,

Product Security Incident Response Team

Palo Alto Networks