PREFACE

The recent weeks have been dominated by the Corona-Crisis all over Europe. As Switzerland lies in the middle of the Continent it hasn’t been a question of «if» we are going to be shut down. The question clearly was: when.

This page is to keep you informed on current topics (we will update this page as time permits).

Sunday, April 26th, 2207LT

<RANT>

Remember: Those are the people who are:

  • responsible for DSGVO
  • “Vorratsdatenspeicherung”
  • Favor complete surveillance of the Internet
  • Have NO CLUE how technology works
  • Want to decide about a COVID Tracking App
  • Want to enforce backdoors in encrpyted communication.
  • … etc…..
  • …. pp…
  • … and so on!

Those are the people who should lead (but are clueless). And because of their cluelessnes ignorance they continue to use Zoom: Read here! Someone please stop people having more knowledge about prostate medication than about “Neuland(tm)” or digital communication deciding about our future! Please!

</RANT>

Friday, April 24th, 1145LT

To all of you using cloud services provided by foreign (especially: US-Based) Companies… here comes some bad news named “Cloud Act“:

According to this Article, Companies based in US (i.e. that are registered in any US State) are obligated to provide access to US Legal Authorities hosted on ANY site in ANY country.

In Short:

  • [..] US law overshadows international privacy laws such as Europe’s GDPR: if a US-based company collects data, it’s subject to US government investigation, no matter where it’s kept.
  • [..] the US government doesn’t even need to tell you – the company’s customer or supplier – that this surveillance is happening.

Sounds bad? Well… IT IS! This absolutely busts all legal dams that were thought to protect your data. Not even data stored in Europe are now safe from US Government – no matter what local laws state. If you have your Data with a US Company you now fall, no matter where the data is saved, under US Jurisdiction.

Really, Orwell was an optimist!

Tuesday, April 21st, 1305LT

Dear Microsoft,

  1. Microsoft Office: Aktueller Schwachstellen-Fix kann VBA-Probleme verursachen
  2. Microsoft und Emotet: Makroschutz in Office 365 nur für Konzerne

If you should be the Answer we absolutely want our Problems back! (All of them!)

Kind Regards

Annoyed IT Security Professionals. (ALL of them)

Tuesday, April 14th, 2230LT

ACT NOW! IT IS ABSOLUTELY IMPERATIVE TO CHANGE ALL ACCOUNT PASSWORDS WHERE YOU USED THE SAME PASSWORD AS YOU USED FOR ZOOM!

This isn’t going to be fun: According to an Article on BleepingComputer, more than half a million of Zoom-Account-Data is currently being sold on “DarkNet”.

There is another Article on Heise Newsticker (in German).

The price per account is rather cheap at USD 0.002 – the complete package costs as little as USD 1000.–.

This, honestly, is not a significant enough sum to make it unlikely there are loads of customers. And I bet there will be another load of accounts being swamped out soon!

ACT NOW! IT IS ABSOLUTELY IMPERATIVE TO CHANGE ALL ACCOUNT PASSWORDS WHERE YOU USED THE SAME PASSWORD AS YOU USED FOR ZOOM!

If ever ZOOM was trustworthy – that time clearly ends NOW!

Sunday, April 12th, 2100LT

Not much to do today except searching for Easter Eggs. There are some words of advice for those of you thinking about working using remote desktop access that are not secured over a VPN.

REALLY: DON’T EVEN THINK ABOUT IT!

Remote Access leaves your system completely exposed to the network. If your only network happens to be the internet – things might look grim very soon. And no, this is not a new article. RDP is NOT a protocol that should be facing public network infrastructure.

Then… some companies do really seem to have a problem: Some Ransomware Dudes obviously managed to get their hands on data from Lockheed, SpaceX and Boeing. Since the Contractor of those companies didn’t agree to pay… the attackers published the data – with the effect that some highly classified blueprints are now what could be best called as: Public Domain.

Btw… speaking of Security: The Secure Linux Distribution TAILS is now able to boot from systems using Secureboot! If you’re bored you might give it a shot. This distribution is based on Debian and comes with all sorts of security and privacy tools.

Maybe not the worst of ideas given the times we’re in right now (or even worse: the times that might come). From a privacy standpoint some of the measurements actually in place are like a genie in a bottle that might refuse to go back where it came from.

Saturday, April 11th, 2322LT

No, this Blog-Entry has not died. I just had to do some other things and haven’t had the nerves to write an update.

Part of this was that I had to start verifying some sources – and some of the stories didn’t add up after verifying them – so I stepped away from publishing them. The main reason for this was that I actually did fail for a fake-news story. I was on the edge of publishing it – luckily I, thanks to a close friend, got some more insight and was able to identify the fake. This led me to the question on how we actually can be sure news are real? Times like these are a prosperous ground for anyone who wants to spread confusion – and with the flood appearing in the media it isn’t really too easy to distinguish fake from real.

In former times there were some few news-papers around – none of which really had the urge or necessity to spread fake news. If errors did happen (which was the case) the published an apology afterwards. I’m not sure you know the story behind the falsified diaries of Hitler – but the aftermath for the Paper was quite massive.

Today, due to the flood of news coming in, false news very rarely create a fuzz. We have become totally fed-up with news – and we seem to care less and less. This is kind of a dangerous development for our society. Due to the massive fall-out of news stories it is very hard to verify every single of them.

The current time actually has led me to consume less news – and I started verifying many more stories I wouldn’t have dared to before.

Since everyone can publish news – everyone should background check more.

I have come up with the following points that must be met that I don’t start background checking:

  1. The news makes sense (obviously)
  2. The source must be reliable (i.e. I have to know that person / source for an extended amount of time)
  3. The news must not be of any content that might be a sensation (like the fake news telling that the Americans stole masks or the story with 3M…)
  4. The article where the news is published must unveil their sources
  5. The situation where the article is published and the circumstances must add up. I.e. if someone sees a conspiration behind the way our lockdown has been introduced… nope. They all were just overwhelmed and needed to act fast. It is very human that errors are done in such situations.

So… I hope you verify your sources better than I (almost) didn’t do before publishing or sharing utter BS in the future. I try to prevent spreading fake news (and I have more than once decided against publishing something – just because I wasn’t sure).

Monday, April 6th, 1155LT

Just a short note: Please Update Firefox ASAP. There are several critical Security Vulnerabilities. See Mozillas MFSA2020-11

Since most of the systems are in «Home Office» right now, patching becomes more critical because the local security widely differ from user to user.

Sunday, April 5th, 1349LT

Sunday, brilliant weather but nowhere to go and bored? Let’s see if I can be of help to you.

This Sunday I’m going to share an article from The Register with you about Bletchley Park where, during WWII Section VII of the MI6 was stationed. They were responsible for breaking the cypher-machines (Enigma) used by the German Wehrmacht.

The Film shows some footage of the people working there. It’s only a short clip (no sound, though) but might be of interest to those who want to get a hint of an impression what live was like there at that time.

Unfortunately, Great Britain wasn’t always very kind to its Heroes at that time. Alan Turing, the mastermind behind the code breaking efforts, was prosecuted in 1952 for being homosexual and died in 1954 (at age of 42) of cyanide poisoning (which is largely believed – I share that opinion – not to have been accidental).

A long time later, in 2009 (he would have been 97 by then) and only after a public petition with more than 30’000 votes, British Prime Minister Gordon Brown made an official public apology on behalf of the government.

For those of you who think that the number «42»  might be just a fun element of Douglas Adams «Hitchhickers Guide to the Galaxy» («The Answer to Life, the Universe and Everything»), I have added this PDF to show you why this number is a bit special, indeed.

Since you should stay at home anyways it is probably a good time to start reading…

I think the Books (HHGTTG and the stuff I linked) might keep you busy for some time.

And if you answer the next question with «42» you might do it knowing a bit more about why «42» really is special. I’m counting on you!

Friday, April 3rd, 1853LT

This post doesn’t have any technical background… and we normally don’t do commercials here. But desperate times call for desperate measures.

An no, it’s not for us. But one of our Friends is a Brewery called «The Darkwolf Brewery».

They craft a broad range of Belgian-inspired Ales.

(The ones I like most are their IPAs – but that’s me – tastes differ).

Anyways, they have a very broad variety of tastes and just drinking industrial beer can be frustrating at times (I am pretty sure everyone finds something he or she likes)!

Due to the current Lock-down their main customers such as Bars, Restaurants and most of their shop-customers have closed down.

So… they have a lot of running costs – but actually NO INCOME AT ALL.

Since they’re quite small (i.e. they don’t really pay themselves salaries at the moment) they’re falling through all of the nets provided by our government.

But there is hope: They have created an Online-Shop where you can order Beer to be delivered!

If you happen to live in the Zurich-City area, please have a look:

Just one more thing: Please, be fair on the delivery tip! Petrol and Car-Maintenance cost Money, too – and the margin on their Beer is pretty slim already (I suggest you add at least 10% or so).

THANK YOU VERY MUCH!

Friday, April 3rd, 1538LT

As I didn’t have any idea what to write about… Regarding ZOOM, there is not much news except some «we will think about it» – but no real news.

So, I wasn’t publishing anything up to now (there are loads of other people that can bore you way better than I will ever manage to).

And then… a friend did provide me with a link to something that seems to be a non-IT topic on the first glance:

It seems like a lot of PCR Testing Equipment sold by Roche currently can’t be used at some places because some chemicals required for the PCR Testing can’t be obtained for those machines. Beware, according to this article, it’s not the chemicals that aren’t available. It’s the «Kit» containing the Chemicals that isn’t available.

And it’s not that you could refill the Cartridge with the chemicals – thanks to a bloody Chip that tells the machine when the Cartridge is believed to be empty / invalid / whatever. Sorry, guys: This is just plain BS! What did happen to the «refillable» container?

A lot of energy was wasted designing this Container as it is today. Nobody (except Roche) has any advantage of this.

Clearly, making Money has been more important than ongoing functionality, when designing this device.

This is, in IT terms, a very well problem known as «Vendor-Lock-In».

It is a bit like having a shortage on some material that you require because of the box it’s shipped in is not standardized and not available.

We have seen this way too often (why we try to stay away from products that have the potential of creating any kind of lock-in).

Normally, an invention should advance the world. This clearly is not true here as it retards the entire world back to the medivals.

Thursday, April 2nd, 2146LT

Sorry, todays update is quite short and late (I’m a bit exhausted, sorry).

  • NetCraft brings us some Updates around COVID-Themed Domain Names and new Phishings in the web in this article. Quite a scary read. Seems like the Cyber-Mobsters seem to enjoy the current situation as they really make money fast at the moment.
  • Microsoft has some problems with the SQL Servers… Admins: Please fix!
  • And… last but not least our «Darling of the Moment», Zoom, gets some and some more beating. This time by the Heise Verlag. Either they (Zoom) got used to it – or they really seem to start enjoying it…

On our side… we have had some issues with on (relatively uncritical) proxy server – fixed after a short time. This did only disturb some internal services and no customer access was tampered with – but… the amount of attacks we are seeing lets me doubt in a quiet easter weekend.

Aaand… last but not least: We have almost reached 2000 VPN Connections with all our customers in parallel – seems like it’s working well 🙂

Wednesday, April 1st, 1957LT

There are several developers working on a «Corona Tracker». The App published by the german Telekom seems to be «a bit buggy».

Read more: Corona-App der Telekom ist katastrophal unsicher

Wednesday, April 1st, 1652LT

This update has two parts. First, there’s a new Kid around the Block called HouseParty (we won’t link it here but you can google it) and then, there’s some news about Zoom, too.

First: Houseparty.

There have been claims around from some People that they have hacked HouseParty. HouseParty is a videochat app claiming to be the «face to face social app». It’s offered by Epic Games, a creator of several Online Game Titles. Epic Games now has, according to this article, offered a bounty of $1M to prove the hacking claims. Whether or not they have been hacked, I would clearly recommend not using that app because everyone someone of you knows can virtually walk into your «room» and see you in the most awkward situation. This is clearly tampering with your privacy.

Second, ZOOM (again)

(NOTE: As much as I wish this was an Aprils Fools Joke – it unfortunately isn’t…)

According to this article from The Register, ZOOM seems to have lied to everybody regarding it’s security. They state here that they use «End-to-End» (E2E) encryption for all communication (a PDF of the page is HERE – they might alter their page soon).

Turns out: Nope. They simply use TLS Encryption for most of the communication.

Well, you might ask «what’s the difference»?

Simple answer:

  • With E2E, all communication between you and the person you call is encrypted directly between you and the person you call. There is, except if there’s a bug or a backdoor in the encryption method, no way that anyone can eavesdrop your communication. Examples for real E2E are Facetime, iMessage or Skype. For normal Voice Apps there’s Threema, Telegram and Signal as well.
  • Witz ZOOMs use of simple TLS, the communication is encrypted between you and ZOOM and then between ZOOM and the Person you call. This signifies that ZOOM can easely eavesdrop on any conversation.

Honestly, the only term that comes in mind here is: «Man-in-the-Middle-Attack». Sorry.

When asked, a spokesman of ZOOM told: «Currently, it is not possible to enable E2E encryption for Zoom video meetings. Zoom video meetings use a combination of TCP and UDP. TCP connections are made using TLS and UDP connections are encrypted with AES using a key negotiated over a TLS connection.»

This statement in itself is a blatant lie. E2E is very well possible for ANY kind of traffic – as many other (already names) Apps show day after day!

It’s just that they don’t want to because if they did, THIS would not be possible. According to Vice (where the link is bringing you) their app «[…] Sends data to Facebook even if you don’t have a Facebook account […]»

They disguise their real intent behind their App –and the only purpose of it seems to be snorkeling as much personal data as ever possible from anyone.

This Company clearly lost it big time! My recommendation is: DO NOT USE!

EDIT: We found ONE positive thing with the ZOOM App: The Uninstaller (hidden in the Application Directory on macOS (right mouse, «Show Package Contents») does seem to work pretty well!

Tuesday, March 31st, 1946LT

Seems like we’re not the only one interested in Zoom’s «Privacy Policy»… As the New York Times writes, the New York attorney general’s office is «concerned that Zoom’s existing security practices might not be sufficient to adapt to the recent sudden surge in both the olume and sensitivity of data being passed through its network». The letter goes on: «While Zoom has remediated specific reported security vulnerabilities, we would like to understand whether Zoom has undertaken a broader review of its security practices.»

And, just FYI: They already did update its privacy policy last Sunday (30th of March 2020) – so less than 24 hours after we brought this up (and no, I do not believe this has anything to do with us except the fact that we were «one in a million» starting to complain. I think that this complaint, filed by the EPIC (Electronic Privacy Information Center) did the trick in the end).

As for the question whether or not you can use Zoom now… the answer in my opinion still is: NO. Let’s wait and see with what they come up in the future. They have been way too ignorant, careless and impertinent to deserve our trust.

Tuesday, March 31st, 1158LT

This is nothing really new but might need some more attention by everyone: We see a rising number of attempts to spread malware using Cloud-Drives like Google Drive, OneDrive or WeTransfer. Please thoroughly check if you receive some dubious download links from Cloud-Shares.

It might look like this one:

  • Rule #0: Don’t try yourself how malicious those files are by downloading and «test» them. Unless you’re really up to the task you’ll end up with a crippled machine. Guaranteed!
  • Rule #1: If you don’t know the cloud service DO NOT DOWNLOAD.
  • Rule #2: If you don’t expect a Download-Link DO NOT DOWNLOAD
  • Rule #3: If ever possible stay away from personal cloud drives for transferring business documents.
  • Rule #4: If ever possible ONLY USE YOUR OWN CLOUD SERVICE INFRASTRUCTURE!

Monday, March 30th, 2159LT

We have had some funny events today. Some remarkable events did require us to evacuate services from one provider to another due to this. Yes, we have some services in the cloud, too. Luckily, the servers we run in the «cloud» are only proxy server systems without any data on it – but it harms accessibility quite a bit if your servers are up – but not reachable due to some proxy acting weird.

The current Status of OVH is not very promising at the moment, as the red’ish colors gives away quickly.

We continue to monitor our systems and are happy once we’re done with all this add-on work due to the current situation, believe me. And… luckily we don’t relay on one provider, too.

Nevertheless: All in our company have done quite some add-on hours in the last three weeks. Still, not comparable to HEMS, though.

Monday, March 30th, 0021LT

To all people asking whether they should wear a mask or a tinfoil hat (or maybe both):

Read This!

In short:

  • No, the Virus has not been the result of some biological lab tests
  • No, the Virus is not artificially crafted
  • No, the Virus is not from a weapon experiment
  • No, the Virus’ origin is neither the US of A nor Italy

… I might update this list if I see more conspiracy theories …

Sunday, March 29th, 2130LT

After my recent note on Zoom (see entry from March 29th) did indeed go a bit through the roof (honestly, I am really surprised how many people do read our «Blog», I thought it was just me, myself and I), some questions did reach us regarding alternatives.

Well… there are some.

  • Mac / iDevice Users can do group calls using FaceTime.
  • Skype is there, too (their privacy policy isn’t the best but still way better than Zoom’s).

And then there were some reader submissions I wasn’t aware of (I am outing myself as Apple User):

  • Whereby (it’s more expensive than Zoom, yes, but their Privacy Policy seems more up to the task stating: «We will never store any media sent between participants in a room. Customers who have access to the Recording feature will be able to record meetings, and they are then responsible for collecting consents from all participants in the meeting prior to starting the recording. They are also responsible for storing and processing the recording in compliance with regulations after downloading it from Whereby.»
  • FreeConference (a «Freemium Service», They do use Ads, though)
  • Jitsi.org – An Open-Source Platform, they state: «We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our site, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.»
  • And then, there’s Telegram. It’s not really a conferencing tool (but works on Mac, iDevices, Linux, Windows and Android)

BTW, if you think «WhatsApp is a great alternative». Well, it is not. It’s owned by Facebook and will upload all your contacts to facebook once agreed to. And they use them.

My favourite at the moment… hard to tell. Apart from Facetime it’s probably Whereby and Jitsi.

Sunday, March 29th, 1730LT

In the last 20ish years I have met a lot of people. Some are cool, some are the kind you need toilet paper for. Some come and go, some last forever.

One of those (he is freelance developer for us – and we are his helping hand in IT Infrastructure matters) has been around for at least 15 of those years. Met him by accident – and the contact and collaboration never really broke down despite the fact that he was moving all over Europe in the last 12 or so years. Well, in recent years he is a bit more steady (thanks to his family). Nevertheless, he is probably the one with by far the most stamps in his passport I know…

He is a fan of working with numbers and data. Because of the current situation he created a tracker to monitor the Corona Infection Numbers worldwide. Some data (like how many tests per 100’000 Inhabitants have been carried out) are hard to obtain and still missing – but nevertheless: This is a great approach, methinks!

Visit https://corona.padena.ch/ and have a look!

Sunday, March 29th 2020, 1253

If your system is down there’s a certain chance it’s not been hackers. It might, today, be due to the clock change.

Not all systems like tampering with the clock – and go on strike (thanks, EU).

Advancing the time, however, normally isn’t that big of an issue (reversing does create problems almost on all systems, though. They wo’t necessarily go down, but you’ll see weird error messages nevertheless).

I just finished checking all our customer systems and can report: «Mission accomplished».

Sunday, March 29th 2020, 0140LT

It’s either you or your computer that gets infected. Or both, Microsoft says. And don’t blame us, it’s due to COVID!

On the other hand: They can’t «fix» what hasn’t been broken, too.

Saturday, March 28th 2020, 1738LT

Well, it’s Saturday. Day six of the week. Nothing much going on here – except for some research.

As meetings have gone mostly virtual there are a few tools that are quite popular at the moment. When reading through the Terms and Conditions of some of those apps, at least one does stick out: Zoom.

Not only are they notorious for crippling Outlook on a regular basis. It seems like they actively use conversations for their own purposes, i.e. the old and annoying «make money fast»-approach. Regarding the «make-money»-part… well, they do. Not you. You, you are ripped twice, if that makes up for an excuse.

But first things first: According to their Terms and Conditions, they reserve the right to extract data from its users and their meetings and can work with Google and other ad networks to turn this personal information into targeted ads that follow the users across the web.

Their Privacy Policy states:

Whether you have Zoom account or not, we may collect Personal Data from or about you when you use or otherwise interact with our Products. We may gather the following categories of Personal Data about you:

  • Information commonly used to identify you, such as your name, user name, physical address, email address, phone numbers, and other similar identifiers
  • Information about your job, such as your title and employer
  • Credit/debit card or other payment information
  • Facebook profile information (when you use Facebook to log-in to our Products or to create an account for our Products)
  • General information about your product and service preferences
  • Information about your device, network, and internet connection, such as your IP address(es), MAC address, other device ID (UDID), device type, operating system type and version, and client version
  • Information about your usage of or other interaction with our Products («Usage Information»)
  • Other information you upload, provide, or create while using the service («Customer Content»), as further detailed in the «Customer Content» section below

We collect this data to provide you with the best experience with our Products. Mostly, we gather Personal Data directly from you, directly from your devices, or directly from someone who communicates with you using Zoom services, such as a meeting host, participant, or caller. Some of our collection happens on an automated basis – that is, it’s automatically collected when you interact with our Products.

AND

Zoom, our third-party service providers, and advertising partners  (e.g., Google Ads and Google Analytics) automatically collect some information about you when you use our Products, using methods such as cookies and tracking technologies (further described below). Information automatically collected includes Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referrer URL, exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data. We use this information to offer and improve our services, trouble shoot, and to improve our marketing efforts.

So, to phrase this out: «No matter what you do we’re with you and spy on you – to use this to know what kind of Pasta, Beer or Toiletpaper you buy. We know when you eat and when you do your «number two’s». And we know the exact composition of either of those as well as the weight».

In my opinion, this «Privacy Policy» is the wet dream of any Secret Service come true, no matter how impertinent he is.

And it’s not that this app is really free at all, Nooooo! If you want more than 1:1 Meetings you need to pay a whopping $14.99 per Month and per Host.

So, pay as you get spammed along. In practice, this makes almost a whopping $30.00 per User (because if you’re on it you most probably do not just call one person. And mind you, prices go up significantly higher.

Just to give you a comparable number: T-Mobile USA charges $30/Month for its «Essential» Service. This one includes:

  • Unlimited Data
  • Unlimited SMS and Calls
  • Unlimited Hotspot Usage

So, having a smartphone I am pretty sure there are way better apps to do conferencing than this one.

And… using Telegram or iMessage/FaceTime, the apps are spam-safe and feature about the same functionality.

And then, good old Skype (although digested by Microsoft) is still at your service, too.

Yes, there might be some more features on Zoom. But they come at a price, as you see. And that Price is pretty steep.

I am pretty sure at least some people just «panic-subscribed» to Zoom because they were in need of something, fast.

This is a reminder to always read privacy Statements. As always, panicking does the greater harm…

And if you’re not yet convinced that Zoom is a questionable choice: The Outlook Plugin has the same Terms and Condition as has the main application…

This application has the potential being the «golden Bullet» in terms of data security, privacy and/or compliance.

EDIT: The Register has published an article as well. They admittedly were a bit faster than we were (sorry about that).. Their verdict is: «[…] What Zoom’s current privacy policy says is worse than ‘You don’t have any privacy here.’ It says, ‘We expose your virtual necks to data vampires who can do what they will with it.'[…]»

Friday, March 27th 2020, 1950LT

Question (for all of you) to think over the week-end… (answers to: I-am-not-with-you-and-china-is-a-great-country-that-does-great-products-pr-and-has-the-best-privacy-laws-on-this-planet@compination.ch)

When choosing your partner to cooperate with, would you:

a) Choose someone whom you can trust, who’s loyal, delivers good quality (but at a price)

OR

b) Choose someone who’s suppressing his employees, is a control-freak, doesn’t communicate in a honest matter, stabs you in the back as soon as you turn around (but is very cheap)?

It seems like the world has chosen b). Why? Read this! and this!

Well, not all of the world, for sure. But part of it for sure did. And the rest of us is paying the price now.

Nevertheless: Enjoy your weekend!

Friday, March 27th 2020, 1732LT

As already mentioned below, several Cloud Providers seem to struggle fulfilling the current demand regarding storage capacity.

Status of current Cloud-Providers as of now:

  • Compination Hosting: Full.

Wait! What?

vol size -vserver <StrgVM> -volume <vol_name> -new-size +<Amount_in_GB>

Done. Problem solved. Thanks, NetApp!

So. In our case it wasn’t bad capacity planning but our admin (which is yours truly) did over-nap it (and obviously ignored the warning mails coming to his inbox…).

On one server we did run into a slight glitch today – but with our flexible storage system and infrastructure we were able to solve this before our customers found out and flooded our ticket system (you need to be lucky sometimes) 🙂

Friday, March 27th 2020, 1437LT

NetCraft has collected a nice list of malware / fake news / phishing examples…

Again: Don’t click on any attachment / link in your mailbox if you’re unsure!

… to everyone out ther that takes part in those malicious actions: You’re a scumbag.

Friday, March 27th 2020, 0816LT

In recent days, more and more news portals start to debate whether or not the government should be allowed to track mobile phones in order to trace back 0-Patients. From an epidemic point of view this is understandable. Some ideas even say that this should be carried out globally (and some even want to execute this through privately held companies). From a security and privacy point of view there are several pitfalls.

Technology and methods that have been introduced won’t go away after this crisis has been resolved. This will continue to have an impact on our privacy.

Tasking a privately held company to do so is even more risky because… honestly: Show me one of the larger companies that didn’t take part in a bitter f-up in the recent years. Data Security has been breached at least once for almost every financial institution in recent years. In addition, any privately held company has to comply to regional laws making it very hard to guarantee privacy even further.

In addition, I don’t think that this will be of very significant help there. In my personal opinion, the only thing that helps there is if people are clinically tested on a regular basis. You don’t have to test every single person but we should think of testing at least one person per household / school class / company department / etc.

Don’t get me wrong: Technology is a wonderful thing. But this approach creates too many «unknown risks» for all of us – and not just those that belong to a risk category.

Thursday, March 26th 2020, 1238LT

All quiet on the western front. Well, at least not worse than the previous days, as it seems. We still see attacks to VPN Gateways, we still see that people are trying to use the chaos for their own agenda. Nevertheless, after some slight hickups with two proxy servers our datacenter stays online (as long as electricity works our chances are pretty intact it stays that way).

We have seen up to 1600 concurrent VPN Sessions this week – which clearly shows our customers seem to be mostly at home. We might, for future configurations, probably change one or two parameters. We’re still investigating it but at the moment we don’t really see it being urgent in any way.

Stay safe! Stay at home. Keep your workstations up2date. Don’t click on links you don’t know the origin!

Wednesday, March 25th 2020, 2311LT

If yesterdays news about Azure being full is not bad enough for your likings you may check out this:

India is under a complete lockdown!

And, if you remember where Development and support organizations mostly staffed their helpdesks in the past 20 years you will ask yourself how this is going to work.

The short answer is: It probably won’t. Especially hardware vendors don’t have many European staff left – and if they do they might be overrun by the number of open support tickets. Customer satisfaction is critical – depending on a (currently closed) office creates a massive problem.

Mix that with something called «Service Level Agreement» and you will slowly get what impact this has on the complete industry.

The Register writes: «All IT projects that can be shelved will be shelved until at least 2021. Software vendors must prepare for a tough year where very little net new business will be won before the final quarter.»

If, or not, «Cloud» is the correct answer to this rests to be answered. We clearly doubt it after Azure being full yesterday.

Tuesday, March 24th 2020, 1648LT

What happens if you need to run one of the biggest cloud services and try to squeeze your revenue figures?

One answer could be: You could run out of space: «The Register» today features an Article where they write about issues of Microsoft Azure customers obtaining more space. But… how can that be? The answer is pretty simple: Storing Data in a Cloud-Datacenter proves not to be very efficient. Cloud Service Providers normally over-provision their allocated storage by a certain number. This is done by every cloud provider existing and isn’t a new thing. The question of over-provisioning is: How high do you fancy to gamble? It seems that, in the case of Azure, the Answer is: Too high. With all the Home-Office workers cut off of some resources required to share data many private azure drives usage seem to show a much higher usage. This gamble normally works because your supply-chain is working well enough to add new storage just-in-time it is required. However, in the current situation, supply-chains obviously don’t work that well.

We have had to cancel several on-site appointments because we couldn’t get access to the datacenters. Currently, only emergency services can be carried out – all project-work came to a stop.

As if this wouldn’t be bad enough… The aftermath of this will be to investigate how many confidential data actually was shared using private shares – and how big of a (legal) issue this will become. This has the potential to cause serious grief for many of the responsible persons.

From a security perspective this clearly is a nightmare!

Monday, March 23rd 2020, 2221LT

We are still seeing rising malicious activities against VPN and Cloud Services. We continue to make sure all resources stay online. One major issue though is that some network providers did cheat on their Homework – which shows decreased stability for several providers over the last couple of days. The weekend has been used to even further improve our network- system- and storage redundancy.

Thursday, March 19th 2020, 1147LT

«Two things are infinite: the universe and human stupidity; and I’m not sure about the universe.» (Albert Einstein)

Honestly, Guys: We have better things to do than defending systems from your DDOS and Hacking Attacks!

Wednesday, March 18th 2020, 0120LT

The DDOS and Hacking attacks have not yet stopped (nope, not the slightest decrease) – although we have been able to mitigate some of it’s effects and identify some of the source IPs (not least thanks to several ISPs pulling the plug on a large number of those that were identifiable. Some were too stupid to hide their identity by using their providers IP Address. Stupidity is endless).

To whom it may concern: This was just the first step. Legal actions will be taken / «are in the making».

One thing we’re observing as well is that some network providers are having problems keeping their networks stable while others seem not to have any problems so far. We currently don’t believe HomeOffice or Netflix are the reason for this as the homeoffice-addon bandwidth used is marginal – the distribution of the traffic is different, tough. Still… it looks like proper planning would, in many cases, have prevented the extremely poor performance some network providers present.

P.S: Currently active VPNs: ~120 (of >1200).

Tuesday, March 17th 2020, 1302LT

To all our users / cusomers: PLEASE KEEP YOUR SYSTEMS UP TO DATE! THIS! MATTERS! NOW!

and

DON’T TRY TO FIX THINGS THAT AREN’T BROKEN!

Thanks!

P.S: Currently active VPNs: ~920 (of >1200). Yes, we’re adding VPN-tunnels, too 🙂

Tuesday, March 17th 2020, 0116LT

This is highly frustrating. Since the announcement of the «special Situation» we have seen an INCREASE of attacks towards the servers maintained by us… FROM WITHIN  SWITZERLAND.

Guys, REALLY?

P.S: Currently active VPNs: ~80 (of >1100). Well, yes. It’s night right now.

Monday, March 16th 2020, 1217LT

We’re seeing a massive increase of attacks to VPN Servers and Remote Access Gateways right now… we will monitor the situation closely and start collecting all data (and will provide law enforcement with the data if necessary). So far, all Systems are up and running.

Also, VoIP Systems are being targeted right now.

P.S: Currently active VPNs: >800 (of ~1100).

Sunday, March 15th 2020, 1307LT

Please be aware: With the current lockdown some people try to take advantage of this situation.

  • Our Honeypot Mailbox has about twice the amount of dubious spams as before. Don’t click on any E-Mail you’re not 200% sure you know the origin.
  • We see massively increased activity trying to break into WordPress Blogs (if you haven’t updated yours: NOW is the perfect time!)

Some general rules as a reminder:

  • Only download software from the effective Vendor Pages
  • If unsure: DO NOT DOWNLOAD and DO NOT RESPOND TO MESSAGES
  • Stick to the official news and ignore whatever is sent over social media.

Some people out there are are clearly trying to create a fuzz.

P.S: Currently active VPNs: 128 (of ~900) – seems like a lot of people are working.

Saturday, March 14th 2020, 0917LT

Over the last 12 hours we have detected a massive increase in scanning activity against our systems. Most of the time, the typical Ports for PPTP are checked for but we have detected scan for OpenVPN Ports as well. So, to all Admins, please make 200% sure that you:

  • DON’T use PPTP-based VPNs (better no VPN than PPTP, sorry)
  • Have your VPN-Servers updated and secured

Friday, March 13th 2020, 1800LT

Corona and the VPN

Many of our customers main concern today was:

1) Do we have the possibility for our people to work using VPN?
2) How much do we need to invest in licenses?

For 99.9% of our customers, the Answer is:

1) Yes
2) Nothing

«Yes», because all of our customers have VPN access already configured per default (and yes, all of those access possibilities are up to date!)

«Noting», because 99.9% of our customers are happily served with either pfSense or OPNsense Firewalls.

And it’s not that they don’t have an option what VPN-flavour you want.

They can choose between:

a) OpenVPN
b) IPSEC
c) Wireguard

As we clearly state on our webpage:

* We HATE like Vendor-Lock-ins
* We HATE billing our customers for features that clearly are commodity.

So, for your «amusement»… here’s the VPN-counter:

Total Users connected using VPN (20200313 2202LT): 805

US-CERT CISA Information regarding VPN

CISA did publish AA20-073A: Enterprise VPN Security concerning preparations in the event of people need to access company data using VPN (or other remote access technologies).

They recommend:

The following are cybersecurity considerations regarding telework.

  • As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors.
  • As VPNs are 24/7, organizations are less likely to keep them updated with the latest security updates and patches.
  • Malicious cyber actors may increase phishing emails targeting teleworkers to steal their usernames and passwords.
  • Organizations that do not use multi-factor authentication (MFA) for remote access are more susceptible to phishing attacks.
  • Organizations may have a limited number of VPN connections, after which point no other employee can telework. With decreased availability, critical business operations may suffer, including IT security personnel’s ability to perform cybersecurity tasks.

Well, honestly: Better late than never. Again… our customers are already connected. For ages.

We strongly feel that VPN, today, is a commodity and should be treated as such.