https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/
In this report, we analyze a rootkit discovered in-the-wild that hides inside the iLO, cannot be removed by firmware upgrades and can be hidden from the sight for a long time. This malware has been used by hackers for some time and we have been monitoring its performance. As far as we know, this is the first report of the discovery of real-world malware in iLO firmware in the world.
...if I was such a Curtis I'd have had my account locked and left the scene....
Love that the name is now a common noun. Needs a Wikipedia entry.
*corrected
@dbeato Thanks. I'll give this a try over the weekend.
@travisdh1 I did, yes, however this was at the top of the page which prompted me to come here...
As the title says, I am trying to setup UNVR behind NGINX and wonder if anyone has a working config. I can get the webUI to show up but livestream or video playback is not working. My google-fu is failing me in trying to find which ports need to be part of my config.
Florida water treatment facility hack used a dormant remote access software, sheriff says
https://www.cnn.com/2021/02/10/us/florida-water-poison-cyber/index.html
@warren-stanley said in Miscellaneous Tech News:
Synology to enforce use of validated disks in enterprise NAS boxes.
And guess what? Only its own disks exceed 4TB
NAS spinner's drives are Toshiba tin with custom firmwareSynology has introduced its first-ever list of validated disks and won’t allow other devices into its enterprise-class NAS devices. And in a colossal coincidence, half of the disks allowed into its devices – and the only ones larger than 4TB – are Synology’s very own HAT 5300 disks that it launched last week .
https://www.theregister.com/2021/02/02/synology_enterprise_nas_drives/
Can't find any media release other than the article you pointed to. Looking at the Synology site, while it's true they have removed a ton of drives from their compatibility list, I'm not yet seeing anything suggesting they would not work without a "compatible" drive. Will have to keep an eye out.
@mlnews said in Miscellaneous Tech News:
Google tries to allay Fitbit-deal privacy fears
Google has completed its acquisition of Fitbit and tried to reassure users it will protect their privacy.
The search giant bought the health-tracking company for $2.1bn (£1.5bn) in November 2019 but faced questions from regulators. Following a four-month European Commission investigation, it agreed not to use health and location data from Fitbit devices for advertising. The deal was then approved by authorities in December. In a blog, Google said the acquisition "has always been about devices, not data". "We've been clear since the beginning that we will protect Fitbit users' privacy," it added, promising the commitments given to the commission, which it must keep for 10 years, would be implemented globally.
Bahahaha. Google + protect privacy = Annihilation. This is like matter and antimatter in the same space.
@DustinB3403 said in NGINX Just Stop Working:
@NashBrydges said in NGINX Just Stop Working:
Thanks to everyone who participated!
Is this the age of "everyone gets a trophy" I want praise for sitting here watching with my
!
Glad you got it working
Yes, I'm big on participation ribbons. Lol
Wanted to close the loop here. I've recreated the server and refetched all my certs. It's been working well for the last 2 days. Fingers crossed it stays that way.
Thanks to everyone who participated!
@siringo said in What Are You Watching Now:
@ITivan80 said in What Are You Watching Now:
@NashBrydges Tenet was very confusing it reminded me of Interstellar. I have to keep watching it to get it
Great, i'm looking forward to watching that, I love mind benders ...
Yeah, after I watched the first time, I knew I'd have to watch it again to get the full effect. I may be slower than others but took me a while to fully grasp what was happening.
@scottalanmiller said in Miscellaneous Tech News:
Bottom line, if Google Project Zero discovers a vulnerability, and chooses to hide it from me, and I get compromised because they were complacent (or whose), I think that there is criminal culpability. If they research the software that I am running, that's fine. If they find a vulnerability, though, telling me makes them innocent, not telling me makes them guilty. If you are going to do security research you have ethical responsibilities and, hopefully, criminal ones as well.
What's the legal statute that you are referencing when making this statement about criminal culpability?
Truly asking.
@scottalanmiller It's too large to upload the output here so uploaded a text file to Box and sharing link here. This is a simple txt file.
@scottalanmiller Yeah, those log messages are in the syslog file in Ubuntu. The only log entries in syslog are related to when I rebooted the server. GREP output is too large for those related nginx entries in the log for me to post here but just reviewed every line and no errors that I could find.
@scottalanmiller said in NGINX Just Stop Working:
grep nginx /var/log/messages
/var/log/messages
Does not exist.
@scottalanmiller Well at this point I'm looking at any log that has "error" in the name. Lol
@black3dynamite I'm not seeing any evidence of this failing in the letsencrypt.log file syslog or nginx logs (both access and error). Would those logs be elsewhere? Obviously I don't want to have to manually renew certs.
