rotten news relay - comp.os.linux.misc - Re: RADIUS Server Now Severely Compromised

Subject: RADIUS Server Now Severely Compromised
From: 186282@ud0s4.net
Newsgroups: comp.os.linux.misc, alt.security, alt.survival
Organization: vector apex
Date: Wed, 21 Aug 2024 07:54 UTC

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!border-2.nntp.ord.giganews.com!nntp.giganews.com!Xl.tags.giganews.com!local-1.nntp.ord.giganews.com!nntp.earthlink.com!news.earthlink.com.POSTED!not-for-mail
NNTP-Posting-Date: Wed, 21 Aug 2024 07:54:58 +0000
Newsgroups: comp.os.linux.misc,alt.security,alt.survival
X-Mozilla-News-Host: news://news.west.earthlink.net:119
From: 186283@ud0s4.net (186282@ud0s4.net)
Subject: RADIUS Server Now Severely Compromised
Organization: vector apex
Date: Wed, 21 Aug 2024 03:54:57 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
Thunderbird/78.13.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Message-ID: <dNycnVJYc4HPAFj7nZ2dnZfqnPSdnZ2d@earthlink.com>
Lines: 88
X-Usenet-Provider: http://www.giganews.com
NNTP-Posting-Host: 99.101.150.97
X-Trace: sv3-bBi3eNtsJ4xGQLQq75rwz7bwFX4M/fKQu+XUfw2us/TdPZTakJ1+30YTVUiKAYHKPYvYwNW2pdWUM6h!fT0CmzAIMpgXP4CtxRtpQUqNtifC0wFJqGPYOzO6k/ac07OuDoJlqqTgVeWwB+5OZP5feBT3LkpQ!EmtxPJg6ZrWmlUuw5rz/
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly
X-Postfilter: 1.3.40

View all headers

https://techxplore.com/news/2024-08-scientists-vulnerabilities-popular-protocol.html

A widely used security protocol that dates back to the days
of dial-up internet has vulnerabilities that could expose
large numbers of networked devices to an attack and allow
an attacker to gain control of traffic on an organization's
network.

A research team led by University of California San Diego
computer scientists investigated the Remote Authentication
Dial-In User Service (RADIUS) protocol and found a vulnerability
they call Blast-RADIUS that has been present for decades.
RADIUS, designed in 1991, allows networked devices such as
routers, switches or mobile roaming gear to use a remote
server to validate login or other credentials.

The root of this vulnerability stems from the fact RADIUS
was developed before proper cryptographic protocol design
was well understood, the authors say. It uses an authentication
check based on an ad hoc and insecure construction based on
the MD5 hash function, which has been known to be broken
for two decades.

However, the RADIUS protocol was not updated when MD5 was
broken in 2004, the authors note. Before their work, the
maintainers of the protocol standards defining RADIUS
thought that the MD5-based construction used in RADIUS
was still secure.

.. . .

HOW many orgs/banks/etc STILL use this ???

Apparently quite a LOT - or we'd have not seen
this article ....

Anything these days needs to be triple-tough.
Russia/China/NK state-funded perps spend LOTS
of time looking for weaknesses and backdoors.
Huge damage can be done in a VERY short period.

We LIKE to think our online-whatever apps are
reasonably secure. Really, NOT true.

Whatever protocols/tricks they are always one
step behind the little hacks. 'Security' is
mostly REACTIVE, not proactive.

The reasons are partially based in willful
ignorance - but mostly in ECONOMICS. Changing
things, esp in Big Institutions, is just plain
hyper-EXPENSIVE and prone to BIG EXPENSIVE
PROBLEMS in the transition period.

So, 'security' is gonna ALWAYS be Behind The
Curve. NOT good. NOT Real. Just corporate/govt
BULLSHIT designed to dupe the masses.

Sorry folks, but we're essentially ALREADY in
an all-out Cyber-War with hostile govts. This
can do HUGE damage across a WIDE spectrum, all
at the push of a North Korean button.

Russia/China WILL use NK ... 'plausible
deniability' and nobody can DO much with NK ...

Fixes ? Yes, they exist - but, again, the $$$
and Customer Confidence issues .......

So ... we're gonna get SCREWED, BADLY, OVER
AND OVER AND OVER until all 'confidence'
totally crashes and we're back to the dark
ages.

How many piglets for how many turnips ?

No, I'm not trying to be funny.

At the very least, does your bank/broker/etc
actually KNOW YOUR FACE ? RECOGNIZE you and
the kinds of biz you do ??? Know your voice,
your history, yer relatives and such ??? For
anybody past the Boomers the answer becomes
increasingly "NO !". A wire-transfer from a
NK address with some arab-accent 'conf' ...
FINE With Them - they really don't/can't
know better ............

Subject: Re: RADIUS Server Now Severely Compromised
From: Shadow
Newsgroups: comp.os.linux.misc
Organization: A noiseless patient Shadow
Date: Wed, 21 Aug 2024 12:02 UTC
References: 1

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: Sh@dow.br (Shadow)
Newsgroups: comp.os.linux.misc
Subject: Re: RADIUS Server Now Severely Compromised
Date: Wed, 21 Aug 2024 09:02:12 -0300
Organization: A noiseless patient Shadow
Lines: 12
Message-ID: <inlbcjlkakqifog7vkofj6o934ocioinki@4ax.com>
References: <dNycnVJYc4HPAFj7nZ2dnZfqnPSdnZ2d@earthlink.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 21 Aug 2024 14:02:13 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="971d5b9bf4f892aa4aa8baf53b8a730c";
logging-data="4054866"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18+pTEnJUwlxqxvoJVia5k64kiuGRjEGeg="
Cancel-Lock: sha1:QRsKTRimxXh+AokcBTHHWrupjIY=
X-Newsreader: Forte Agent 3.3/32.846

View all headers

Many changes of mind and mood; do not hesitate too long.

comp / comp.os.linux.misc / Re: RADIUS Server Now Severely Compromised

Subject	Author
RADIUS Server Now Severely Compromised	186282@ud0s4.net
Re: RADIUS Server Now Severely Compromised	Shadow