TR-069 with Routers – Informing Isn't Always Best | linkcabinhttps://itsjack.cc/blog/2015/04/tr-069-with-routers-informing-isnt-always-best/Jeste k tomu RS-069 resp. serverum ACS poskytovatelu internetu
NZ Herald - Internet providers have backdoor access to customers' modemshttps://www.geekzone.co.nz/forums.asp?forumid=49&topicid=214760debata na Geekzone , kde tomu oponuji sebezvani "dlouholeti experti", co uz prej roky instalujou ACS , a tyhle clanky v mediich a sebezvani "bezpecnostni experti" jsou __kompletni__ bullshit.
trochu mi ty jejich posty pripominaji nyx.. kafemlejnek a ignorace toho podstatneho (okolo 70% ACS serveru podle statistiky pouziva HTTP namisto HTTPS) ci ze bezpecnost je ohrozena. oni tvrdi, ze narozdil od vsech oblasti IT, tenhle single point of failure zvany ACS pry neni zadne riziko. To zni samo o sobe jako bullshit, kdyz si tohle odvazi nekdo tvrdit, ze neni zadne.
Prumysl se mel chytit za nos, byt vic transparentni, jak je to zabezpecene, ne strikat ad hominem a demagogii
Nevim, co si o tomhle presne myslet, ale jiste ACS muze pomoct ISP rychle reagovat a uploadnout vsem lidem novy firmware se zaplatou....
... ale snaha zakryt pred uzivatelem routeru, ze tam neco takoveho vubec je.. je pro me varovny signal.. proc se to snazi zakryt?
TLDR: pri uspesne infiltraci onoho ACS serveru mohou byt zaroven infikovane vsichni klienti daneho poskytovatele internetuPenetracni testy firmy Check Point ukazaly, ze 100% testovanych ACS serveru poskytovatelu internetu uspesne nabourali.
Nabizi se otazka.. je tohle pripravena na nejaky kolektivni utok na internet vetsiny populace? Netransparentni chovani ten dojem vyvolava
--
Pro predstavu ten "bezpecnostni expert" ve skutecnosti je sef tohodle bezpecnostnich testovani v korporaci Check point...
Kdyz penetracni tester dela prednasky o tom, kde se snazi nejen odborniky ale bezne laiky varovat pred touto dirou, ziskal mou pozornost. Malokdy tihle ruzni penetracni hackeri tvrdi, ze neco ma vedet laicka verejnost.. krom apelu na dobra hesla.
Nevim.. mozna zbytecna panika... a ano.. bez ACS nedojde k automatickem upgradu firmwaru, takze ma to svuj ucel. Hlavne pro laiky. Ale proste mi to nejak smrdi
Pro predstavu o kredibilite ono Shahara Tala uvedu nejake linky:
Check Point odhalil podrobnosti o celosvětové kyberšpionážní kampani, přichází z Íránu | Hospodářské noviny (HN.cz)https://ictrevue.hn.cz/c3-64868460-0ICT00_d-64868460-check-point-odhalil-podrobnosti-o-celosvetove-kyberspionazni-kampani-prichazi-z-iranu„Tato analýza poskytuje cenný pohled na povahu a cíle globální kyberšpionážní skupiny,“ říká Shahar Tal, Research Group Manager, Check Point
O CheckPoint slychame v mediich jako seriozni zdroj a Shahar Tal, je skutecne tim, kdo tvrdi, ze je..
https://www.linkedin.com/in/getthingsdone/jeho linkedIn
Pro pochopeni, ze se tu zjevne nejedna o nejakeho potulneho hackera, co si vybral par nejakych slabsich ISP, a dela velky vlny, ze tam meli diru.
Check Point - Wikipediahttps://en.wikipedia.org/wiki/Check_PointCheck Point is an American-Israeli multinational provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security and security management.
As of 2021, the company has approximately 6,000 employees worldwide.[5] Headquartered in Tel Aviv, Israel and San Carlos, California, the company has development centers in Israel and Belarus and previously held in United States (ZoneAlarm), Sweden (former Protect Data development centre) following acquisitions of companies who owned these centers. The company has offices in over 70 locations worldwide including main offices in North America, 10 in the United States (including in San Carlos, California and Dallas, Texas), 4 in Canada (including Ottawa, Ontario) as well as in Europe (London, Paris, Munich, Madrid) and in Asia Pacific (Singapore, Japan, Bengaluru, Sydney) .
History
Check Point was established in Ramat Gan, Israel in 1993, by Gil Shwed (CEO as of 2016), Marius Nacht (Chairman as of 2016) and Shlomo Kramer (who left Check Point in 2003).[6] Shwed had the initial idea for the company's core technology known as stateful inspection, which became the foundation for the company's first product, FireWall-1; soon afterwards they also developed one of the world's first VPN products, VPN-1.[7] Shwed developed the idea while serving in the Unit 8200 of the Israel Defense Forces, where he worked on securing classified networks.[8][9]
Initial funding of US$250,000 was provided by venture capital fund BRM Group.[10]
In 1994 Check Point signed an OEM agreement with Sun Microsystems,[7] followed by a distribution agreement with HP in 1995.[11] The same year, the U.S. head office was established in Redwood City, California.
By February 1996, the company was named worldwide firewall market leader by IDC, with a market share of 40 percent.[12] In June 1996 Check Point raised $67 million from its initial public offering on NASDAQ.[13]
In 1998, Check Point established a partnership with Nokia, which bundled Check Point's Software with Nokia's computer Network Security Appliances.[13]
In 2003, a class-action lawsuit was filed against Check Point over violation of the Securities Exchange Act by failing to disclose major financial information.[14]
On 14 August 2003 Check Point opened its branch in India's capital, Delhi (with the legal name Check Point Software Technologies India Pvt. Ltd.). Eyal Desheh was the first director appointed in India.
During the first decade of the 21st century Check Point started acquiring other IT security companies, including Nokia's network security business unit in 2009.[15]
In 2019, researchers at Check Point found a security breach in Xiaomi phone apps.[16] The security flaw was reported preinstalled.[17]
Check Point is presently focused on what it calls "fifth generation cyber security," or “Gen V.” It identifies the fifth generation as focused on large-scale and fast moving attacks across mobile, cloud and on-premise networks that easily bypass the conventional, static detection-based defenses being used by most organizations today.[18][19][20][21][22]
Over the years many employees who worked at Check Point have left to start their own software companies. These include Shlomo Kremer, who started Imperva; Nir Zuk, who founded Palo Alto Networks; Ruvi Kitov and Reuven Harrison of Tufin; Yonadav Leitersdorf, who founded Indeni; and Avi Shua, who founded Orca Security;
On 23 July 2020, Aryaka confirmed an alliance with Check Point Software Technologies to optimize the SD-WAN system operated by Aryaka Cloud-First, and Check Point CloudGuard Link and CloudGuard Edge to provide optimized protection and SD-WAN as-a-Service.[23]
Products
Check Point offers the following primary products:
Network Security
Software Defined Protection
Public and Private Cloud Security
Zero Trust Remote Access
Data Security
IoT Security
ThreatCloud
ThreatCloud IntelliStore
Virtual Systems
Endpoint Security
Mobile Security
Security Management
Document Security (Capsule Docs product line)[24]
Zero-day Protection (SandBlast appliance product line)[25]
Mobile Security (Mobile Threat Prevention product line)[26]
Acquisitions
Check Point offices, Tel Aviv
Zone Labs, makers of the ZoneAlarm personal firewall software, in 2003, for $205 million in cash and shares.[27]
Protect Data, the holding company for PointSec Mobile Technologies, in a cash deal valued at $586m in late 2006.[28] Prior to their acquisition by Check Point, Protect Data acquired Reflex Software.[29]
NFR security, an intrusion prevention system developer, for $20 million in late 2006, following its failed plan to acquire the larger IPS vendor Sourcefire.[30]
Nokia Security Appliances division was acquired in April 2009.[15]
Liquid Machines, a data security startup company based in Boston, was acquired in June 2010.[31]
Dynasec, a provider of enterprise governance, risk management, and compliance products, was acquired in November 2011. Dynasec offers a Web-based enterprise application, branded as Easy2comply, for Sarbanes-Oxley compliance, Basel II compliance, operational risk management, information security management, HIPAA compliance, and internal audit management.[32]
Hyperwise, an early-stage startup focused on CPU level threat prevention, was acquired Feb 2015.[33]
Lacoon Mobile Security was acquired in April 2015.[34]
Dome9 was acquired in October 2018.[35]
ForceNock was acquired in January 2019[36]
Cymplify was acquired in Dec. 2019 [37]
Protego Labs was acquired in Dec. 2019[38]
Odo Security was acquired in Sep. 2020[39]
Avanan was acquired in August 2021[40]
Spectral was acquired in February 2022[41]
In 2005, Check Point tried to acquire intrusion prevention system developers Sourcefire for $225 million,[42] but later withdrew its offer after it became clear US authorities (specifically, the Committee on Foreign Investment in the United States ) would try to block the acquisition.[43]
je to asi relevantni (ze CheckPoint nejsou zjevne zadna orezavatka, jejich nazor by nemel byt relevantni), protoze mi kamos rekl, ze ho nezajima, co rika nejaky "nymand", zatimco ISP (jako Vodafone, T-Mobile,...) jsou prej ohromne korporace, ktere urcite vedi, co delaji.
Duverujeme Microsoftu, Apple.. ok.. ale duverovat ruznorodym ISP, ze maji nakonfigurovane bezpecne, je uplne jina vec, jak rika i pan Shakar Tal. Vola po vetsim zamereni se na bezpecnost. Neni apriori proti.
---
Opet.. tahle technologie ACS ma jiste sve nepopiratelne vyhody, ale chybi mi transparence. Jakym zpusobem je to zabezpecene, testovane na bezpecnost atd.
Namisto snahy to zakryt nebo i branit normalne volne diskuzi, kritice.. Jak vidim tenhle pattern, uz to samo o sobe smrdi
----
Takze si to tu odlozim, pokud mi to bohove dovoli :-)
Ja na to natrefil fakt ve snaze o ACS najit informace pri konfiguraci vlastniho routeru..
(Disclaimer: Jinak ty moje komentare k tomu.. cilem je slozitejsi pomoct priblizit, zestrucnit do zakladnich bodu... ta prednaska ma pres 1 hodinu.... v IT networkingu jsem laik. ACS jsem nikdy nekonfiguroval, ale nelibi se mi arogantni reakce onech expertu.. na takove rovine "je to v pohode, nerozumis tomu, drz hubu" by bezpecnost milionu pocitacu po svete fungovat nemela. 100% ACS serveru, ktere Check Point testovali, mely diru. Vsechny ktere testovali. Pry uplne vsechny.)