Why do I like to use outdated technology

Outdated internet technologies are security risks

The security landscape is constantly changing as adversaries keep finding new techniques to attack companies and people. As a result, defenders adjust their game to stay one step ahead of the criminal mind.

At the same time, many older Internet protocols are still in use. These zombie internet standard protocols still haunt 21st century IT users. Here are the three worst log zombies:

Protocol zombie Telnet

F-Secure's report on the attack landscape for the first half of 2019 shows that the majority of the attack traffic with 760 million events was attacks against the Telnet protocol. This is also used by insecure IoT (Internet of Things) devices.

Telnet was replaced by more secure protocols on servers across the industry in the 1990s. In practice, unnecessary ports, protocols and services for securing devices are removed and hidden. However, the Internet of Things is bringing Telnet back with a vengeance. This is one of the reasons why IoT is often referred to as a “cyber security nightmare”.

The Telnet protocol developed in 1969 stands for "Teletype Network ”and is used by administrators or other users to access computers remotely. Security wasn't as big of an issue before the bandwidth and connectivity explosion of the 1990s as it is today. Most of the users of networked computers were within the computer departments of academic institutions or in large private and government research institutions.

Fennel Aurora, F-Secure Security Advisor, explains:

There is no good reason for IoT to deploy the Telnet protocol. It's been dead for 20 years. While this was a secure protocol like Secure Shell (SSH), there is no good reason to offer a remote access port for the refrigerator or coffee maker on the internet.

This apparent lack of basic hardening by the manufacturers is extremely negligent. Unfortunately, we will continue to experience this kind of irresponsible consumer risk from IoT manufacturers. Only when the consumer protection laws for the safety and data protection of IoT devices are as strict as those for toxic toys and the risk of fire in the home will more security occur.

Old SSH versions are more of a flop than top

Secure Shell, which was developed to replace Telnet, is a cryptographic protocol for the secure operation of network services over an unsecured network. It's a more secure replacement for Telnet. SSH's Finnish father, Tatu Ylönen, a researcher at Helsinki University of Technology, designed the first version (now SSH-1) in 1995. He developed it in response to a password sniffing attack on his institution's network.

SSH-2 was introduced as a standard back in 2006. While it is not compatible with the previous version, it does offer some security and functional improvements. However, three vulnerabilities were discovered in the versions from 1998 to 2008. In 2014, the magazine “Der Spiegel” published classified information in Germany that was made public by the whistleblower Edward Snowden. It has been suggested that the NSA could decrypt some of the SSH traffic.

A recent report from Alert Logic, a threat intelligence company, shows that adversaries are using ports 22 (SSH), 80 (unencrypted web traffic) and 443 (encrypted web traffic) to attack small and medium-sized businesses.

SAMBA - that's how Windows speaks to almost everyone

Server Message Block (SMB) - sometimes called SAMBA - is anything but a happy dance. It is a network communication protocol that allows files, printers, and serial ports to be shared between nodes on a network. Computers with Microsoft Windows operating systems use this protocol most often.

F-Secure's H1 2019 attack landscape report said the honeypots recorded 556 million events related to traffic to SMB port 445 during the reporting period. One particular SAMBA attacker: EternalBlue, a cyber attack exploit developed by the NSA that was published by the Shadow Brokers and used as part of the 2017 WannaCry ransomware attack.

Two years after WannaCry, related exploits are still popular. This is due to a large number of unpatched servers around the world.

The EternalBlue exploit allows attackers to remotely execute code on the target computer. This works because the SMBv1 server (SMB version 1) processes specially designed packets - a unit of data that is transferred between computers connected to the Internet. Often times, SMB is configured to be open to the Internet. Some of the older versions - the first from 1983 - contain many security flaws.

“The product manager for SMBv1 said it should sink forever because it's nightmarish crap,” tweeted SwiftOnSecurity, an author and health and safety officer. Microsoft Product Manager NerdPyle confirmed this statement in a response to this tweet.

For the record, the Product Manager for SMBv1 says you should smother it in the crib because it's nightmare bullshit. @NerdPyle

- SwiftOnSecurity (@SwiftOnSecurity) September 13, 2016

SMB version 1.0 has been replaced by versions 2.0, 2.1, 3.0, and 3.02. 3.1.1 was introduced with Windows 10 and Windows Server 2016. The encryption has been improved to support two AES 128-bit encryption standards, among other things.

More legacy from past Internet days

There are some more zombie logs from the internet's past. These logs should go off the Internet as soon as possible. If that were the case, the Internet of Things would become a lot safer. But there are more mistakes that are made over and over again:

  • FTP
  • SFTP
  • SCP
  • NFSv1 / 2
  • Java RMI
  • Rservices
  • SNMPv1
  • Weak, hard-coded, or no passwords
  • MFA not activated
  • Encryption not activated
  • Outdated, unpatched software
  • Unused software will not be uninstalled

 

Safety advisor Fennel Aurora concludes:

There are patches, but there are hundreds of thousands of computers running these old Internet protocols, some unpatched. Less is more when it comes to safety. We always want to reduce the attack surface. Connecting millions of random, unhardened, open devices to the internet is the opposite of security. There are vaccines against all of these zombies, we just have to get the manufacturers to use them.