Listen to Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and Terry Cutler as they talk about the U.S. Justice Department seizure of 48 internet domains of crooks offering DDoS-for-hire services, a Canadian supermarket chain Empire Co. said they might have to take charge of $25 million financial costs not covered by cyber insurance. Personal information of customers who dined in restaurants that use the SevenRooms customer management platform is being offered for sale on the Internet…and more.
You can listen to the full podcast here.
Howard: Joining us now from Montreal is Terry Cutler. Let’s start with Samba. The Samba project issued four patches to plug vulnerabilities. First, what is Samba?
Terry: In a nutshell, Samba is the standard interoperability suite that allows integration of both Linux and Windows. This will enable IT administrators to link Linux and Unix servers and desktops into Active Directory. This way, administrators can manage setup and configuration from one place. Many large companies deploy Linux because it takes fewer resources and it’s more stable than Windows, in my opinion. The challenge is finding Linux experts to manage these things. One of the reasons why some get installed is so they can be centrally managed.
Howard: How serious are the four vulnerabilities that the Samba project identified?
Terry: By default, Samba will accept connections from any host, which means that if you run an insecure version of Samba on a host that’s directly connected to the internet, you’re especially going to be vulnerable. But here’s where it gets worse: If the Samba server is misconfigured and allows unauthenticated users to connect, then an authenticated attacker could leverage a cryptographic flaw. This will enable the security feature to be bypassed in Windows Active Directory. Attackers can leverage a Linux box to access a Windows environment.
Howard: Do IT departments that generally run Samba well-configured?
Terry: In my opinion, it’s not always safely configured. We’ll often find configurations that are set for anyone, so it’s like a general public folder where anyone could upload malicious content to that folder, and then somebody will open it. We’ve seen it in a case where it was vulnerable and could be exploited.