Two keys to rule them all: Cisco warns of default SSH keys on appliances

Cisco revealed a security vulnerability in a number of the company's network security virtual appliances that could give someone virtually unlimited access to them—default, pre-authorized keys for Secure Shell (SSH) sessions originally intended for "customer support" purposes. As Threatpost's Dennis Fisher reported, Cisco has released software patches that correct the problem, but there's no temporary workaround for systems that can't immediately be patched.

Cisco released an advisory on the vulnerability on June 25. There are two separate SSH key vulnerabilities for the Cisco Web Security Virtual Appliance (WSAv), Cisco Email Security Virtual Appliance (ESAv), and Cisco Security Management Virtual Appliance (SMAv).

The first is that these virtual machines, which run on VMware and KVM virtualization platforms, share a default authorized SSH key for remote login. "IP address connectivity to the management interface on the affected platform is the only requirement for the products to be exposed to this vulnerability," Cisco warned. "No additional configuration is required for this vulnerability to be exploited."

Read 3 remaining paragraphs | Comments

Samsung promises to stop disabling Windows Update

Samsung has promised to stop disabling Windows Update on hardware using its SW Update software.

The behavior came to light earlier this week after debugger and reverse engineer Patrick Barker began investigating why Windows Update kept getting disabled—checking for updates but never downloading or installing them—on a misbehaving machine. Barker discovered that Samsung's SW Update was downloading a program called Disable_Windowsupdate.exe which, true to its name, was disabling Windows Update each time the system started.

Samsung's statement today says that the company will soon stop doing it. The company said that "Samsung has a commitment to security and we continue to value our partnership with Microsoft. We will be issuing a patch through the Samsung Software Update notification process to revert back to the recommended automatic Windows Update settings within a few days. Samsung remains committed to providing a trustworthy user experience and we encourage customers with product questions or concerns to contact us directly at 1-800-SAMSUNG."

Read 1 remaining paragraphs | Comments

Private investigator snooped on e-mail of Scientology critics

This afternoon, Eric Saldarriaga, a private investigator from Astoria, New York, will be sentenced in federal court for his part in a conspiracy to hack into the e-mail accounts of more than 50 individuals as part of his investigations. (He has pled guilty.) Among his victims are two prominent critics of the Church of Scientology, both of whom were recently featured in the book and HBO documentary film Going Clear.

Who were Saldarriaga's clients? That remains unclear; court documents haven't revealed it, and the transcripts of his guilty plea are still held by the court awaiting redaction. But both Scientology critics are now convinced that it was the church which set Saldarriaga on them. "There can be no doubt that one of Mr. Saldarriaga’s clients is Scientology," Mike Rinder, a former Scientology official and one of the victims notified by the US Attorney's Office, said in a written statement sent to the court.

Ars attempted to get a comment from a church of Scientology spokesperson, but did not receive a response in time for publication. We will update this story if we receive comment.

Read 16 remaining paragraphs | Comments