SSH! Data’s Moving.
Maybe it’s like the noise level in a library, data in motion. Perhaps it sounds more like a gurgling faucet or the whoosh of a crashing wave.
What we do know is that data in motion needs encryption. Don’t leave home without it.
Back in the nascent Internet 90s, we used Telnet. That’s a protocol that enabled communication without encryption. You could connect to a site via a port (default is 23) on that site and do text-based conversational and programmy things with other connected people. In the earliest of early days, we were connecting via command line to IP addresses instead of the more familiar DNS names – like heathernoggle.com. So, no pictures, SEO, and CSS – just text and people communicating via typing.
We got smarter, of course, and moved to SSH and replaced Telnet. That’s typically port 22, so we moved next door as communication like this increased.
SSH stands for “Secure Shell” and uses cryptography…hence, encryption. Secure communications – we’ll leave the “shell” part for another conversation that’s more technical. An early free “client” (program that can facilitate this communication) was PuTTY, with versions available for both Windows and Unix (predating Linux).
Modern communications have moved beyond that program – many commercial options. I’ve touched most of the data integration evolution, including AS2 for messaging and now more modern methods.
But that’s not what this is about. We know we need to encrypt our communications, so we use SSH instead of Telnet and secure our websites with SSL/TLS, which includes the secure login and other interaction. Modern programs make technical communication easy. Programs like…OpenSSH’s server that operates specifically on “glibc-based Linux systems”
There’s a vulnerability whose information was recently released that can grant attackers full god-like access to machines running this program. Ack, right! Some detail.
· Operating system – glibc-based Linux – GNU Lesser General Public License – written in the C language (which I still have nightmares about) – widely used in Linux
· Default configuration – so the server’s not hardened, or specifically configured to reduce vulnerabilities
· Older versions of the software are running
Fastest remedy? Update your version of OpenSSH if you control a server using it.
Upon successful exploit, an attacker (without logging in) can run code – called remote code execution. Sitting in a basement in Bangladesh, Bermuda, or Boston. That person effectively owns the machine then.
Now, you’re thinking, “I don’t use Linux” – but if you’ve got a website, maybe you do. Many modern webservers run it.
As with all Internet-connected things, there’s a risk. It helps when you understand that you’re connected to these risks because you’re connected to the Internet.
This vulnerability has been cheekily named RegreSSHion. It’s high severity but rather easy to remedy with that software update.
Some excellent geeky details from Palo Alto - https://unit42.paloaltonetworks.com/threat-brief-cve-2024-6387-openssh/
So, SSH. But do so with updated software if you’re using OpenSSH. TransmiSSHion complete.
To Whom Are You Speaking?
Yeah, I’m talking to (with) you! Writing voice changes based on perceived audience. So, when you’re writing, whom do you want to attract?
I talk like this naturally. The dialogue in my brain debating itself sounds like this.
College professor voice is in there, too, somewhere, as is “I want this paper to be DONE” voice (also known as “the voice ChatGPT has copied from strong writing high school students everywhere”).
There’s “Now Hear This” voice. Dripping sarcasm rant voice…which I use sparingly, though it can be funny. I once wrote a diatribe about a young woman (when I was also a young woman) wearing “Juicy” across her rear, and it showcased my disdain for branded rear ends. Though correlation is separate from causation, people are now branding their arms, legs, and torsos more often than their rears. Someone can make an arrears joke now.
And thus concludes the writing and grammar section of this newsletter. Maybe get out a voice recorder app and see how much writing you can do without ever typing a thing. Practice your voices. Be you.
Where’s Heather?
Recent: Senteon Managed Endpoint Hardening webinar with Zach Kromkowski . https://www.youtube.com/watch?v=GJ5p2kYOzwQ – expect more Heather and Zach conversations in the future.
Tomorrow I am giving a multigenerational workforce talk with a local county.
I also wrote two articles that are live on Elnion:
🖋️Meet the Entity List - https://elnion.com/2024/07/01/meet-the-entity-list/ - about the trade compliance machinations regarding the sanctions of Kaspersky
🖋️Cyber Security and the Half-Life Continuum – well, you just have to read that one to find out. https://elnion.com/2024/07/08/cyber-security-and-the-half-life-conundrum/
I keep a full list – at least of recorded speaking - on https://www.heathernoggle.com/speaking.
Digital Grandma Strikes Again
ChatGPT refused to put clothing on her. I asked, and after about 6 iterations beyond this where she got more muscular and wore less and less , I said...
So, Digital Grandma. The above is NOT me - it's how ChatGPT seems to think digital grandmas should look).
Songs are dropping weekly, seems. From the sky – fully formed (kinda) with silly cybersecurity themes and symphonic metal melodies.
Best place to find them all is https://www.heathernoggle.com/digital-grandma. The page even explains the silly name.
Last week was (What is an) Asset? Rumor has it this week’s may have something to do with the newsletter’s main article. We’ll see.
Probably building a LinkedIn page for Digital Grandma to separate that fun, silly endeavor from more workable work.
Speaking of which…
Hire a Noggle to Write About Technology
I’m Heather Noggle, and I’m happy to sign all Noggle Magic cards, though I like the Noggle Ransacker least. Also, I actively seek other Noggle-named individuals and might someday start the Noggle Braintrust Assembly – y’know, the NBA.
By day and sometimes in the middle of the night, I’m working on bolstering the cybersecurity workforce. To quell the massive amount of mental dialogue, I write. And with that, I’m happy to write for you about where people, technology, and your products meet, so let’s talk about it, or at least expect I might reach out to talk about it with you.
Because that’s not enough, I serve on a couple of boards, do multigenerational workforce training, and also consult with tech founders about core branding language that speaks to their business (and sometimes consumer) human audiences.
Cybersecurity companies – specifically looking at you. Other technical companies, we can be friends, too.
Planning late 2024 and early 2025 speaking as well. Looking for a podcast guest? We’ll have an interesting conversation.
See you everyday and in 2 weeks.
Senior Managing Director
5moHeather Noggle Fascinating read. Thank you for sharing
Info Systems Coordinator, Technologist and Futurist, Thinkers360 Thought Leader and CSI Group Founder. Manage The Intelligence Community and The Dept of Homeland Security LinkedIn Groups. Advisor
5moGreat subject SSH is such a great and yet insecure tool
Tech-Savvy Security Specialist: Driving Innovation and Excellence in Risk Mitigation and Strategic Operations | Sec+ | NERC CIP | IT Communications Specialist | FEMA/NIMS | Linux | Junior Pentester | MCCoE Intern
5moHeather Noggle, it says #aiimages, so yes. They are tagged, #tagged.
CEO Cybersecurity Boardroom ™ | CISSP, CISM, M.S.
5moThanks to the digital grandma!