Archive for the ‘IT Advice’ Category

Security Threat to Monolith Gateway Products

Sunday, June 2nd, 2013

R’lyeh Consulting has become aware of attempts made by illiterate hominids to compromise the integrity of Monolith Gateways deployed in remote sites. The attempts seem to be denial-of-service attacks with an eye towards physical damage to the devices.

The attack signature involves the illiterate hominids forming a band around the base of the monolith. The hominids then begin to scream and shout, which can interfere with Monolith transmissions in the range of audible sound. The hominids will also attempt to gain physical contact with the devices. The hominids involved in these attacks have been implicated in at least one murder, and are to be assumed to be armed and dangerous. Do not attempt to confront them if you discover them: Instead, contact R’lyeh Consulting for a proper response to their aggressive threats.

Grow Your Employees

Monday, May 27th, 2013

The guys from Sith Consulting sure have their sizzle and flash. Double light sabres, near-robotic suits, lightning shooting out of their fingers… they look like total pros, right? They sure do some high-profile jobs and have a great PR engine, but what happens when something goes wrong? What then?

They lose a guy and they’re down 50% of their billable staff. Lose two, and they’ve got no bench to fill in the gaps. Problem with Sith is that they don’t hire anyone but superstars. If they can’t pinch a rising talent somewhere, they’ve got nothing in their pipeline. That can leave them in the ditch, hurting badly.

Meanwhile, at R’lyeh Consulting, LLP, we’re all about working with our entry-level guys and growing them into senior staff. We don’t go around stealing people from other organizations, they come to us. Let me give you an example.

R’lyeh Consulting has had a lock on the Innsmouth, Massachusetts market. We’ve been the only player there for years. One day, a competitor arrived. The local branch was agitated about that development, to say the least. But I advised a cooler attitude: “Go easy on him. He might be one of us, one day.” And you know what? I was right. His perception of R’lyeh Consulting wouldn’t have been favorable if that Innsmouth branch hadn’t gone with my simple advice, and we would have missed out on a real performer. I’m glad to say that Robert Olmstead, that former competitor, has been with us for years and will be with us for many years more. He even convinced his cousin to join with us – and we always have room at R’lyeh Consulting for guys wanting to get started in IT.

True professional organizations have to be professional, through and through, not just in their most visible aspects. It’s not like Tyrannosaurus Rex sprang from the primordial ooze, ready to go into action, star player like that species was. It took 134 million years to get T. Rex ready to go, and not a moment sooner. Believe me, when I talk about growing talent, I know what I’m talking about.

Eregion Hardware Security Alert

Saturday, May 25th, 2013

If you have any equipment from Eregion, made by Celebrimbor, I strongly recommend you replace it as soon as possible. There are a number of known exploits noted on several of their flagship platforms, allowing them to be easily compromised.

Most importantly, if you have a Ring of Power from Eregion, dispose of it immediately. We know of full compromises on the Dwarf-king and Human-king models, but have not seen full compromises on the Elf-lord models. The Ring of Power exploit involves a backdoor admin account that allows full control of the device and anyone wearing it. Although no organization or individual has publicly claimed responsibility for the action described, forensics indicates a pattern consistent with Sauron, servant of Morgoth. The Dwarf-king models will basically allow Sauron to access the financial resources of the owner and operator of that kind of Ring of Power. The Human-king models create a sort of botnet, using the Human-king Ring of Power owners as the central server to send out instructions to large groups of men, wargs, orcs, goblins, trolls, and oliphaunts.

While the Elf-lord models are not totally compromised, users have noted suspicious activity in association with their usage, and that activity has been confirmed to be linked to Sauron. Use the Elf-lord models advisedly.

The source of the exploit seems to have been due to Celebrimbor’s employment of a certain employee, Annatar, in the manufacture of these lines. Due to lax screening procedures and security clearances, Annatar was able to gain access to the production process of the Dwarf-king and Human-king lines, where he introduced code for his admin backdoor. Later events showed that Annatar was none other than Sauron himself in disguise. We have confirmed that Annatar/Sauron did not have access to the production of the Elf-lord models, but was in the area at the time of their manufacture.

The second major alert deals with the “Door” line of secure gateway products made at Eregion. While Sauron was not involved in their making, it is clear that the lax attitude toward security at Eregion that allowed Sauron access to the Rings of Power line was also in evidence during construction of their Door line.

Specifically, the Door products have the administrative access password written on the exterior of the product, in plain view. This is a grave breach of security, and should be taken seriously.

We have also received reports of a line of traffic flow monitors called “The Watcher” generating false positives in conjunction with Eregion Door products. While Eregion did not manufacture Watcher systems, we do know of instances in which persons reported a Watcher shutting down a Door secure gateway after the same persons provided the password to gain access. It is also clear from the Watcher activity that it was set to delete traffic inbound or outbound from that interface. For this reason and the one given immediately above, R’lyeh Consulting, LLP, advises strongly to replace any and all Eregion Door secure gateway products.

R’lyeh Consulting, LLP, is able to provide aeons untold of experience and expertise in assisting you in securing what is most valuable in your enterprise systems. If you have Eregion products in your enterprise and need replacement systems, we can help.