8 comments

[ 3.9 ms ] story [ 33.1 ms ] thread
What the hell is that shitshow of a blog. It seems the story goes on, but divided into many disjointed posts.

The presentation made me doubt if the research is legit or if this is just someone drawing the wrong conclusions and throwing it together in yet another Wordpress blog...

I agree. Very poorly written and difficult to follow
The technical details are a complete mess too.

>This specific kind of fingerprint is relatively new and known as the "hassh". It is as follows:

>8e:c3:91:a4:f6:c0:b3:66:01:e9:85:a9:da:a6:24:f9

That’s a regular SSH key fingerprint, not a “hassh”.

So Granicus posts online streaming video of every gov agency in the country basically. They have their own custom hardware to do this too that sites inside of gov datacenters it seems.

Apparently they left open their main production database a few months ago. The issue here though seems to be that even now they require all these agencies to whitelist on all ports their two /24 "remote support" subnets.

He pulled an SSH key from one of the remote support servers and found it also on dozens of Chinese servers...

After Googling, 8e:c3:91:a4:f6:c0:b3:66:01:e9:85:a9:da:a6:24:f9

appears to be the default public key for a juniper firewall. I could be wrong but I don’t see anything nefarious.

Obviously you should change your default key and you probably shouldn’t whitelist huge IP ranges.

Wow.. this is one of the most egregious data breaches i have seen in awhile. How could governments be so mislead to get caught up with companies like this.
This seems pretty threatening and dangerous even for todays low security expectations. My guess is that the company acquired too many assets, they didn’t know how to manage them all. Now the whole company's IT system is just a "conspiracy of optimism" for their customers.
The entire Emergency Alert System for the US is bizarre. Onsolve and GovDelivery totally dominate it. They seem to have barely any engineering talent on LinkedIn.

GovDelivery, I think the same as Granicus, has always been plagued by mass spamming accusations. This comes up on reddit occasionally.

Either way, the video streaming servers, they are just what Elemental Technologies offered before they were (super allegedly) hacked by the PLA to get at Apple and Amazon in the Bloomberg article last year...