Big Router Hack, Citizen, Salesforce+, Star Wars hotel and more!

August 13, 2021 by
Big Router Hack, Citizen, Salesforce+, Star Wars hotel and more!
Lighthouse IT Solutions, Matthew Almendinger

The Lighthouse IT Podcast - August 13th, 2021

This week, we discuss a vulnerability in some home & small business routers, the new LOTR series, Salesforce+ the latest video streaming platform, Citizen an app for tracking crime, targeted banning services on Instagram, and Disney's new Star Wars themed hotels.

Listen here!


Home & Small Business Routers Vulnerability

  • A number of home and small business routers have been found vulnerable of a dedicates old directory traversal attack.
  • This attack uses accessing a directory that is not required to be secured (such as an image folder) and appending two dots (..). This is an indicator for operating systems that effectively means up 1 directory.
  • This means that you could access a private file by causing the web server to traverse up a directory without any encryption or authentication protection by visiting http://[router-address]/images/../secure-file.htm
  • Many devices running this base firmware also did not use proper authentication tokens, meaning once a secure file was accessed, that was enough to authenticate the session.
  • Affected vendors include: Buffalo and ASUS, but also ISP branded equipment such as Verizon, HughesNet and others (link to affected models and firmware available through Tenable in the story link).

Be sure to limit your exposure by not allowing remote access to the management console! And don't turn it on, especially if you don't know the person.


Nerd News: LOTR series set to premiere September of 2022 - first shot:


The video streaming service aimed at business professionals, Salesforce+

  • The service will be available for free anywhere on the web in September and it will launch as a standalone streaming app soon after.
  • It will debut globally during Salesforce's conference, Dreamforce.
  • The service is part of a greater effort to transition Salesforce's marketing approach from paid customer acquisition to owned and operated media.
  • The goal is that the content will help people refine their skills, while also creating an emotional connection to Salesforce.
  • The company even created Salesforce Studios to film and produce content.
  • It also hopes to eventually build a platform for professional content from its clients.
  • As of now, Salesforce has produced 6 original series that will debut at launch. Some programs, like "Leading Through Change" and "The Inflection Point," highlight work and challenges faced by corporate leaders. Others, like "Boss Talks" and "Simply Put," will focus on professional growth and building business skills.
  • There will also be four "broadcast channels" that include live programming from its events, with more than 100 hours of content to start. (Like Dreamforce.)
  • I think a lot of companies wish they could do this, but Salesforce actually has the resources to make it happen.


Crime-tracking app, Citizen

  • Citizen Protect is a private safety help line that uses smartphone features like location tracking.
  • When subscribers open the app, they can hit a button to call a "Protect Agent" via video, audio, or text. Agents are supposed to talk subscribers through unsafe scenarios and help callers navigate to a safe public place if necessary.
  • They can dial 911 or a designated emergency contact and provide location information from the caller's phone. And they can create a public Citizen incident with the subscriber's consent, alerting nearby Citizen users to what's happening.
  • "Protect Mode" sets the app to listen for a "distress signal" such as a scream.
  • Users can also shake their phones rapidly to connect with an agent.


Scammer Service Will Ban Anyone From Instagram for $60

  • Scammers are abusing Instagram's protections against suicide, self-harm, and impersonation to purposefully target and ban Instagram accounts at will, with some people even advertising professionalized ban-as-a-service offerings.
  • It appears that in some cases, the same scammers who offer ban-as-a-service also offer or are at least connected to services to restore accounts for users who were unfairly banned from Instagram, sometimes for thousands of dollars.


Disney's Star Wars hotel

  • Named the Star Wars: Galactic Starcruiser hotel, it will be pretty much only for people willing to spend some serious cash.
  • A two-night stay starts at $4,809 for two adults.
  • For a small cabin that is supposed to make you feel like you are in a spaceship, that's quite a price tag, especially when your windows are replaced with TVs.